Last Update 8:48 AM September 27, 2022 (UTC)

Organizations | Identosphere Blogcatcher

Brought to you by Identity Woman and Infominer.
Support this collaboration on Patreon!!

Tuesday, 27. September 2022

bitnation

FTX Acquires Voyager Digital’s Assets After Auction

Voyager Digital has finally auctioned off its assets, and the winner of the bid is popular crypto exchange FTX after a “highly competitive” bidding round was finally put to rest after numerous rounds that lasted for over 2 weeks. The $50 million figure from Bloomberg turned out to be wrong as FTX US’s bid to […]
Voyager Digital has finally auctioned off its assets, and the winner of the bid is popular crypto exchange FTX after a “highly competitive” bidding round was finally put to rest after numerous rounds that lasted for over 2 weeks. The $50 million figure from Bloomberg turned out to be wrong as FTX US’s bid to acquire the assets of Voyager Digital is valued at around $1.422 billion. The case with Three Arrows Capital, which also filed for bankruptcy this year, remains at rest with the estate, “which will distribute any available recovery on such claims to the estate’s creditors.”

Crypto lending platform Voyager Digital, which had filed for bankruptcy a few months ago, has finally auctioned off its assets, and the winner of the bid is popular crypto exchange FTX, which is headed by Sam Bankman-Fried, the white knight of crypto and a billionaire entrepreneur. The “highly competitive” bidding round was finally put to rest after numerous rounds and the world’s biggest crypto exchange, Binance, had also taken part in the same.

According to the official statement from the crypto lending platform, the auction process laster for over two weeks and the top two contenders were Binance and FTX, as per a report from Bloomberg. However, as presented by the media outlet, the leading bid was Binance’s which had placed a value of around $50 million on the lending platform.

“In-line with the process outlined in court filings, Voyager received multiple bids contemplating sale and reorganization alternatives, held an auction and, based on the results of the auction, has determined that the sale transaction with FTX is the best alternative for Voyager stakeholders,”

the statement reads.

The $50 million figure from Bloomberg turned out to be wrong as FTX US’s bid to acquire the assets of Voyager Digital is valued at around $1.422 billion. The valuation comprises of the following two items:

The fair market value of all Voyager cryptocurrency at a to-be-determined date in the future, which at current market prices is estimated to be $1.311 billion, and Additional consideration that is estimated as providing approximately $111 million of incremental value

Earlier, FTX crypto exchange had shown interest in acquiring Voyager provided it is able to operate profitably and it seems that the deal has finally went through after a long to-and-fro movement. Additionally, the statement from Voyager also confirmed that the case with Three Arrows Capital, which also filed for bankruptcy this year, remains at rest with the estate “which will distribute any available recovery on such claims to the estate’s creditors.”

“FTX US’s bid maximizes value and minimizes the remaining duration of the Company’s restructuring by providing a clear path forward for the Debtors to consummate a chapter 11 plan and return value to their customers and other creditors. FTX US’s market-leading, secure trading platform will enable customers to trade and store cryptocurrency after the conclusion of the Company’s chapter 11 cases,”

Voyager said.

Additionally, the purchase of assets of Voyager Digital by the crypto exchange will be presented to the United States Bankruptcy Court for the Southern District of New York on Wednesday, October 19, 2022 and is therefore, pending regulatory approval. Also, the last date and time for presenting an objection to the deal has been set at 4:00 p.m ET on October 12, 2022.


SelfKey Foundation

Metaproof Platform

Through identity verifications, a decentralized identity platform like the Metaproof Platform, controlled by active user participation and owned by its users, might successfully sort bots from humans. The post Metaproof Platform appeared first on SelfKey.

Through identity verifications, a decentralized identity platform like the Metaproof Platform, controlled by active user participation and owned by its users, might successfully sort bots from humans.

The post Metaproof Platform appeared first on SelfKey.

Monday, 26. September 2022

bitnation

Reserve Bank of Australia (RBA) Announces a CBDC Pilot Program Through Mid 2023

The Australian government, through the RBA research program on CBDC, wants to know the benefits and risks of adopting the technology.
The Australian government, through the RBA research program on CBDC, wants to know the benefits and risks of adopting the technology. According to the announcement, the Australian pilot CBDC program will be named the eAUD, and developed on the Ethereum network. Whereby the smallest denomination will be one cent of the Australian dollar.

This Digital Finance Cooperative Research Centre (DFCRC), in conjunction with the Reserve Bank of Australia (RBA), have teamed up to find out the use cases for a central bank digital currency (CBDC) in the country. The project is overseen by a Steering Committee comprising senior representatives of the RBA, DFCRC and the Australian Treasury. According to the announcement, the pilot program is expected to run mid-next year after the July kickoff.

Previously, the Reserve Bank of Australia did not see the need for a CBDC, but circumstances have shifted. Furthermore, demand from both institutional and retail investors has spiked in developed economies, including Australia.

“The project intends to test a general-purpose pilot CBDC issued as a liability of the RBA for use in real-world pilot implementations of services offered by Australian industry participants. Any compelling use case – whether so-called ‘wholesale’ or ‘retail’ – will be explored in the project,” the report noted.

The Australian government has scrutinised the digital asset market to adopt its technology safely. Furthermore, developed countries, including China, have launched a CBDC.

Australia on CBDC and Digital Assets

The cryptocurrency market grew slightly over $3 trillion last year. However, the figures have declined to around $1 trillion in the past few weeks. The crypto winter that has sustained a few months has seen institutional investors and global governments shift their focus on digital assets.

While other industries struggled during the coronavirus crisis, the cryptocurrency industry flexed its muscles by hitting its all-time high. As such, the Australian government is keen to adopt blockchain and cryptocurrency technology to open up its economy further.

Nevertheless, the Australian government, through the RBA research program on CBDC, wants to know the benefits and risks of adopting the technology.

“The DFCRC will implement the pilot CBDC platform, with the RBA responsible for issuance and redemption of the pilot CBDC and other oversight and regulatory functions. This will be a stand-alone platform solely for the issuance and transactional operation of the pilot CBDC,” the report added.

According to the announcement, the Australian pilot CBDC program will be named the eAUD. Whereby the smallest denomination will be one cent of the Australian dollar.

Since the pilot program is entitled to Australian citizens, the report noted that eligible eAUD would have to pass a KYC verification. Otherwise, the RBA has announced that no interest will be paid to eAUD holders during the pilot program.

The Australian CBDC pilot program is expected to run on the second most valuable blockchain network, Ethererum. Furthermore, the Ethererum network offers a comprehensive and secure intelligent contract ecosystem with a vast ecosystem.

The Australian government calls upon local business entities to register with the CBDC pilot program. Moreover, the RBA has not set the maximum output for the eAUD during the pilot program period.


Apple Receives Backlash for Its Tax on NFTs

Apple’s decision to charge its standard 30% commission on NFT sales has been branded as an abuse of power by many creators. Despite heavy criticism, some crypto developers believe Apple’s decision to adopt NFTs in its marketplace is a huge win for the entire industry. Tech company, Apple, has been criticized by the crypto community […]
Apple’s decision to charge its standard 30% commission on NFT sales has been branded as an abuse of power by many creators. Despite heavy criticism, some crypto developers believe Apple’s decision to adopt NFTs in its marketplace is a huge win for the entire industry.

Tech company, Apple, has been criticized by the crypto community after it announced a 30% commission on NFTs sold through apps on its marketplace. Crypto industry leaders slammed this decision as “grotesquely overpriced.”

The iPhone maker currently allows NFTs to be bought and sold through apps listed on its marketplace. However, NFT creators were put off by the decision to charge its standard 30% commission on in-app purchases. Many developers complained that this fee would cripple innovation and NFT sales.

Since Apple is a new player in the NFT scene, many developers expected the tech company to comply with existing industry practices. For example, Opensea, the biggest NFT marketplace, charges a commission rate of 2.5% on NFT sales.

So, developers believe Apple’s decision to impose such heavy fees on NFT sales is abusive. Tim Sweeney, CEO of Epic Games, joined the list of top crypto figures to criticize the smartphone maker, noting that Apple is “killing all NFT app businesses it can’t tax” by “crushing another nascent technology that could rival its grotesquely overpriced in-app payment service.”

Although Apple offered to reduce its commission to 15%, Solana NFT market Magic Eden withdrew its service from the App Store after news of the new policy went viral. Other NFT markets on the App Store reportedly restricted their operations as a result of the high commissions. Additionally, some users cited the additional difficulty of having to conduct transactions in US dollars rather than cryptocurrencies as a turnoff.

Is There a Good Side to Apple’s Decision?

Most NFT creators believe Apple’s decision has a good side to it. Gabriel Leydon, CEO of Web3 game developer Limit Break, urged developers to see the bright side of things before adding that he “will HAPPILY give Apple a 30% cut of a free NFT.” He wrote on Twitter,

Apple has decided to let developers sell NFTs inside of games/apps. Everyone is focusing on apple wanting its 30% cut of each transaction without realizing this could put an ETH wallet in every single mobile game onboarding 1B+ players!

Some other uses noted that selling NFTs will benefit mobile games in particular and dramatically enhance Web3 use globally. Apple has one of the biggest tech markets, which the crypto world could leverage. However, the company’s policies have sometimes served as a barrier.

This will not be the first time Apple has faced criticism for its policies. In 2020, the phone maker was sued by Epic Games for delisting its flagship game, Fortnite, from the Apple store. The game company, however, lost the lawsuit.

Epic reportedly appealed the case and gained considerable awareness.  The U.S. antitrust regulators asked to be involved in the appeal hearings scheduled for next month, expressing concerns that the earlier decision had not appropriately read antitrust law.


ResofWorld

Mexico could turn gig workers into full-time employees

But some are against the proposal, saying it addresses government interests over workers’ real concerns.
In the coming days, the Mexican government is set to discuss an amendment to force delivery and ride-hailing apps to make gig workers into formal employees, which could affect the...

bitnation

Interpol Has Officially Issued A Red Notice Against Do Kwon

Interpol, an international organization that facilitates worldwide police cooperation and crime control, has issued a red notice for all the law enforcement agencies to locate and arrest Kwon. Kwon claims that he is not “on the run” despite leaving South Korea and travelling to Singapore. South Korean prosecutors pointed out that they had issued an […]
Interpol, an international organization that facilitates worldwide police cooperation and crime control, has issued a red notice for all the law enforcement agencies to locate and arrest Kwon. Kwon claims that he is not “on the run” despite leaving South Korea and travelling to Singapore. South Korean prosecutors pointed out that they had issued an arrest warrant for Do Kwon ever since he left the country for Singapore because there was an abundance of “circumstantial evidence of escape.”

Do Kwon, the person behind the failed stablecoin project Terra, seems to have come under the crosshairs of the Interpol, an international organization that facilitates worldwide police cooperation and crime control, as the agency has issued a red notice for all the law enforcement agencies to locate and arrest Kwon.

On the other hand, it is a well-known fact that Do Kwon is the person responsible for the collapse of the Terra ecosystem and the depeg of his stablecoin and as a result, around $60 billion was wiped off from the crypto space as per Bloomberg. In a text message to the media outlet, law enforcement authorities and prosecutors in Seoul confirmed that the international police organization has issued a Red Notice for Kwon.

Meanwhile Kwon did try to revive the Terra project out of the dust but failed to do so with the rebranding of the Terra and Terra Classic ecosystem. The failed project, now called Terra Classic, was a fork established and deserted while Terra (LUNA), the newer project, still stands.

Meanwhile South Korean authorities have accused Kwon and five of his accomplices of crimes which also includes breaching laws regarding capital markets. Following the accusation, Kwon went to Singapore where his firm Terraform Labs was located. However, the offices were closed and the city-state’s authorities confirmed that Kwon is no longer there.

Since then, Kwon’s whereabouts have been missing and it seems that he is no longer there. His last Twitter posts came on Sept. 17 when he moved to Singapore claiming that he is not “on the run” and is ready to send GPS coordinates to anyone who is working on a blockchain project or is a crypto enthusiast.

On Sept. 17 he also stated that he will ‘go for a run to burn some calories’ while also adding that he has nothing to hide from the authorities.

I am not “on the run” or anything similar – for any government agency that has shown interest to communicate, we are in full cooperation and we don’t have anything to hide,

said Do Kwon in a Twitter post.

Interpol issuing a red alert for Kwon might be the last domino that leads to the arrest of the stablecoin developer for defrauding investors and causing the biggest disaster in the crypto industry. However, the Terra Stablecoin (now Terra Classic USD or USTC) was once one of the top 3 stablecoins and has now lost it peg disastrously to the $1 price level.

“We are in the process of defending ourselves in multiple jurisdictions — we have held ourselves to an extremely high bar of integrity, and look forward to clarifying the truth over the next few months,”

Kwon said via another Twitter post.

Interestingly, South Korean prosecutors pointed out that they issued an arrest warrant for Do Kwon ever since he left the country for Singapore because there was an abundance of “circumstantial evidence of escape.”


MyData

What to make of data sovereignty

Data sovereignty has gained much recent attention, whilst interpreted in varied ways. MyData Global describes in this blog post what to make of data sovereignty when taking a human-centric approach to personal data.
Data sovereignty has gained much recent attention, whilst interpreted in varied ways. MyData Global describes in this blog post what to make of data sovereignty when taking a human-centric approach to personal data.

bitnation

Bitcoin 360 AI Review 2022: Is It A Scam?

The bitcoin market is renowned for its constantly active nature and price volatility. It could be difficult for traders looking to make money to navigate the market with such a structure. But to help with this, bitcoin trading platforms have appeared. These services offer crucial support and free merchants from the majority of their trading-related […]

The bitcoin market is renowned for its constantly active nature and price volatility. It could be difficult for traders looking to make money to navigate the market with such a structure.

But to help with this, bitcoin trading platforms have appeared. These services offer crucial support and free merchants from the majority of their trading-related responsibilities.

One of the available crypto trading platforms right now is Bitcoin 360 AI. The effectiveness of the platform has been testified to by a number of Bitcoin 360 AI evaluations, and its creators have made some bold claims about how it functions. Investors looking for information on Bitcoin 360 AI will find it all below.

Our Verdict

It has been established that Bitcoin 360 AI has all the necessary components for an outstanding user experience. For brand-new customers who are eager to make money on the cryptocurrency market, Bitcoin 360 AI provides new options.

Using Bitcoin 360 AI would be advantageous for any trader wishing to enter the cryptocurrency market. You can apply for your license right now by opening an account and making a deposit. Use Bitcoin 360 AI, as we advise, to profit from the market to the fullest.

Bitcoin 360 AI Pros and Cons Pros

User-friendly interface

Quick signup process

Multi-currency support

Auto trading available

Cons

Unregulated trading tool

No Bitcoin 360 AI mobile app

Is Bitcoin 360 AI a Scam?

It is impossible to know for sure whether a proprietary crypto bot software platform performs as claimed because creators hardly ever make their tools available for public backtesting, making it impossible for rivals to copy them.

Do not over-invest in a single trading bot; instead, maintain a diverse portfolio. Automated copy trading is available on several authorized crypto exchanges. Take into account employing them in addition to standalone Bitcoin bots or cryptocurrency bots, as they are sometimes unlicensed or unregulated.

The Bitcoin 360 Ai website makes a number of promises, including that it is the “most profitable auto trader,” although these could just be for marketing purposes. Knowing the actual potential of any auto trader is different because it can also depend on how effectively the end user calibrates it and how much profit they decide to take out or reinvest for compound returns.

Some real Bitcoin robots have their websites scraped or pictures reused to create phony scam bot websites with “celebrity endorsements” from people like Martin Lewis or MoneySavingExpert, Elon Musk or Tesla, Jeff Bezos or Amazon, etc. These scams are simple to recognize and are not real crypto bots.

What Is Bitcoin 360 AI Trading Platform?

In contrast to equities, the cryptocurrency markets, including Bitcoin, trade continuously throughout the year, making it challenging for day traders and regular investors to consistently outperform them.

This led to a market for crypto trading bots that may act as “robot advisers” or “investment advisors” to automate the procedure.

One of the newest automated trading platforms in that market, Bitcoin 360 Ai, makes the promise that it may assist investors to increase their win rate per trade and creating more sustainable profits. However, because the software is proprietary, there isn’t much information online. According to a self-reported review of Bitcoin 360 Ai:

The creative and user-friendly, yet strong enough to satisfy your demands, Bitcoin 360 AI platform is a high-tech environment to help you maximize your cryptocurrency and Bitcoin profits. New individuals join our elite and prosperous community of investors every day in order to reach their financial freedom milestones and live a carefree lifestyle.

How Does Bitcoin 360 AI App Work?

The “AI” in “BTC 360 Ai” stands for artificial intelligence, which as a general term covers all the features of Bitcoin robots, cryptocurrency trading bots, etc., such as their automatic trading strategy, setting a TP/SL order in advance (take profit and stop loss), determining the optimal R:R (risk to reward ratio for trades), and being able to layer bids and asks to scale into a position gradually.

Human traders frequently become impatient with going through all of these steps, enter a long or short position in the middle of a trading range, and then get chopped up. Bitcoin 360 Ai asserts that it is more accurate than most retail investors at navigating price volatility in the cryptocurrency markets.

Bitcoin 360 AI Overview

Platform type: Bitcoin and crypto trading platform
Supported cryptocurrencies: BTC, ETH, BCH, BNB, LTC, DASH, BT, and more
Withdrawal time: Instant via cryptocurrency, 12-24 hours by fiat
Minimum deposit: $250

Key Features of Bitcoin 360 AI Automated Multi-Asset Trading

According to Bitcoin 360 Ai, it is possible to trade Bitcoin and several of the best altcoins, including Ethereum, automatically. Notably, this Bitcoin bot platform also supports Bitcoin Cash and Bitcoin Gold, two further forks of the cryptocurrency.

Simple to Use

The ease of use of the software is a frequent theme in online Bitcoin 360 Ai evaluations; yet, like with any crypto bot, these comments may be paid for, fabricated, or overstated. Be careful as you go.

Quick Withdrawal

BTC 360 Ai, which accepts deposits in both fiat money and cryptocurrency, promises a 1-2 business day turnaround for withdrawals of fiat money and fast payouts of cryptocurrency on its website. We advise trying out the Bitcoin 360 Ai withdrawal procedure as soon as possible.

Demo Account

Supposedly, after making the initial deposit and registering on the Bitcoin 360 Ai website (there is no free trial version accessible), a demo account is made available. That is beneficial because practicing with paper trading first reduces risk to nothing until you are certain that Bitcoin 360 Ai is real and effective.

Customer Service

The creators of the tool claim that users can get assistance from a trustworthy and useful customer support system on Bitcoin 360 AI if they run into any problems. They haven’t yet provided any information regarding the effectiveness of the customer care channels, though. Trading professionals must exercise considerable caution when using this instrument.

How to Use Bitcoin 360 AI – Step-by-Step Guide Step 1: Open an account

Fill out the form above with the correct information, including your full name, phone number, and email address.

The trader will then be connected by Bitcoin 360 AI to a broker in their area.

Step 2: Make a Deposit

Investors are now able to fund the account with a $250 minimum deposit. It is advised against making a larger amount before trying out the trading program and tactics.

Step 3: Monitor Trading Bot

The platform, according to Bitcoin 360 AI, provides a demo account. Using this, you can obtain the exclusive software without exchanging actual money.

Investors can finally access the typical trading account. By selecting their risk parameters, traders can personalize their trading settings. Additionally, according to the site, investors can choose how much autonomy they want the AI system to have.

Traders have the option of setting an automatic function that will enable the software to go live and execute trades on their behalf, or they can choose to invest manually. We were unable to independently confirm any of these allegations, though.

Bitcoin 360 AI vs other Trading Robots

Minimum Deposit: $250 (in-line with other trading bots and platforms)

Success Rate: 90% (much lower than other platforms like Bitcoin Code with 99.4%)

Can you make money with Bitcoin 360 AI?

According to Bitcoin 360 AI, the platform offers a demo account. By doing this, you can get premium software without paying cash.

Finally, investors have access to the standard trading account. Traders can customise their trading settings by choosing their risk parameters. Additionally, investors can select how much autonomy they want the AI system to have, according to the website.

Traders have the choice of investing manually or creating an automatic feature that will allow the software to go live and execute trades on their behalf. However, we were unable to independently verify any of these claims.

In order to assist you in managing your account and navigating trading in the volatile cryptocurrency market, Bitcoin 360 Ai has worked with CySEC-licensed brokers. Bitcoin 360 Ai values your privacy greatly, so your data is protected by an SSL certificate.

For a novice, trading can be incredibly frightening even when it is being done on your behalf.

It makes logical that you would have many concerns or inquiries, which is why Bitcoin 360 Ai has a customer service team that is staffed and available around-the-clock to make sure your needs are met at all times and you are never in the dark.

Customers of Bitcoin 360 Ai have left a tonne of positive internet reviews of the programme and the revenue it has brought in for them.

Tips for new traders

Here are some tips to help you get the most out of utilizing Bitcoin 360 Ai.

Start With Small Investments

Trading with Bitcoin 360 Ai requires a minimum deposit of 250 EUR. When you first start trading with Bitcoin 360 Ai, this initial deposit will serve as both your capital and your trading account.

Take Regular Profit Withdrawals

It would be wise to keep in mind that you should regularly withdraw the money that Bitcoin 360 Ai has created for you. Profits can be moved to a different digital wallet of your choice or withdrawn into your bank account.

Spend 20 minutes on your account every day.

Although Bitcoin 360 Ai requires really minimal upkeep, it functions best when you log in to your account once or twice daily to monitor activities and keep track of what’s going on.

Invest Prudently

You must trade cautiously and only with extra money that you have accessible because the bitcoin market is unpredictable. This is crucial while utilizing Bitcoin 360 Ai.

Keep an eye on your transactions

Account statements can be downloaded directly from your Bitcoin 360 Ai account. You should regularly download your transactions because you might need to pay taxes on your income as soon as you start making money. You’ll need these records in order to achieve it.

Has Bitcoin 360 AI Been Endorsed by Celebrities? Dragons Den – Peter Jones, Deborah Meaden

Even though it has been claimed that Bitcoin 360 AI has been supported and recommended by Dragons Den, we could not find any evidence to back this up.

Elon Musk

Even though it has been claimed that Bitcoin 360 AI has been supported and recommended by Elon Musk, we could not find any evidence to back this up.

Jeremy Clarkson

Even though it has been claimed that Bitcoin 360 AI has been supported and recommended by Jeremey Clarkson, we could not find any evidence to back this up.

Holly Marie Willoughby

Even though it has been claimed that Bitcoin 360 AI has been supported and recommended by Holly Marie Willoughby, we could not find any evidence to back this up.

Idris Elba

Even though it has been claimed that Bitcoin 360 AI has been supported and recommended by Idris Elba, we could not find any evidence to back this up.

Ant McPartlin

Even though it has been claimed that Bitcoin 360 AI has been supported and recommended by Ant McPartlin, we could not find any evidence to back this up.

Nicole Kidman

Even though it has been claimed that Bitcoin 360 AI has been supported and recommended by Nicole Kidman, we could not find any evidence to back this up.

Trevor Noah

Even though it has been claimed that Bitcoin 360 AI has been supported and recommended by Trevor Noah, we could not find any evidence to back this up.

Gordon Ramsey

Even though it has been claimed that Bitcoin 360 AI has been supported and recommended by Gordon Ramsey, we could not find any evidence to back this up.

Is It Possible to Withdraw Earnings? 

To get your money, a withdrawal form must be filled out. Within 24 hours after submission, your broker will carry out your payment, which will show up in your bank account.

What are the fees for Bitcoin 360 AI?

The Bitcoin 360 AI website claims that there are no additional fees or subscription costs associated with the cryptocurrency trading robot. Traders can access the AI program that starts following the cryptocurrency markets for free after registering an account and making a deposit of $250 or more.

Further investigation revealed no additional trading fees that this cryptocurrency site levies. We advise investors to conduct their own research before making an investment in any exchange due to the limited information available prior to making a deposit.

Trading Fees: None
Account Fees: None
Software Cost: None

FAQs What is Bitcoin 360 Ai & How Does It Work?

An automated trading platform called Bitcoin 360 Ai uses artificial intelligence to forecast market moves and profit from them. The investment approach is praised for its capacity to generate significant profits in the extremely volatile environment of the cryptocurrency markets. Profits are generated automatically every hour until they reach the required amount; there are no fund managers to take risks, watch the market, or look for opportunities.

How Much Profit Can I Make With Bitcoin 360 Ai?

Trading any kind of asset, let alone cryptocurrency, involves a huge number of variables. The amount of capital that should be utilized in relation to other factors like leverage, risk tolerance, account size, and stage of the life cycle will always depend on fallible human judgment. Users are in charge of their portfolios thanks to Bitcoin 360 Ai, which helps to simplify some of this complexity.

Is Bitcoin 360 Ai Free To Use?

It costs nothing to open a trading account with Bitcoin 360 Ai or to pay a license fee.

Does Elon Musk Or Any Corporations (Like Telsa) Use Bitcoin 360 Ai?

There is no proof that Tesla, Elon Musk, or any other major firm uses Bitcoin 360 Ai. Elon, on the other hand, is a very vocal proponent of cryptocurrencies in general, particularly on Twitter, and many businesses do trade and hold it as a substitute for traditional sources of wealth production.

Do Any Celebrities Endorse Bitcoin 360 Ai?

All other famous people, like Bill Gates, Richard Branson, and Dragon’s Den contestants like Deborah Meadon, do not support Bitcoin 360 Ai. However, there is a chance that they may use cryptocurrency as a means of wealth accumulation.


BitAlpha AI Review 2022: Is It A Scam?

The automatic trading platform BitAlpha AI, which appears to be spelled in a variety of ways with or without spaces, is the subject of our review. Our Verdict Proceed with caution, though, as depositors are the only ones who have access to all performance information from the past. Additionally, we suggest making a $250 minimum […]

The automatic trading platform BitAlpha AI, which appears to be spelled in a variety of ways with or without spaces, is the subject of our review.

Our Verdict

Proceed with caution, though, as depositors are the only ones who have access to all performance information from the past. Additionally, we suggest making a $250 minimum deposit.

Many BitAlpha website names, including those with the misspellings BitAlphaAI and BitAlpha AI, claim to offer an “updated link” for this year.

To protect your wealth, have more money available to buy the dip, remain flexible, maintain a varied portfolio and split your money across several websites. Never put too much money into a single cryptocurrency trading bot or alternative coin.

BitAlpha Ai Pros and Cons Pros

Automated Bitcoin trading as well as other crypto tokens

No hidden fees or management fees

Low minimum deposit

Viral on social media

Cons

No public backtesting or audit

Bit Alpha AI founders are anonymous

Some scam websites set up representing their link as the correct Bit Alpha AI website

Doesn’t appear to support NFT trading

Is BitAlpha Ai a Scam?

It is challenging to determine whether or not these platforms are legitimate given the variety of cryptocurrency trading AI robots that are now on the market. Our evaluation of BitAlpha AI looked at the various capabilities that are offered to users.

Investors can access the trading platform and test trading techniques, for instance, without risking any real money by using demo accounts. For individuals who are unclear about the capabilities of the platform, this function is helpful. However, we are unable to confirm the functionality offered by BitcoinAlpha AI without paying the $250 initial deposit.

BitAlpha AI, on the other hand, provides advantages like personalized setup options and no account fees to benefit the investor. As a result, we advise all curious readers to visit the BitAlpha AI website and decide whether they want to invest using this platform.

What Is BitAlpha Ai?

Crypto exchanges usually state in a risk statement that 68% to 72% of human traders lose money. Even casual retail investors who routinely buy and hold lose money when the market corrects or panic and sell at a loss because they didn’t pick the best altcoins to buy at the proper moments. Bit Alpha AI, one of the most recent trading bot systems, promises to act as “robo advisers” to help traders be more successful while using bitcoin and other cryptocurrencies. The primary Bit Alpha AI tagline, which can be found on many reviews, is:

The platform for trading bitcoins that operates uniquely.

What is different about what it does The user can swing trade based on the situation of the bitcoin market, and Bit Alpha AI claims that take profit and stop loss orders can be continuously updated.

Because Bit Alpha AI’s auto trading software is not made accessible to users without a deposit, we were unable to verify its precision and win rate. The minimum investment for trading robots is only $50, and a demo account is reportedly made available.

How Does BitAlpha AI Work?

Other than the fact that Bit Alpha AI can recognize “alpha” in trading environments, not much is known about it. The Greek letter alpha is frequently used to denote the word “edge.” Trading alpha, as defined by Investopedia, essentially refers to a trading strategy’s ability to outperform the market.

This might cover things like how to layer take profit (TP) orders, where to put stop loss (SL) orders, and more.

Compared to some of the other automatic trading platforms we’ve studied, it seems to operate in a more sophisticated manner. The term “AI” (artificial intelligence) implies that this is a trading tool, albeit it keeps the specifics if any, a closely-kept secret.

BitAlpha Ai Overview

Type of Platform: Crypto Trading Multi-Asset Platform
Cryptocurrencies Available: BTC and other Cryptos
Withdrawal Speeds: 2 hours for Withdrawals
Minimum Deposit: $250

Key Features of BitAlpha AI Easily Accessible

Visit the website and register for an account to access the BitAlpha AI platform. Investors can use the BitAlpha AI software after making a $250 payment. This trading bot cryptocurrency platform states that users can access the services through desktop and mobile apps.

Customizable

After making the initial minimum investment and logging into the network, the BitcoinAlpha AI bot is said to let investors choose their desired settings. Traders have the freedom to set their own risk limits and decide which asset classes to trade in.

Another feature that may be changed is the autonomy of the AI bot. The trading bot is an option for investors who want it to monitor the markets and provide them a selection of new open positions. Members of the platform, however, have the option of giving the trading bot total authority so that it can place fresh transactions without assistance from a person.

Deposits

Notably, BitAlpha AI says that deposits can be made in both cryptocurrency and fiat money. Credit/debit cards and bank transfers are acceptable forms of payment for the $250 minimum deposit required to start trading. However, the platform also states that it supports cryptocurrency transactions between several crypto wallets.

Anyone wishing to move money from one cryptocurrency wallet to another will find this convenient.

Strong Winrate

The trading bot can produce an average win rate of 80%, claims the BitAlpha AI website. Given the level of risk and volatility that investors often experience while trading cryptocurrencies, this number is extremely high.

However, we are unable to verify this success rate due to the lack of openness before making a deposit. We advise traders to only invest what they can afford to lose and to do so cautiously.

Quick Withdrawals

According to Bit Alpha AI, its withdrawal time window is practically instant, sending back the bitcoin asset that was used as the deposit method only takes a few minutes to an hour. Even though these options need a bit more processing time, profits can also be put into and cashed out using a bank account or a VISA card.

Educational Resources

After depositing, Bit Alpha AI makes some instructions on how to trade and how Bit Alpha AI functions available.

How to Use BitAlpha AI – Step-by-Step Guide Step 1: Open an account

Fill out the entire sign-up form that is located on the top of this page. Read the risk disclaimer and the terms and conditions.

Step 2: Make a Deposit

As previously indicated, traders can utilize the BitAlpha AI software by making a payment of at least $250. Bank transfers or credit/debit cards are available as deposit options.

Step 3: Monitor Trading Bot

Investors can now tailor their preferred trading alternatives by selecting tradable markets, risk thresholds, and other factors. When the software is turned on, it allegedly employs an automatic scanner that scans the markets.

BitAlpha AI vs other Trading Robots

Minimum Deposit: $250 (in-line with other trading bots and platforms)

Success Rate: 72% (much lower than other platforms like Yuan Pay Group with 99%)

Can you make money with BitAlpha AI?

There is no fraud associated with the BitAlpha AI program. While using the application, the platform does not guarantee profits or trading success. Instead, the program has been developed to analyze the crypto markets and give traders up-to-date information. The software is secure, and for further security, every page on the official BitAlpha AI website is SSL-encrypted. With BitAlpha AI, anyone may trade their preferred cryptocurrencies with complete peace of mind.

Tips for new traders

Remember that bitcoin trading never provides a 100% assurance of profit, regardless of how good an algorithm is. You must exercise due diligence if you want to lower your risk exposure and boost your profitability. Here are some tips that can be helpful to you.

Don’t invest with more risk than you can bear.

Often, inexperienced Bitcoin traders make the deadly mistake of trading all of their capital as soon as they start to see profits. That is a poor method of investing. Remember that even if the bot has consistently produced excellent results, there is no guarantee that this will continue to be the case.

Having Limited Capital to Start

Even if you have enough extra money, going all-in is never a wise idea. To ensure you’re getting the best return on your investment, educate yourself with the software’s functionality and market dynamics. Always start small and increase your working capital gradually as your income increases. You can achieve organic growth in this way without taking on a lot of financial risk.

Do not invest all of the profits.

When you are getting great profits, it can be tempting to invest everything. Keep in mind that investing is all about making decisions based on logic rather than allowing your emotions dictate them. Depending on your investing strategy, set aside a portion of your profits for savings and utilize the remainder to boost your working capital. You can avoid putting anything at danger by using this strategy.

Has BitAlpha Ai Been Endorsed by Celebrities? Dragons Den – Peter jones, Deborah meaden

There have been several marketing campaigns claiming that Dragons Den has endorsed BitAlpha AI, however, we could not find any evidence to back this up.

Elon Musk

There have been rumors that the electric car giant Tesla and its owner Elon Musk is connected to BitAlpha AI. We were unable to locate any conclusive proof of this; rather, it appears that the Tesla and BitAlpha AI connection is a myth created by marketing gurus who assert that Tesla invested some of its money in the coin.

Jeremy Clarkson

There have been several marketing campaigns claiming that Jeremy Clarkson has endorsed BitAlpha AI, however, we could not find any evidence to back this up.

Holly Marie Willoughby

There have been several marketing campaigns claiming that Holly Marie Willoughby has endorsed BitAlpha AI, however, we could not find any evidence to back this up.

Idris Elba

There have been several marketing campaigns claiming that Idris Elba has endorsed BitAlpha AI, however, we could not find any evidence to back this up.

Ant McPartlin

There have been several marketing campaigns claiming that Ant McPartlin has endorsed BitAlpha AI, however, we could not find any evidence to back this up.

Nicole Kidman

There have been several marketing campaigns claiming that Nicole Kidman has endorsed BitAlpha AI, however, we could not find any evidence to back this up.

Trevor Noah

There have been several marketing campaigns claiming that Trevor Noah has endorsed BitAlpha AI, however, we could not find any evidence to back this up.

Gordon Ramsey

There have been several marketing campaigns claiming that Gordon Ramsey has endorsed BitAlpha AI, however, we could not find any evidence to back this up.

Is It Possible to Withdraw Earnings?

To get your money, a withdrawal form must be filled out. Within two hours of submission, your broker will carry out your payment, which will show up in your bank account.

What are the fees for BitAlpha AI?

The lack of platform fees is one benefit of investing with BitAlpha AI. New investors are granted free access to the proprietary software once they have opened an account and deposited monies.

Additionally, BitAlphaAI asserts that there are no subscription fees or trade costs associated with using their services. Again, we have no access to the platform used by the crypto trading bot, therefore we are unable to verify these claims.

FAQs How Can Users Use the BitAlpha AI App to Start Trading Cryptocurrencies?

Using the BitAlpha AI application, trading digital currency involves a few steps. Making a free account on our BitAlpha AI website is the first step. Enter your name, email address, phone number, and country of residence in the registration form on the website. Users can start trading on the cryptocurrency exchanges after making a deposit of at least £250. After the account is created, users can use the app’s data-driven insights to make more informed and precise trading decisions.

Which devices work with the BitAlpha AI app?

The BitAlpha AI team was anxious to make sure that anyone, no matter where they were located or what degree of talent they had, could use our application. As a result, it works with all gadgets, including tablets, smartphones, and desktop computers. To perform transactions at any time and spot lucrative market opportunities as they materialize, you’ll need an active internet connection and web browser. The BitAlpha AI software’s user-friendly interface also makes it possible to trade digital currency even if you’ve never done it before.

Is Trading with the BitAlpha AI Application Only for Experts?

Anyone can use the BitAlpha AI program, even individuals who have never traded cryptocurrency before. Since the BitAlpha AI algorithm analyzes cryptocurrencies and extracts real-time data to help users in efficiently trading cryptocurrencies, experience is a benefit but not a prerequisite. The autonomy and assistance settings of the app can also be changed to suit a user’s skills, risk tolerance, and preferences.

What are the fees associated with the BitAlpha AI application?

The Bit Alpha AI program does not need users to register an account, engage in trading, make a deposit, or withdraw money. The only financial need is a $250 down payment. Using their money, traders can start positions in a variety of digital currencies. Additionally, the platform does not impose any additional costs that are not disclosed up front, nor does it remove commissions from traders’ profits.

What Kind of Profit Can Traders Expect from the Bit Alpha AI App?

There are two main reasons why answering this topic is challenging. First, it’s difficult to predict cryptocurrencies’ short-term success because to their high volatility. Second, BitAlpha AI is not a program that executes trades automatically and guarantees traders’ profits. Trading decisions can be made more intelligently with the software’s analytical information on the cryptocurrency marketplaces. The software is appropriate for both inexperienced and seasoned traders because it uses cutting-edge algorithms and technical indicators to deliver a thorough and accurate analysis of the cryptocurrency market.


Biticodes Review 2022: Is It A Scam?

Is the claim that the BitiCodes trading bot is “the crypto industry’s most accurate auto-trading software” authentic and verified? We examine the promises made by the BitiCodes website in this review to see whether it is a scam or a reliable, trustworthy “robo adviser,” often known as an automated trading platform. Our Verdict It has […]

Is the claim that the BitiCodes trading bot is “the crypto industry’s most accurate auto-trading software” authentic and verified?

We examine the promises made by the BitiCodes website in this review to see whether it is a scam or a reliable, trustworthy “robo adviser,” often known as an automated trading platform.

Our Verdict

It has been established that Biticodes has all the necessary features to ensure that every user has a wonderful experience. For new users eager to make money on the bitcoin market, Biticodes opens up new opportunities.

Biticodes would be beneficial to any trader looking to enter the cryptocurrency market. By creating an account and pledging a deposit, you can apply for your license right away. We advise you to utilize Biticodes to their greatest potential.

Biticodes Pros and Cons Pros

Automated trading platform for BTC and popular altcoins

Claimed high win rate, more than human traders

Instant cashouts via cryptocurrency

Cons

Little backtesting information

Requires a $250 minimum deposit

Available for a limited time

Is Biticodes a Scam?

You may be confident that Biticodes is a reliable trading tool when it comes to their validity. In order to help you manage your account and provide you with guidance when trading in the volatile cryptocurrency market, Biticodes has exclusively teamed with CySEC-approved brokers. Your privacy is very important to Biticodes, so your information is secured using an SSL certificate.

Trading can be somewhat frightening if you have never done it before, even when it is being done on your behalf. You’re going to have a lot of questions and concerns, which is why Biticodes has a customer care department that is staffed round-the-clock to make sure your needs are always addressed and you’re never in the dark.

What Is Biticodes?

A well-known bitcoin automated trading platform called BitiCodes was created to provide both novice and seasoned traders with a smooth trading experience. The program’s creators claim that in order to conduct winning transactions on your behalf, it makes use of artificial intelligence (AI), complex algorithms, and trading strategies. In other words, by assisting you in automating tedious and time-consuming processes like market research, chart analysis, price forecasting, and trend analysis, the BitiCodes platform makes cryptocurrency trading simple.

We think BitiCodes is the best trading programme for both new and seasoned traders based on our own experience using it. With this platform, you don’t need to worry about learning how to trade or spend a lot of time trading every day. If you choose to trade manually on the site, BitiCodes also provides handy tools and data, like charts, to help you with your transactions.

With a 90% success rate, BitiCodes will likely execute winning trades for you nine out of 10 times. The platform can also execute numerous deals per second, a feat that is beyond the capabilities of even the most seasoned cryptocurrency trader. This software also enables you to trade other popular cryptocurrencies including Ethereum, Litecoin, Ripple, Cardano, Bitcoin Cash, and more, in contrast to other automated cryptocurrency trading systems that only handle Bitcoin.

How Does Biticodes Work?

As was previously said, to execute deals, this bitcoin trading platform uses top-notch algorithms, artificial intelligence, and robotics. When you press the trade button, it immediately begins automatically scanning the bitcoin market and analysing charts to find profitable trading chances. AI technology and cutting-edge algorithms are used to accomplish this. When it sees a chance, it immediately sends out its trading bots to carry it out.

This method enables the automated trading program to accurately complete more than ten trades in a single second. So, you can anticipate BitiCodes to complete 1000+ transactions for you in less than an hour. Additionally, the software has a 90% success rate, meaning 900 out of the 1000+ trades will probably be lucrative.

Both desktop and mobile devices are compatible with the official BitiCodes website. We have confirmed that the website functions flawlessly on every type of laptop, tablet, and smartphone that we tested it on. You should also be aware that using the platform to register is free. Setting up your trading account on BitiCodes won’t cost you a dime. However, in order to begin trading on the platform and making money, you must deposit $250 as the minimum trading amount.

Biticodes Overview

Cryptocurrencies Available: BTC, ETH, BCH, LTC and more
Withdrawal Speeds: Instant withdrawals
Minimum Deposit: $250

Key Features of Biticodes Trading Platform User Experience

The key selling point of the BitiCodes platform is its straightforward user interface, which is intended to draw in new crypto investors and newbies. The autonomous cryptocurrency trading platform will handle the majority of the job on behalf of the user with little to no effort required from the investors.

To get started, just create and confirm an account. Users of the account can make the program live after making a minimum payment of $250. After completing this, BitiCodes will start scanning the markets and starting fresh deals every day. The BitiCodes account may be accessed by traders using a web browser, and all they need to get started is a reliable internet connection.

Additionally, the BitiCodes website asserts that it works with every gadget. The website, mobile devices, and tablets can all be used to access BitiCodes. As a result, the crypto trading bot is always immediately available.

Customer Support & Personal Account Manager

Once registration is complete, the BitiCodes website states that each new user will be assigned a personal account manager. To resolve any account-related questions, traders can get in touch with the account managers by Whatsapp, Telegram, email, and phone.

Members of BitiCodes have 24/7 access to customer support in addition to account managers. The customer support team gives the same level of accessibility as the account managers because they are also accessible through various internet channels including email, Telegram, and others.

Demo Account

According to the BitiCodes website, demo account options are available to investors, enabling them to sample the software and account features without having to make a real-money investment. The same functions available on a conventional account are supported by a demo account, which utilises fake money to place new transactions and buy assets.

For traders wishing to test out a new platform without putting any real assets at risk, the demo account function is useful.

Security

Since security is a key concern for every cryptocurrency trading platform, BitiCodes asserts that it has started a number of security protocols to safeguard investors’ money. The database used by BitiCodes stores data that is completely encrypted, protecting it from potential hacks.

The website also claims that it protects consumer data with numerous SSL certificates.

High Rate of Success

The program for the crypto trading robot, which is most significant, asserts to have a very high success rate. The software’s algorithm is able to make potentially successful transactions because it uses cutting-edge technology to scan the markets and start deals when it is most advantageous to do so.

According to the BitiCodes website, the AI system has a 96% success rate. We haven’t independently verified this, though.

Leverage

The platform’s ability to leverage up to 5000:1 is another benefit of BitiCodes. However, if you are a newbie, we do not advise choosing this choice. It is quite profitable, but there is a danger you could lose everything.

How to Use Biticodes – Step-by-Step Guide Step 1: Open an account

You can sign up for the platform using the form above. You can also do so through their website, but the form above presents an easier way to do this without running the risk of ending up on a duplicate or fraudulent platform.

Step 2: Verify your Account

You must submit the completed form to the website. BitiCodes will create your free account and give you a verification email in a matter of seconds. You will have access to your account after the verification procedure is finished.

Step 3: Make a Deposit

Funding your account with the required minimum trading capital is the next step after completing the BitiCodes registration and verification process. Before customers can begin trading, the platform asks all users to deposit a minimum of $250. You can deposit money using a few different methods on the BitiCodes website. Debit cards, credit cards, bank transfers, and e-wallets are all options for funding your account.

As previously stated, BitiCodes does not charge for registration. Therefore, this amount is your trading capital rather than your registration fee. The site does not impose deposit fees, which is another benefit worth mentioning. Therefore, the trading capital you receive will be equal to the amount you put in your trading account.

Step 4: Monitor Trading Bot

Before trading with your hard-earned money, you can utilize BitiCodes’ demo account to get acquainted with the platform. You receive monies through this feature—not actual cash—that you may use to test the software and learn how it functions.

Once you are certain that you comprehend how the BitiCodes platform functions, click the start trading option to begin the transaction. The window for the trade parameters will open after this operation. The crypto asset you want to trade must be chosen here, along with additional settings like risk level, stop loss and more. Click the live trading button when finished to watch the program trade and earn money for you.

Biticodes vs other Trading Robots

Minimum Deposit: $250 (in line with other platforms)

Success Rate: 90% (lower than other platforms like Yuan Pay Group with 99% success rate)

Can you make money with Biticodes?

After carefully examining the website, our specialists have concluded that BitiCodes is both legitimate and profitable. Furthermore, we found no evidence to support the claim that it is a hoax. In order to learn more about BitiCodes, we first looked at user reviews on TrustPilot, Yelp, Facebook, and other reliable review sites.

Many people assert that since the platform’s introduction, they have been using BitiCodes to generate passive revenue. We must warn you, nevertheless, that some customers claim they lost money using the site because they were unable to understand how it operated. Not content, we continued our research by registering for a BitiCodes account to gain first-hand experience.

We think BitiCodes is 100 percent genuine based on our experience and other considerations. We take the founders’ assertion that even a novice trader with no prior experience can increase their money by using BitiCodes seriously. Please be aware, though, that no automatic trading programme in the world has a success record of 100 percent. Therefore, when you invest in these automated trading systems, there is still a danger that you could lose your money.

So, we suggest that you only invest money that you can afford to lose. Ideally, you should start with the smallest amount of money possible and only expand your investment after you begin to profit from the platform.

Tips for new traders

The following advice can help you maximise your profits on BitiCodes while lowering your risk of financial loss.

Only invest what you can afford to lose. Because of the cryptocurrency market’s extreme volatility and unpredictability, anything can happen while you are trading. Never invest money you’ve borrowed or used for necessities like rent or food in cryptocurrency.

Always routinely cash out your platform gains. You won’t be at a loss if the unexpected occurs if you do it this way.

Try to set aside 20 to 30 minutes every day to check on your account to make sure the program is functioning properly. Additionally, monitoring will enable you to identify any anomaly in your account before it worsens.

Has Biticodes Been Endorsed by Celebrities? Dragons Den – Peter Jones, Deborah Meaden

Despite numerous claims and allegations that the BitiCodes platform had been endorsed by Dragons Den, we could not find any evidence regarding the same.

Elon Musk

Despite numerous claims and allegations that the BitiCodes platform had been endorsed by Elon Musk, we could not find any evidence regarding the same.

Jeremy Clarkson

Despite numerous claims and allegations that the BitiCodes platform had been endorsed by Jeremy Clarkson, we could not find any evidence regarding the same.

Holly Marie Willoughby

Despite numerous claims and allegations that the BitiCodes platform had been endorsed by Holly Marie Willoughby, we could not find any evidence regarding the same.

Idris Elba

Despite numerous claims and allegations that the BitiCodes platform had been endorsed by Idris Elba, we could not find any evidence regarding the same.

Ant McPartlin

Despite numerous claims and allegations that the BitiCodes platform had been endorsed by Ant McPartlin, we could not find any evidence regarding the same.

Nicole Kidman

Despite numerous claims and allegations that the BitiCodes platform had been endorsed by Nicole Kidman, we could not find any evidence regarding the same.

Trevor Noah

Despite numerous claims and allegations that the BitiCodes platform had been endorsed by Trevor Noah, we could not find any evidence regarding the same.

Gordon Ramsey

Despite numerous claims and allegations that the BitiCodes platform had been endorsed by Gordon Ramsey, we could not find any evidence regarding the same.

Is It Possible to Withdraw Earnings?

A cryptocurrency trading bot allows for both crypto and fiat currency ways for deposits and withdrawals. Depending on network congestion, processing times for crypto deposits and cashouts range from instant to only a few minutes.

What are the fees for Biticodes?

Examining the trading expenses is a key consideration before investing with any crypto platform. However, BitiCodes asserts that there are no expenses associated with its services. Investors who are interested in using the automatic program can sign up for BitiCodes without having to pay a membership fee or additional trading costs.

However, BitiCodes does keep a cut of the revenue generated by the website. We are unable to confirm how much BitiCodes charges in commission because of a lack of openness. The various fees and costs are summarised in the table below.

FAQs BitiCodes: Is it authentic or a fraud?

Our crypto specialists have carefully examined BitiCodes, and they have concluded that it is legitimate and not a fraud. We put the platform to the test and found that it is profitable. In addition, BitiCodes has received a number of favourable ratings on Facebook, TrustPilot, and other sites.

How do BitiCodes function?

BitiCodes scans the bitcoin market, analyses charts and trends, and executes profitable transactions for its subscribers using robotic and artificial intelligence technology. You may profit from cryptocurrencies using BitiCodes without actively trading. We advise the platform to novice traders who have no prior trading expertise because it is completely automated.

Will BitiCodes allow me to make money?

We think everybody can profit from using BitiCodes. When we used the software to trade for the first time, we made hundreds of dollars in profit. Hundreds more nice reviews were also visible online. So, in addition to our team, other users have profited from the site. There are no promises, however, as the cryptocurrency market is volatile and no auto trading program has a 100% success record. As a result, we advise only investing money that you can afford to lose.

How can I register with BitiCodes?

On BitiCodes, registering is quite simple. Please follow the above-discussed steps to get going right away.


Bitcoin Revolution Review 2022: Is It A Scam?

Bitcoin Revolution is a cryptocurrency trading bot that makes the claim that it may increase users’ daily cryptocurrency trading earnings by up to 60%. The platform offers a demo mode so you may backtest it and decide if it’s good for you and it only levies a tiny commission on your profits. Therefore, is Bitcoin […]

Bitcoin Revolution is a cryptocurrency trading bot that makes the claim that it may increase users’ daily cryptocurrency trading earnings by up to 60%. The platform offers a demo mode so you may backtest it and decide if it’s good for you and it only levies a tiny commission on your profits.

Therefore, is Bitcoin Revolution genuine or a scam? In this review of Bitcoin Revolution, we’ll learn more.

Our Verdict

According to our evaluation of Bitcoin Revolution, this cryptocurrency trading platform allows you to delegate trading choices to an AI algorithm that can trade cryptocurrency around-the-clock.

According to Bitcoin Revolution, the algorithm has an up to 85% success rate and allows for daily earnings of up to 60%. Keep in mind that there is a chance of financial loss when working with Bitcoin Revolution. The Bitcoin Revolution’s success rate could not be verified.

Bitcoin Revolution does not charge any account or deposit fees. Starting with as little as $250, you can use the platform for free until you start earning money.

Bitcoin Revolution Pros and Cons Pros

AI algorithm trades crypto automatically

Leverage up to 5,000:1

Only pay a commission when you make money

Claimed 60% daily ROI

Trades 14 cryptos across dozens of CFDs

Cons

Minimum $250 deposit required

No iOS app is available

Is Bitcoin Revolution a Scam?

The platform advertises that users can earn £1000 each day passively and claims endorsements from well-known celebrities. These two assertions are wholly false. Using a robot to trade bitcoins is not a way to make those kinds of profits, and we address several myths about Bitcoin Revolution and celebrity endorsements below.

Although the program does let users exchange cryptocurrency with a robot, users shouldn’t totally rely on this and should be wary of any marketing messages they receive from Bitcoin Revolution.

What Is Bitcoin Revolution?

Automated cryptocurrency trading software is called Bitcoin Revolution. The software tracks change in cryptocurrency market prices using an AI algorithm and automatically executes trades on your behalf.

According to Bitcoin Revolution, users can get daily returns of up to 60%. As part of our assessment, we were unable to confirm this assertion, and it is crucial to remember that all trading involves risk.

Bitcoin Revolution uses leverage up to 5,000:1 to increase the size of your trades and extend your account. High leverage increases your potential return even with just a few hundred dollars in your trading account. However, it might also boost your potential losses with any Bitcoin robot.

Neither an account fee nor a licensing fee are imposed by Bitcoin Revolution. A 2% commission on your profits is the only cost. Therefore, you only have to pay to utilize the platform when you are earning money. We were unable to confirm Bitcoin Revolution’s claim that 85% of its trades are concluded at a profit.

How Does Bitcoin Revolution Work?

A proprietary AI-based trading algorithm serves as the foundation of Bitcoin Revolution. This algorithm can identify price trends that are likely to lead to a successful transaction because it has been trained on years’ worth of market data.

When the algorithm of Bitcoin Revolution notices a trade signal, it generates a buy or sell order for cryptocurrencies. In these trades, leverage, which has a maximum allowable ratio of 5,000:1, is commonly used.

The algorithm will place an order to close out your position when the price goal is attained or the trade starts to lose momentum. Your trading account receives a full refund of the trade’s proceeds, including any gains, so that you can use them again in future transactions.

Traders don’t need to exercise much control over the Bitcoin Revolution. It can operate around-the-clock and boasts an 85% win record in the majority of market scenarios. The success rate claimed by Bitcoin Revolution could not be confirmed. It’s crucial to keep in mind that all trading involves risk, and employing leverage enhances your likelihood of experiencing trading losses.

You can experiment with the parameters of the algorithm by using the demo trading mode. The algorithm can be improved or made to trade more or less aggressively by adjusting the settings.

Bitcoin Revolution Overview

Supported Cryptocurrencies: BTC, BCH, ETH, LTC, BTG, ZEC, DASH, ETC, ADA, MIOTA, EOS, NEO, BNB, XRP
Claimed Success Rate: 85%
Fees and Commissions: 2% commission on profitable accounts
Minimum Deposit: $250
Mobile App: Android
Withdrawal Time: 24 hours

Key Features of Bitcoin Revolution app Simple To Start

The Bitcoin Revolution program asserts to make trading profitable and enjoyable. That’s why they have a quick and simple signup process.

Security

It has been said that the technology program Bitcoin Revolution is trustworthy. It has additionally asserted that it is among the most popular and reliable platforms.

No licensing fees.

The good news is that there are no license fees for Bitcoin Revolution. Once you have completed the registration process and made your deposit, you will have full access to all of Bitcoin Revolution’s trading features.

Available everywhere

Anywhere in the world allows you to access your account. All you need to log in is a working internet connection. Even while traveling, you may keep an eye on your account. Any web-enabled device can view the Bitcoin Revolution website.

Exchange Several Cryptocurrencies

You may diversify your portfolio with Bitcoin Revolution in addition to expanding it. There are also other trading options for cryptocurrencies and instruments like FX and Bitcoin. Both of these deals can be executed simultaneously. You’ll have a range of income streams if you do it this way.

Security Shield

Every investor’s security is taken seriously by Bitcoin Revolution, which has established a number of measures to safeguard investors. To ensure that the investor and their money are well taken care of, every broker is meticulously investigated.

One Step Ahead of the Market

As soon as you register an account and make your initial deposit, you will have complete access to all Bitcoin Revolution features. The trading algorithm is accessible. It doesn’t need a lot of manual labor or long hours. The algorithm can run on its own once it has been correctly configured.

Exchange Several Cryptocurrencies

Even though Bitcoin may be one of the most well-known cryptocurrencies, the Bitcoin Revolution program also makes other cryptocurrencies available. Other cryptocurrencies including ETH, BCH, Dash, LTC, XRP, and many others are available for trading by potential investors. The Bitcoin Revolution platform also deals in fiat money.

Customer Service Division

A customer care department is available to assist both beginners and experienced traders. You will get access to advise from highly-trained customer support agents regardless of your level of experience. Any questions you may have during or after your trading experience can be answered by them.

Daily ROI of 60%

One of Bitcoin Revolution’s most astonishing claims is that the platform may provide daily earnings of up to 60%. So, if you start with $250, you can finish up with $150 at the conclusion of the first day. Your earnings would increase to $240 the following day, and so forth.

The website for Bitcoin Revolution claims that the algorithm it uses wins about 85% of the deals it initiates. The algorithm may trade continuously.

Up to 5,000:1 in leverage

According to Bitcoin Revolution, while trading cryptocurrency CFD pairings, leverage can reach 5,000:1. Because it improves your potential trade size even with a small amount of money in your account, high leverage is crucial.

However, keep in mind that if a deal goes against you, large leverage also magnifies your potential losses.

How to Use Bitcoin Revolution – Step-by-Step Guide Step 1: Open an account

You can sign up using the form above – simply click “Register Now” after entering your name, email address, and phone number.

Step 2: Make a Deposit

The Bitcoin Revolution requires a $250 minimum deposit. The deposit methods include credit and debit cards, bank transfers, and e-wallets like Neteller and Skrill.

Step 3: Monitor Trading Bot

You are now prepared to begin trading with Bitcoin Revolution after funding your account. Starting off in demo mode is a smart idea so you can understand how the platform operates and experiment with the algorithm settings to improve them.

Bitcoin Revolution vs other Trading Robots

Minimum Deposit: $250 (in-line with other trading bots and platforms)

Success Rate: 85% (much lower than other platforms like Bitcoin Code with 99.4%)

Can you make money with Bitcoin Revolution?

Risks always exist in investments, as with any investment. This does not necessarily imply that you are funding a fraud. Many Bitcoin investors have alleged to be making enormous profits every day or every week. According to certain data, Bitcoin has the potential to increase its market share by more than 20% in just one hour.

The primary objective of cryptocurrency traders is to increase their profits at the end of each trading session. The risk is higher and the rewards are larger when the bitcoin market is more volatile. Naturally, these hazards can be minimized with the right precautions.

In 2017, the price of one bitcoin came very close to $20,000. The Bitcoin Revolution has enabled numerous investors to significantly increase their fortunes. According to reports, depending on market volatility, a potential investor would have to rely on trading robots to execute the trades. These robots are said to have an 88% success rate.

Even though Bitcoin Revolution seems to have quite the reputation, we advise against making significant investments until you’ve tried the risk-free sample account.

Tips for new traders

You must take the effort to comprehend how bitcoin trading functions, even if you are utilizing a cryptocurrency robot. Even when using automated tools, you should never invest in anything you don’t fully comprehend. Keep the following in mind at all times.

Discover trading first. You’ll have a better understanding of the robot’s operation and how to use it if you familiarize yourself with the fundamentals of trading. Learn everything you need to know about cryptocurrency trading by enrolling in one of our courses.

Study up on cryptocurrencies. The more you understand about cryptocurrencies, the better you’ll be able to recognize business prospects in the market.

Begin with a practice account. Before investing any of your money in the markets, you can practice trading and get familiar with the Bitcoin Revolution website by using a demo account.

Begin modestly. You’re going to make mistakes while you’re just getting started. As a result, begin with tiny crypto trades and gradually expand your investment as you get more experience.

Do not invest more money than you can afford to lose. When it comes to investing in cryptocurrencies, this is the most critical factor. Never invest more than you might lose without it lowering your standard of living because there is no assurance that you will make money when trading.

Has Bitcoin Revolution Been Endorsed by Celebrities? Dragons Den – Peter Jones, Deborah Meaden

No, none of the individual “dragons” from Dragons Den have ever appeared on the show or given their endorsement to Bitcoin Revolution. Entrepreneurs can present their company ideas to a group of affluent investors on the iconic British TV program Dragons Den in the hopes that one of the investors—referred to as “the dragons”—will decide to invest in their concept.

Many various platforms have made the assumption that this platform was one of those businesses looking for investment, but when we looked into it, we discovered that this was untrue.

Elon Musk

Although Elon Musk is a well-known proponent of cryptocurrencies, there is no proof that he utilizes the Bitcoin Revolution system. The well-known businessman has actually expressed his opinions on Twitter in a very direct manner. There is no proof that Tesla or any other large enterprises use Bitcoin Revolution, but many individuals and businesses in the power sector trade and store cryptocurrencies as an alternative form of money.

Jeremy Clarkson

Despite several rumors and claims, there has been no evidence to show that Jeremey Clarkson has endorsed the Bitcoin Revolution app.

Holly Marie Willoughby

Despite several rumors and claims, there has been no evidence to show that Holly Marie Willoughby has endorsed the Bitcoin Revolution trading software.

Idris Elba

Despite several rumors and claims, there has been no evidence to show that Idris Elba has endorsed the Bitcoin Revolution software.

Ant McPartlin

It is untrue that Ant McPartlin has approved the trading robot. Ant McPartlin, together with Declan Donnelly, makes up half of the popular presenting team “Ant and Dec” in the UK.

Despite several internet claims to the contrary, he has never had any connection to the Bitcoin Revolution trading software.

Nicole Kidman

Despite several rumors and claims, there has been no evidence to show that Nicole Kidman has endorsed the Bitcoin Revolution app.

Trevor Noah

Despite several rumors and claims, there has been no evidence to show that Trevor Noah has endorsed the Bitcoin Revolution trading platforms.

Gordon Ramsey

Despite several rumors and claims, there has been no evidence to show that Gordon Ramsey has endorsed the official Bitcoin Revolution website.

Is It Possible to Withdraw Earnings?

To get your money, a withdrawal form must be filled out. Within 24 hours after submission, your broker will carry out your payment, which will show up in your bank account.

What are the fees for Bitcoin Revolution?

According to our analysis of Bitcoin Revolution, there are no account fees, license fees, or subscription fees associated with this product. As an alternative, investors pay a 2% commission on any earnings generated by Bitcoin Revolution. A 2% commission may seem like a lot of money for large accounts, but with this arrangement, you only pay when the software generates income for you.

At Bitcoin Revolution, there are no additional fees for deposits or withdrawals.

Trading Fees: 2% commission on profits
Account Fees: None
Deposit/Withdrawal Fees: None
Minimum Deposit: $250

FAQs How Does the Bitcoin Revolution Work? What Is It?

The automated trading program Bitcoin Revolution uses artificial intelligence (AI) to forecast market moves based on social media sentiment, online news, price changes of competing cryptocurrencies, technical indicators, and heuristics. In contrast to our rivals, our algorithm operates in the background of your computer or laptop without affecting your regular activities or battery life.

What Sort of Gain Can I Expect From the Bitcoin Revolution?

You should consider your capital and leverage. If you invest all of your available money in your trade, an 85% success rate will yield a profit of between $8500 and $9000. On the other hand, if only 10% is traded but that amount is subsequently multiplied by, say, 50:1, that same trader can anticipate profit margins of at least 150%. Make sure you understand the dangers associated with trading and only spend money you can afford to lose.

Is it free to use Bitcoin Revolution?

To register a trading account with Bitcoin Revolution, there are no registration fees or any costs.

Does Elon Musk Use Bitcoin Revolution? Do Any Companies (Like Tesla)?

Although Elon Musk is a well-known proponent of cryptocurrencies, there is no proof that he utilizes Bitcoin Revolution. The well-known businessman has actually expressed his opinions on Twitter in a very direct manner. There is no proof that Tesla or any other large enterprises use Bitcoin Revolution, but many people and businesses in the power sector exchange and store cryptocurrency as a substitute for traditional forms of income.

Do Famous People Support the Bitcoin Revolution?

The other TV celebs, like Bill Gates and Richard Branson, don’t mention any link to the Bitcoin Revolution. However, they might employ cryptocurrency to build up their riches.


Bitcode Ai Review 2022: Is It A Scam?

Users can trade different cryptocurrencies like Bitcoin, Litecoin, Ethereum, and others using a robot called Bitcode AI. The robot’s goal is to enable users to benefit from bitcoin trading with relatively low capital outlay. To assist you to choose whether Bitcode AI is the best option for you, we’ll examine its features, benefits, and drawbacks […]

Users can trade different cryptocurrencies like Bitcoin, Litecoin, Ethereum, and others using a robot called Bitcode AI. The robot’s goal is to enable users to benefit from bitcoin trading with relatively low capital outlay. To assist you to choose whether Bitcode AI is the best option for you, we’ll examine its features, benefits, and drawbacks in this article.

Our Verdict

After investigating this platform, we can categorically state that the Bitcode AI is authentic and not a hoax. You should definitely open a free account if you’re going to begin trading cryptocurrencies.

A 24/7 support team and free account managers are on hand at Bitcode AI to assist you whenever you need them.

Additionally, their withdrawal process was simple and hassle-free. Bitcode AI won’t be a bad choice if you’ve always wanted to earn some extra cash.

Bitcode Ai Pros and Cons Pros

User-friendly automated features and platform

No previous cryptocurrency trading experience is required to use Bitcode AI

Hosts over 20 cryptocurrencies, including Bitcoin, Ethereum, Litecoin, etc.

Free to download

No hidden costs as the bot is transparent

Cons

It doesn’t have a mobile app

Not available in the US

The $250 minimum deposit might be costly for low-budget traders

Is Bitcode Ai a Scam?

First of all, a scam would be Bitcode AI taking your money or giving it to you in exchange for a phony trading system. Studies have been done that demonstrate this is untrue.

Only licensed brokers are used by Bitcode AI. Modern security measures are in place at Bitcode AI. By doing this, you can be sure that their software will protect your data. This is one of the essential elements of a platform because of the increase in hackers.

There is dedicated support staff for Bitcode AI. Bitcode AI provides email, platform chat, and phone assistance around the clock. This naturally presupposes that you have access to the assistance you require and that it is available to you.

What Is Bitcode Ai?

A cryptocurrency trading robot for automated trades in the space of cryptocurrencies is called Bitcode AI. According to reports, the bot is intelligently designed to handle positions for traders and is driven by AI. Simply put, it asserts that it will find chances with higher profitability via machine learning, negating the requirement for traders to actively participate in their trading activity. Additionally, Bitcode AI allegedly employs trading signals and algorithms to trade CFD cryptos including Bitcoin, Ethereum, Ripple, Litecoin, and others.

Remember that Bitcode AI was created with beginners in mind and is user-friendly. As a result, using the bot does not require any prior knowledge of bitcoin trading. But before you dive in, you must gain expertise and understand how it operates.

Additionally, the trading crypto robot incorporates exclusive trading techniques to ensure accuracy. A $250 minimum deposit is all you need to get going.

Using Bitcode AI in your trading activity carries hazards even though it is user-friendly. Using it, for instance, does not exclude your continued study into potential bitcoin investments. They only act when they believe the time is appropriate. Having said that, Bitcode AI cannot ensure success, therefore maintain control over your cryptocurrency activities.

How Does Bitcode AI Work?

Bitcode AI is an automated program that aids in determining a client’s level of purchase readiness and sends them automated emails depending on the information supplied by their internal algorithm. A trading platform made exclusively for cryptocurrency is called Bitcode AI. The project’s goal is to give investors the chance to trade bitcoins and other digital assets profitably. Even complete beginners can easily utilize the Bitcode AI login page and trading interface.

After quickly reviewing the Bitcode AI website and all of its capabilities, we can confidently affirm that this bot offers genuine benefits. Bitcode AI can be a wonderful place to start if you’re interested in entering the field of automated bitcoin trading.

The Bitcode AI platform uses a clean, clutter-free auto-translation technique to make it easier to create distributed apps that range from simple to complicated. With blockchain protocols like Hyperledger, Ethereum, Tron, EOS, Tomochain, etc., it works quite well. This enables users to make use of each protocol’s advantages as they create their dApps. The information generated throughout a project may be kept in a single, central database and connected to the smart contracts directly.

The robot may employ leverage up to 5000:1, which is much more than most cryptocurrency exchanges, according to the Bitcode AI website.

This is only advised for seasoned traders because it can both drastically improve earnings and result in severe losses.

Bitcode Ai Overview

Claimed Win Rate: 85%
Supported Assets: BTC and several cryptocurrencies
Is It a Scam? No
Minimum Deposit: $250
Withdrawal Timeframe: 24 hours
Mobile App: No

Key Features of Bitcode AI Trading Platform AI-powered Approaches

Bitcode In comparison to humans, AI trading algorithms are incredibly effective and can identify markets far faster. Trading chances are thus found at the ideal moment.

Registration

There is a quick signup process for Bitcode AI. You must first complete a brief form with the bare minimum of information. This task may be completed in under 30 minutes. Make sure this information is true if you can so that the validation is right.

For opening an account, Bitcode AI doesn’t charge its traders anything. You only need to make a deposit into your account. Make sure your little deposit is prepared before you begin. It will serve as your first capital outlay.

Demo Trading

Before you start making real money investments, it is a good idea to get acquainted with the trading system using Bitcode AI’s demo trading account. However, you have the option to specify that you never wish to utilize a sample account. For instance, you are free to head straight to the trading room.

Customer Service Support

A crucial component of all cryptocurrency trading platforms is customer support. Bitcode AI offers customer support to help rookie traders. Anyone with queries about investing or how much cash is required to begin trading can get help from the team. The knowledgeable staff is on hand day and night and willing to assist you.

Exchange Several Cryptocurrencies

You are able to trade multiple cryptocurrencies with Bitcode AI. You may trade with a variety of different altcoins using Bitcode AI as well.

Trustworthy Brokers

Online bitcoin trading software called Bitcode AI works with online brokers. They rank among the top in their field. They make sure users may maximize their trading potential on the site. Additionally, algorithms are used in the trading process. The best course of action is always to use a regulated platform.

Live Trading

Users value this feature the highest. The sample account and backstage tools can be used by the user to begin live trading right away. Users can choose brokers who deal in cryptocurrencies to trade bitcoins on their trading dashboards. The user must fund their trading account with a minimum deposit of $250 in order to carry on trading. Users can gain from this every day. There is also an algo trade feature accessible.

Leverage

Bitcode AI asserts that it can employ leverage of up to 5000:1 while continuing to apply the same effective tactics. Naturally, the human bias would be present when trading with this leverage manually, but Bitcode AI does not have this issue.

How to Use Bitcode AI – Step-by-Step Guide Step 1: Open an account

The registration form, which is accessible above, must be filled out as the initial step in using Bitcode AI. Your name, email address, and phone number are among the personal information that you must enter. Following that, a link for the verification process will be given to your email.

Step 2: Verify your Account and Make a Deposit

After a broker representative contacts you to finish the KYC procedure, you must deposit the required minimum of $250. Keep in mind that there are numerous payment options accessible; choose the one that will make your transaction the simplest.

Step 3: Monitor Trading Bot

Test Bitcode AI to determine if it satisfies your trading needs, regardless of whether you are a novice or seasoned trader seeking for a trustworthy trading robot. You can move on to the live trading account once you’ve gotten comfortable with the bot.

Make sure you have a sound plan in place before entering the live market to improve your chances of success. Additionally, you can incorporate risk management tools like stop-loss orders into your plan.

You can activate live trading and begin your activity once you have everything planned out, including risk management controls.

Bitcode AI vs other Trading Robots

Minimum Deposit: $250 (in-line with other trading bots and platforms)

Success Rate: 85% (much lower than other platforms like Immediate Edge with 90%)

Can you make money with Bitcode AI?

According on what we now know, Bitcode AI is not a hoax. Numerous online evaluations and testimonials strongly endorse the cryptocurrency trading robot, despite the fact that we were unable to independently verify many of the claims made on its website.

Keep in mind that employing trading robots is often very dangerous, and you run the chance of losing a lot of money. This is due to the fact that the cryptocurrency market is extremely volatile, and despite claims that the Bitcode AI program can navigate the market quickly, it occasionally misses trends that could help or hurt your trades. When using the Bitcode AI app, always do your own study and market analysis. To guarantee that everything goes according to plan, it is imperative to keep track of your activities.

Tips for new traders

Start your cryptocurrency trading career by doing some short-term demo trading.

Test your plan in the past.

Avoid trading for extended periods of time, on weekends, or on holidays.

Always hold off on opening fresh trades until a decline has occurred.

Choose exchanges and brokers that best meet your trading requirements and preferences.

Check to see if the broker you choose has robust security measures in place.

Investigate your favourite broker’s reputation to learn more. The best place to start is by reading internet reviews from other dealers. This ought to provide you some insight into any possible risks connected to them.

Has Bitcode Ai Been Endorsed by Celebrities? Dragons Den – Peter Jones, Deborah Meaden

An intriguing British television program called Dragons Den gives aspiring entrepreneurs the chance to present their concepts, goods, and services to a panel of seasoned businesspeople. Dreamers of being a business mogul who go on this show are given plenty of time to present their concepts. If the group decides the proposal is worth trying, the potential business partner receives a partnership agreement.

Our staff looked into whether the Bitcode AI system has ever appeared in a Dragon’s Den episode, but we were unable to find any proof to support that claim.

Elon Musk

No. Popular investor and business tycoon Elon Musk is well-known for being the CEO of Tesla and SpaceX, two major producers of electric vehicles. He invested in Bitcoin and started the Boring Company. However, there is no hard evidence demonstrating Musk’s connection to Bitcode AI.

Jeremy Clarkson

No. English broadcaster, game show host, and farmer Jeremy Clarkson. There are allegations that Clarkson supports Bitcode AI, however they are unfounded and misleading.

Holly Marie Willoughby

TV host Holly Marie Willoughby is well-known in the UK. Millions of admirers love her for her amazing role. According to rumors, she has bitcoin investments and publicly favors unidentified cryptocurrency trading platforms. However, based on our study, we were able to disprove these myths.

Idris Elba

Idris Elba, a Grammy-winning singer and actor, is among the most well-known people to have ever appeared on our screens. He has a large following thanks to his work on numerous Hollywood blockbusters.

Rumors of his connections to the Bitcode AI trading system are untrue, despite the fact that he has previously been associated with numerous products and companies.

Ant McPartlin

It’s rumored that Ant McPartlin has holdings in Bitcoin and other digital assets. It is rumored that Ant McPartlin has holdings in Bitcoin and other digital assets. He is quite active as an actor, musician, and producer of one of Britain’s best TV shows when he isn’t investing.

Our team began investigating to see if any of the rumors connecting Ant McPartlin to the Bitcode AI system were accurate. We have confirmed that these rumors are untrue and unsupported based on our research.

Nicole Kidman

We could not find anything connecting Nicole Kidman to Bitcode AI.

Trevor Noah

Famous comedian Trevor Noah is the current host of the Daily Show. His alleged support for the Bitcode AI software has just surfaced. Some individuals even think that his investments in cryptocurrencies are how he amassed his wealth.

This rumor was debunked by our staff after carefully examining his biography, particularly his prior investments. The comic made his money from his comedic skills and his work on the Daily Show, where he makes more than many other comedians.

Gordon Ramsey

Because of his contributions to the food and entertainment industries, Gordon Ramsay is quite well known. He has also gathered a sizable following on social media as a result of his appearances on numerous cooking programs, including Hell’s Kitchen.

The Bitcode AI platform is only one of the many companies and brands that have been associated with the king of food and entertainment.

We spent hours looking for a link between Gordon Ramsay and Bitcode AI, but none could be found.

Is It Possible to Withdraw Earnings?

Since Bitcode AI lacks a digital wallet to hold trader funds, withdrawals from it are not possible. Your earnings will be withheld through the broker it is connected with. Here are the detailed instructions for withdrawing your money through a broker connected to Bitcode AI after that.

Use your username and password to log into your trading account on the broker’s platform.

Click withdraw funds after visiting the broker’s digital wallet where your cryptocurrencies are held.

Select your desired payment method from the offered alternatives before starting the withdrawal procedure.

Put in the amount you want to withdraw.

Verify the information, then start the procedure. Within 24 hours, your money will be credited to the account of your choice.

Some brokers will not let payouts made using cryptocurrencies because they are not recognized as legal cash in the majority of nations. This is why you may convert your cryptos into a variety of fiat currencies and effectively withdraw your money.

What are the fees for Bitcode AI?

It is crucial to take its commissions into account if you wish to invest with Bitcode AI. In this case, you are not required to make any payments. According to the Bitcode AI website, the platform is totally free and has no further costs.

This is one of the nicest features of Bitcode AI that we have seen because it makes sure that trading is as profitable as it can be. The only thing to keep in mind is that Bitcode AI works with brokers, and depending on the platform, they might use their spread to make trading easier.

In order to compute the largest return possible and avoid going home empty-handed, it is therefore advisable to examine the entire problem of costs before employing Bitcode AI.

Account Opening Fee: No
Commissions: No
Inactivity Fee: No
Monthly Account Fee: No
Additional Charges: No 

FAQs How Does Bitcode AI Work? What Is It?

In order to forecast market moves and profit from them, Bitcode AI is an automated trading program. In order to ensure that you profit from this coin’s price swings, Bitcode AI constantly analyzes the price of the major cryptocurrencies. When it notices a strong upswing (or decline) and its magnitude, it buys (or sells) in accordance. Bitcode AI is extremely accurate thanks to these machine learning-derived decision-making algorithms, even in the absence of any input data!

What Sort of Profit Can I Expect From Bitcode AI?

You should consider your capital and leverage. If you invest all of your available money in your trade, an 85% success rate will yield a profit of between EUR 8500 and EUR 9000. On the other hand, if only 10% is traded but that amount is subsequently multiplied by, say, 50:1, that same trader can anticipate profit margins of at least 150%. Make sure you understand the dangers associated with trading and only spend money you can afford to lose.

Is it free to use Bitcode AI?

Bitcode AI always offers free account opening, which is frequently a huge benefit for traders who don’t have a sizable budget right from the bat.


Bitcoin Bank Review 2022: Is It A Scam?

Trading robot Bitcoin Bank enables users to execute trades in the cryptocurrency and FX markets automatically. The platform was created by fintech specialists and traders, according to the website, which does not reveal the names of its founders. The platform promises that its software has a 99.4% success record and has won trading accolades, however, […]

Trading robot Bitcoin Bank enables users to execute trades in the cryptocurrency and FX markets automatically. The platform was created by fintech specialists and traders, according to the website, which does not reveal the names of its founders.

The platform promises that its software has a 99.4% success record and has won trading accolades, however, we have had difficulty verifying these claims. In this review of Bitcoin Bank, we will examine the validity of these assertions and go over the features and services offered by the robot.

Our Verdict

The versatile and flexible bitcoin trading bot known as Bitcoin Bank gives users access to the market. The bot provides access to demo trading and contracts for differences (CFDs) using cryptocurrencies as the base currency. Its authors claim that it is totally free.

We were unable to verify some of the claims made by Bitcoin Bank’s creators. When communicating with the bot, we advise exercising caution. In addition to reading our evaluation, you can discover more about Bitcoin Bank by using the demo trading feature or by checking out customer reviews.

Bitcoin Bank Pros and Cons Pros

According to the website there are no transaction or hidden fees

Offers a demo account for testing and training

No lengthy identity checks

Cons

No Bitcoin Bank app

Is Bitcoin Bank a Scam?

Bitcoin Bank’s software seems to operate as intended. However, the lavish claims made on its website are simply too good to be true. Your money is always at danger while trading in the bitcoin or forex markets, even though Bitcoin Bank’s software seems to work as advertised. There are no guarantees in the financial markets, and the website’s assertion that novice traders may make $1,000 per day in profit is simply too good to be true. The robot also asserts that it has won honors from US trading organisations, but we were unable to locate any evidence to support such claims.

Before investing in the cryptocurrency or FX markets, a trader must perform exhaustive due research. The price of an asset can vary in a matter of seconds due to the extreme volatility of the markets.

What Is Bitcoin Bank?

One of the several cryptocurrency robots that work in the sector, Bitcoin Bank guarantees earnings to account holders who put money into Bitcoin. With the money you deposit into your account, the auto trading platform allegedly executes deals using trading bots that are driven by AI technology. According to reports, this system searches cryptocurrency exchanges and keeps an eye on market movements to identify wise bets.

The purpose of cryptocurrency trading applications like Bitcoin Bank is to purchase Bitcoin for a bargain and subsequently sell it for a profit.

To establish a brand-new market of investing opportunities, Bitcoin Bank advises you to attempt auto-trading while the cryptocurrency is still in its infancy and the market is still extremely volatile.

The idea behind the platform is rather straightforward. On the surface, you can start investing in the market without having any prior knowledge of Bitcoin. While the company implies that a Bitcoin investment can change your life, the reality is far more nuanced, especially when it comes to auto trading. To begin with, this form of trading carries a very high risk, especially if you are unable to confirm the legitimacy of the brokers that Bitcoin Bank has associated with.

How Does Bitcoin Bank Work?

The Bitcoin Bank robot uses machine learning and artificial intelligence to manage trades throughout its platform. The goal of the bot is to find trends in market data and make recommendations on when to enter and exit trades.

It is significant to note that when trading, Bitcoin Bank utilizes contracts for difference (CFDs). You have the choice to purchase particular assets, such as Bitcoin, at a future date and at a defined price with the use of these financial derivative instruments. However, always keep in mind that all trading entails risk.

The difference between the asset’s current price and its price at the time the contract expires will decide your profit or loss. You trade CFDs when you utilize Bitcoin Bank. One cannot buy the cryptocurrency itself.

When using this bot to day trade cryptocurrencies, Bitcoin Bank works with a network of cryptocurrency brokers. These brokers are in charge of, among other things, position size, trade management, and trade execution.

Do you wish to learn how to invest in cryptocurrencies without putting in a lot of effort? The Bitcoin Bank robot is a thought-provoking instrument. The partner brokers of the robots will carry out the trades on your behalf once you have made the minimal deposit into your Bitcoin Bank account.

The website claims that this trading robot has a 60% success rate. The staff of the Bitcoin Bank claims that this sum. We advise exercising caution because trading cryptocurrency is risky and the market is extremely volatile.

Bitcoin Bank Overview

Minimum Deposit: €250
Claimed Success Rate: 99%
Supported Cryptocurrencies: BTC
Mobile App?: No
Fees: None

Key Features of Bitcoin Bank Low-cost Trading Bot

Bitcoin Bank does not charge extra fees to customers for trading. This means that even on profitable deals, they don’t get any commissions. Bitcoin Bank stands out as one of the best Bitcoin robots for traders given that many trading bots take a cut of profitable trades.

The affiliate brokers of the bot may demand a fee for their services, so you should be informed of that. These costs may include trading commissions or account management fees. Make sure you comprehend these costs completely before working with a broker.

Brokers

Bitcoin Bank collaborates with a network of brokers or bitcoin platforms. Your funds will be under the management of these brokers, who will also be in charge of managing and executing trades. We were unable to find any information on registration details or even the identities of the brokers on the robot’s website.

Demo Account Access

The demo account is accessible to Bitcoin Bank users. Using the demo account, you can test out your strategies and learn more about how the trading bot works. This is quite beneficial because you may test out the service using fictitious money.

Appropriate for beginners

Because it is flexible, Bitcoin Bank helps both new and seasoned traders. Even for beginners, it is simple to develop and operate the trading bot thanks to the platform’s user-friendly interface.

Customer Service

There are numerous dedicated support organizations for crypto robots. The same applies to Bitcoin Bank. The team behind the robot claims to be able to do this because they have a reliable customer service portal.

How to Use Bitcoin Bank – Step-by-Step Guide Step 1: Open an account

You must register on the robot’s platform in order to use its services using the form above. You can log in to the Bitcoin Bank website once verification is finished. In order to familiarize yourself with the robot’s interface, you can try out the demo version before being requested to deposit money.

Step 2: Make a Deposit

You must deposit $250 or more in order to start auto trading. You can start auto trading after the money has been deposited by swiping the sidebar to “On.”

Step 3: Monitor Trading Bot

If you have autotrading enabled, the robot will look for prospective trades on your behalf and carry them out through the broker’s interface. A trader may also choose manual trading and define the criteria for initiating or terminating a deal.

Bitcoin Bank vs other Trading Robots

Minimum Deposit: $250 (in-line with other trading bots and platforms)

Success Rate: 99.4% (much higher than other platforms like Immediate Edge with 90%)

Can you make money with Bitcoin Bank?

The goal of Bitcoin Bank’s automated trades and investments is to increase your chances of success. The bot does not, however, assure earnings, and precautions must be taken to lessen dangers in the cryptocurrency market. If you’re a newcomer to the industry, do extensive market research and create sound plans that you are confident in and that let you keep your spending under control. This is done so you can simply monitor the bot’s performance and profit from any profitable tendencies the robot might have missed.

Keep in mind that the Bitcoin Bank profits you receive are based on your contributions. Due to the robot’s leverage of 1000:1, you can earn up to $1,000 per day more than the money you invested. Therefore, before you start trading or investing, carefully estimate your possible profits and take into account your tax deductions from the IRS or HMRC.

Tips for new traders

Knowledge is everything while investing. Before actually starting to trade, even a seasoned trader will need to do some market research and analysis on the forex and cryptocurrency markets. Avoid trading using leverage while you’re just getting started because it can result in significant losses and is best avoided until you have more experience. Before choosing to deal with Bitcoin Bank, traders can take into account the following advice.

Discover trading first. The features of the forex and cryptocurrency markets may not resemble those of the stock market to a novice. In order to reduce trading risk, it is always advisable to learn about trading on these markets and be familiar with strategic tools.

Recognize the cryptocurrency and forex markets. The main operations of cryptocurrencies and foreign exchange differ differently from each other and from other marketplaces. You will be obliged to store virtual money in wallets or on the platform if you are not working with a CFD broker. Therefore, find out how to establish security for your crypto assets.

Utilize a demo account to practice. Even if you have experience with forex or cryptocurrency trading, you should practice and open a demo account. This enables you to become familiar with the robot’s features.

Begin modestly. Always begin modest and expand your portfolio over time. Long-term investment plans are consistently the best ones.

If you can afford to lose money, invest it. Both the forex and cryptocurrency markets are risky and prone to volatility. As a result, the first and most important trading guideline is to only invest money that you can afford to lose.

Has Bitcoin Bank Been Endorsed by Celebrities? Dragons Den – Peter Jones, Deborah Meaden

No. A TV reality program called Dragons Den connects aspiring businesspeople with well-known ones throughout the world for finance and partnerships. There have been numerous episodes of the show so far, but none of them are focused on Bitcoin Bank. Although Bitcoin Bank and Dragons Den have not been specifically mentioned as of the time of writing, we have included them nonetheless because this is a program that is frequently mistakenly linked to cryptocurrency trading robots.

Elon Musk

No. Elon Musk is the CEO of Tesla and SpaceX as well as a Bitcoin investor. Because of this, many people think he is connected to Bitcoin Bank. According to our study, there is no evidence that Musk supported or employed this robot to automate his investments.

Jeremy Clarkson

Despite claims and assertions, our research could not find a single shred of evidence backing up the fact that Jeremy Clarkson may have endorsed the Bitcoin Bank website.

Holly Marie Willoughby

Despite claims and assertions, our research could not find a single shred of evidence backing up the fact that Holly Marie Willoughby may have endorsed the Bitcoin Bank account.

Idris Elba

Despite claims and assertions, our research could not find a single shred of evidence backing up the fact that Idris Elba may have endorsed the Bitcoin Bank website.

Ant McPartlin

Despite claims and assertions, our research could not find a single shred of evidence backing up the fact that Ant McPartlin may have endorsed the Bitcoin Bank app.

Nicole Kidman

Despite claims and assertions, our research could not find a single shred of evidence backing up the fact that Nicole Kidman may have endorsed the Bitcoin Bank app.

Trevor Noah

Despite claims and assertions, our research could not find a single shred of evidence backing up the fact that Trevor Noah may have endorsed the Bitcoin Bank crypto trading platform.

Gordon Ramsey

No. Gordon Ramsay is a well-known British television presenter and celebrity chef. He has a fascination with cryptocurrencies, and there have been reports linking him to Bitcoin Bank. According to what we have discovered, he has neither sponsored Bitcoin Bank nor is he affiliated to the robot.

Is It Possible to Withdraw Earnings?

Your assets and earnings cannot be stored in a bitcoin wallet provided by Bitcoin Bank. Your funds can only be accessed through the brokers because it is linked to them and stores them there. The steps for taking your money out after it has been earned through automated trades and investments at Bitcoin Bank are listed below.

Log into your trading or investment account on the platform of a broker that is connected to Bitcoin Bank.

Go to your wallet and select withdraw to begin the withdrawal procedure.

Choose your preferred payment option—PayPal or a bank—and enter it.

Enter the desired withdrawal amount.

The withdrawal procedure, which could take up to 24 hours to complete, can be started by clicking proceed.

Remember that the majority of cryptocurrency brokers do not accept settlements in crypto assets, hence Bitcoin Bank accepts a number of fiat currencies to make the withdrawal process as simple as possible. Choose your favorite fiat currency as a result to make a successful withdrawal.

What are the fees for Bitcoin Bank?

Charges play a significant role in cryptocurrency trading. Here is a summary of the cryptocurrency robot’s fees structure from the website for our Bitcoin Bank review:

According to the Bitcoin Bank website, there are no costs associated with using the service. Profits earned are entirely yours. What is actually yours, though, is what’s left after your brokers’ fees are subtracted. Beyond the initial $250 deposit, you are under no obligation to hold onto or give Bitcoin Bank any additional funds.

Transaction Fees: None
Trading Commissions: None
Account Maintenance Fees: None
Hidden charges: None

FAQs Is the Bitcoin Bank regulated?

It’s difficult to express this. On the Bitcoin Bank website, we couldn’t find much information about brokers and exchanges that are subject to regulation. However, as we have already indicated, we advise you to stay away from any brokers who offer absurdly high leverage on your deposit because they are almost certainly unregulated. CySec, FCA, ASIC, and FSB are the top regulators of cryptocurrency traders; seek any of these organizations before doing business with any dealer.

Is Bitcoin Bank safe?

Your personal information is technically safe at Bitcoin Bank because SSL encryption is used to protect it. We cannot, however, ensure that your money will be secure and that you will benefit due to the problems with the difficult withdrawal process and the high level of risk associated with leveraged transactions.

How user-friendly is Bitcoin Bank?

The navigation of the app itself, Bitcoin Bank, is simple. The user interface is elegant and rather simple. Fast account creation is likely a result of the company’s desire for you to deposit money and start trading. Use a demo account to practice trading without using real money if the Bitcoin Bank site is confusing you.

Saturday, 24. September 2022

Elastos Foundation

Elastos Bi-Weekly Update – 23 September 2022

...

SelfKey Foundation

SelfKey offshore bank accounts Marketplace

You can instantly open a foreign bank account from crypto using the SelfKey Bank Accounts Marketplace. The post SelfKey offshore bank accounts Marketplace appeared first on SelfKey.

You can instantly open a foreign bank account from crypto using the SelfKey Bank Accounts Marketplace.

The post SelfKey offshore bank accounts Marketplace appeared first on SelfKey.

Friday, 23. September 2022

FIDO Alliance

SC Magazine: Five ways security teams can respond to the Uber breach

How should security leaders respond to the Uber breach? Traditional MFA doesn’t work, so put your company on a FIDO U2F or a passwordless FIDO2 journey. The post SC Magazine: Five ways security teams can respond to the Uber breach appeared first on FIDO Alliance.

How should security leaders respond to the Uber breach? Traditional MFA doesn’t work, so put your company on a FIDO U2F or a passwordless FIDO2 journey.

The post SC Magazine: Five ways security teams can respond to the Uber breach appeared first on FIDO Alliance.


ComputerWorld: NCSC publishes cyber guidance for retailers

The UK’s National Cyber Security Centre (NCSC) has published explicit guidance designed to support retailers, hospitality providers and utility services in protecting both themselves and their customers from the growing […] The post ComputerWorld: NCSC publishes cyber guidance for retailers appeared first on FIDO Alliance.

The UK’s National Cyber Security Centre (NCSC) has published explicit guidance designed to support retailers, hospitality providers and utility services in protecting both themselves and their customers from the growing impact of cyber-crime. The guidance emphasizes the need to add extra layers of security on top of passwords, such as multi-factor authentication, OAuth 2.0 or single sign-on, FIDO2, or one-time passcodes.

The post ComputerWorld: NCSC publishes cyber guidance for retailers appeared first on FIDO Alliance.


Journal du net: How FIDO keys will accelerate a password-free future

The FIDO Alliance is an open standard that allows users to authenticate themselves via a highly secure, phishing-resistant and easy-to-implement cryptographic login. The post Journal du net: How FIDO keys will accelerate a password-free future appeared first on FIDO Alliance.

The FIDO Alliance is an open standard that allows users to authenticate themselves via a highly secure, phishing-resistant and easy-to-implement cryptographic login.

The post Journal du net: How FIDO keys will accelerate a password-free future appeared first on FIDO Alliance.


NZZ Magazine: The end of the password search

Apple is not cooking up its own security soup when implementing passkeys. The passkey integration is based on the open standard WebAuthn of the FIDO Alliance. The post NZZ Magazine: The end of the password search appeared first on FIDO Alliance.

Apple is not cooking up its own security soup when implementing passkeys. The passkey integration is based on the open standard WebAuthn of the FIDO Alliance.

The post NZZ Magazine: The end of the password search appeared first on FIDO Alliance.


SelfKey Foundation

Soulbound NFTs

SoulBound NFT’s significant characteristics show how crucial non-transferable NFTs will be for the growth of Web3. The post Soulbound NFTs appeared first on SelfKey.

SoulBound NFT’s significant characteristics show how crucial non-transferable NFTs will be for the growth of Web3.

The post Soulbound NFTs appeared first on SelfKey.


Digital Scotland

Scotland’s Blockchain Industry Grows From Strength to Strength

Scotland's Blockchain sector has blossomed from nothing into a major global presence. The post Scotland’s Blockchain Industry Grows From Strength to Strength appeared first on digitalscot.net.

When I first started this site a few years back Scotland’s Blockchain industry was non-existent. Given it’s critical role as a foundation technology for a digital society this was disappointing and concerning.

On a podcast in 2021 Zumopay stated the lofty ambition for Scotland to become Europe’s Blockchain capital, and this would have seemed like nothing more than a pipe dream.

However when you consider the evolution of the sector over just the last year or two, you can see that the roots have formed such that this is actually now an achievable goal.

Highlights include:

Zumopay themselves are of course a keynote exemplar. Just one year on from their £1.3m seed round they reported a 100x year on year user growth, are pioneering the decarbonization of crypto, and have launched a B2b ‘Crypto-as-a-Service’ platform. CD Corp is making the very smart move to specialize in helping small businesses integrate NFT’s into their business model. Following on from their Whisky Barrel client win they just announced a new project with Aberfam. In Nov 2020 Siccar raised a £1.3m funding round, and in July 2021 Blockchain Technology Partners raised £2m. Both specialize in the massive enterprise Blockchain market, addressing requirements such as secure data sharing and distributed ledger, smart contract, provenance, and cloud technologies. Nov 2021 – Carbon Based Lifeforms launched as a new game studio with $1.7m funding, announcing Project Gateway, a MMO/RPG underpinned by a Bitcoin and NFT asset-based play-to-earn, player-owned market economy. Executives from one of Scotland’s giant tech successes Fanduel have also expanded into the sector, launching Vault and BetDEX. Both are innovating atop the Solana Blockchain platform, building a creator platform where fans unlock access to exclusive content by owning the key to a creator’s vault and a decentralized sports betting exchange.

A relatively short list but the breadth and depth of these ventures is considerable, each market they serve alone is very large, from enterprise technologies through global betting. BetDEX in particular is the heavyweight player, raising a massive $21m seed round from world-class investors and leading the development of the Monaco sports betting protocol.

What more can we do?

Given this leap from nothing to a very significant industry footprint it begs the question what more can we do? If this is ‘first gear’ for Scotland’s Blockchain industry, what would it look like to step up through gears two, three and beyond, what benefits would that bring and how can we make it happen?

Naturally each is focused on their individual business success, but what could be achieved if we consolidated our efforts to grow their collective success and further expand the industry as a whole?

Join in the discussion on Twitter:

Scotland's #Blockchain Industry Grows From Strength to Strength.

What more can be done?

Featuring @zumopay, @vaultapp_, @BetDEXLabs, @tprstly, @SiccarNet, @blockchaintp, @cdcorp__. https://t.co/VgGrtiO9va via @DigitalscotNews

— Digital Scotland (@DigitalscotNews) September 23, 2022

The post Scotland’s Blockchain Industry Grows From Strength to Strength appeared first on digitalscot.net.


Whisky on the Blockchain – Scottish Innovators Pioneer World’s First Single Cask Scotch with a Digital Provenance Certificate

The single most important project relative to the goals of the Scottish Blockchain Network has been pioneered by The Whisky Barrel and their tech experts CD Corp. It’s so important because the primary challenge the industry faces is that it can be an extremely confusing, jargon-filled sector, to the extent it’s perceived as a very … The post Whisky on the Blockchain – Scottish Innovators Pioneer

The single most important project relative to the goals of the Scottish Blockchain Network has been pioneered by The Whisky Barrel and their tech experts CD Corp.

It’s so important because the primary challenge the industry faces is that it can be an extremely confusing, jargon-filled sector, to the extent it’s perceived as a very cliquey community populated only by hard-core techies and is thus inaccessible, and critically, irrelevant to others especially businesses.

Therefore’s it’s essential to showcase case studies that explain in plain english how businesses are adopting the technology, what use case it has been employed for and what benefits this has brought the company.

The Whisky Barrel project demonstrates i) how they have integrated it into and enhanced their e-commerce strategy, and ii) the technology field is still so young that it’s possible to achieve world firsts, and thus significant competitive advantage and associated PR potential.

As Insider reported they have released one of the world’s first single-cask Scotch whiskies with a digital provenance certificate, using Non-Fungible Tokens (NFTs) to digitally certify its whisky, which securely transmits essential product information on a public ledger, helping collectors and connoisseurs alleviate the risk of investing in counterfeit whisky.

Each of the 152 individually-numbered bottles feature a unique QR code that links to its corresponding digital certificate. This token provides digital proof of ownership, as well as the provenance of each bottle. Each NFT is minted on the Solana blockchain platform, which was chosen for its carbon-neutral and low-energy consumption qualities.

Our friends @DramzCrypto have put together a wee video further explaining our unique authentication project for #Scotch #whisky.

Starting with our very own >>>https://t.co/gBngOrDfz9 pic.twitter.com/BFBU0vgIVa

— TWB | TheWhiskyBarrel.com (@WhiskyBarrel) March 10, 2022

 

The post Whisky on the Blockchain – Scottish Innovators Pioneer World’s First Single Cask Scotch with a Digital Provenance Certificate appeared first on digitalscot.net.


OpenID

Public Review Period for Proposed Final Initiating User Registration via OpenID Connect Specification

The OpenID Connect Working Group recommends approval of the following specification as an OpenID Final Specification: Initiating User Registration via OpenID Connect A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision. This note starts the 60-day public review period for the specification draft in accordance [

The OpenID Connect Working Group recommends approval of the following specification as an OpenID Final Specification:

Initiating User Registration via OpenID Connect

A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision. This note starts the 60-day public review period for the specification draft in accordance with the OpenID Foundation IPR policies and procedures. Unless issues are identified during the review that the working group believes must be addressed by revising the draft, this review period will be followed by a seven-day voting period during which OpenID Foundation members will vote on whether to approve this draft as an OpenID Final Specification. For the convenience of members, voting will actually begin a week before the review period ends, for members who have completed their reviews by then.

The relevant dates are:

Final Specification public review period: Thursday, September 22, 2022 to Monday, November 21, 2022 (60 days) Final Specification vote announcement: Tuesday, November 8, 2022 Final Specification early voting opens: Tuesday, November 15, 2022 Final Specification official voting period: Tuesday, November 22, 2022 to Tuesday, November 29, 2022 (7 days)*

* Note: Early voting before the start of the formal voting will be allowed.

The OpenID Connect working group page is https://openid.net/wg/connect/. Information on joining the OpenID Foundation can be found at https://openid.net/foundation/members/registration. If you’re not a current OpenID Foundation member, please consider joining to participate in the approval vote.

You can send feedback on the specification in a way that enables the working group to act upon it by (1) signing the contribution agreement at https://openid.net/intellectual-property/ to join the working group (please specify that you are joining the “AB/Connect” working group on your contribution agreement), (2) joining the working group mailing list at https://lists.openid.net/mailman/listinfo/openid-specs-ab, and (3) sending your feedback to the list.

— Michael B. Jones – OpenID Foundation Board Secretary

The post Public Review Period for Proposed Final Initiating User Registration via OpenID Connect Specification first appeared on OpenID.

Thursday, 22. September 2022

ResofWorld

A government-run delivery app was built to fight a tech monopoly in Brazil. So why was it banned?

Free-market politicians argue that a government-controlled app is unfair competition.
When the Rio de Janeiro government announced it was developing an app to compete with last-mile delivery services, councilman Pedro Duarte grew suspicious. As the president of the city council’s...

The Engine Room

Join our community call: digital rights & climate justice

Join our community call about the intersections of digital rights, tech, and climate justice, on October 18! The post Join our community call: digital rights & climate justice first appeared on The Engine Room.

In July, we published our report exploring the intersections of digital rights, tech, and climate justice. It’s been wonderful to hear from readers on what findings from our research you’ve found useful for your own work. 

We’d like to keep the exchange going with an interactive discussion sharing our main findings and collaboratively plotting a course for further future work in this urgent area, so we’re hosting a community call October 18, at 5-6pm CET. Whether you’re working primarily in the climate justice space or the digital rights space, or are just interested in the topic, we’d love to see you there! 

What will we discuss?

In our research, we focused on a number of intersections of digital rights and climate justice, and identified priority areas for further digital rights engagement and collaboration. In the call, we want to hone in on two 2 specific issue areas with you:

Climate intelligence: From long-standing environmental data initiatives to newer ‘AI for climate’ and ‘AI for planet’ efforts, governments, corporations and communities seek to harness digital data to monitor biodiversity and forecast future climate events with greater accuracy. How do you think the digital rights community can best support existing community-driven efforts and deepen its engagement on AI and sustainability issues? How might responsible data principles contribute to data governance discussions in this space? Decarbonizing tech: In recent years, a number of tech companies have pledged carbon neutrality and greater sustainability. Yet, meaningfully measuring and mitigating the climate and environmental impacts of tech remains a challenge. What do you think are the main priorities for digital rights community engagement to ensure tech sustainability efforts are supporting climate justice? 

To register for this session, please sign up here. The call will happen on October 18, at 5-6pm CET and it will be held in English. 

Explore our research findings:

Before joining the call, make sure you take a look at our research findings!

Download the executive summary [English, PDF] Download the full report [English, PDF] Read our ‘info sheets‘ (especially #1 and #4), offering a snapshot of one of the key intersections we cover in our report: Infosheet #1 | ‘Sustainable’ internet and tech Infosheet #2 | Access to information and information disorder Infosheet #3 | Safety and defence Infosheet #4 | Data-driven monitoring to understand current and future environments Infosheet #5 | Migration justice Sign up to the ‘Propeller’ email series highlighting the main findings of this report.

If you’re working on issues related to the intersection of climate justice and digital rights, we’d love to hear from you! Email us at hello[at]theengineroom[dot]org.

The post Join our community call: digital rights & climate justice first appeared on The Engine Room.

ResofWorld

Why India’s small sellers still don’t trust Amazon

Despite the platform's years-long efforts to woo small retailers and traders, many still suspect Amazon of unfair practices.
In October 2021, Reuters published a bombshell investigation, alleging that Amazon was making knockoffs of products by Indian sellers on its website and selling them under its own labels. An...

SelfKey Foundation

SelfKey Marketplace

A variety of financial, corporate, citizenship, and crypto services are available through the SelfKey Marketplace, and users can compare, contrast, and instantaneously sign up for them. The post SelfKey Marketplace appeared first on SelfKey.

A variety of financial, corporate, citizenship, and crypto services are available through the SelfKey Marketplace, and users can compare, contrast, and instantaneously sign up for them.

The post SelfKey Marketplace appeared first on SelfKey.


ResofWorld

TikTok creators are condensing Hollywood movies into minutes and getting millions of views

With machine translation, dubbing apps, and VPNs, Chinese creators are shortening movies for Americans.
If you don’t have time to start that movie you’ve always wanted to watch, a new set of TikTok accounts has a solution. “This woman knocked over everything in the...

Lissi

Event tickets as verifiable credentials

This article explains how verifiable credentials can be used to benefit event organizers and visitors alike based on a practical usage of the Lissi team. Introduction Currently, the majority of event tickets are issued in paper form or as .pdf files, which contain the relevant information about the event as well as the visitor. However, since these files can be easily transferred to an

This article explains how verifiable credentials can be used to benefit event organizers and visitors alike based on a practical usage of the Lissi team.

Introduction

Currently, the majority of event tickets are issued in paper form or as .pdf files, which contain the relevant information about the event as well as the visitor. However, since these files can be easily transferred to another person, a personalisation of the ticket in combination with a verification of an identity document at the entrance is required to ensure that the buyer and visitor are the same person. This creates unnecessary overhead and complications for both the visitor and organizer. Therefore, we propose using verifiable credentials to avoid ticket scalping and provide direct access to online resources with the ticket.

Benefits of using verifiable credentials for tickets Ownership binding and verifiability — tickets are bound to a specific owner and are not transferable Prevention of ticket fraud — tickets are digitally signed by an issuer Usage of the ticket for authentication (e.g. to access a digital stream, online presentations etc.) — Your ticket is your username and password! Avoiding ticket scalping and ticket bots and therefore retain control over the secondary market — tickets are bound to a specific person and are not transferable Directly communicate with a user in a messenger like way — a peer-to-peer connection between the event organizer or ticketing provider is being established and can be used for the exchange of further information Cheap and convenient user identification and the possibility to verify multiple credentials at the same time (e.g. ticket, covid test, studentID, etc.) How it works:

The user registers for an event via a website. For our pilot integration we used an established ticketing provider for the registration process. However, this process can also be fully executed based on decentralized identifiers and verifiable credentials. We sent an e-mail containing the required steps to derive the ticket into a wallet, which supports verifiable credentials. The following screens illustrate the process of receiving the ticket and presenting it to a verifier such as an access control authority at a physical event.

Illustration of the user flow of using the event ticket with Lissi. The verification process

As illustrated in the flow the access authority presents an QR-code, which is scanned by the visitor. Once scanned with the wallet, the visitor is requested to share his or her ticket (as well as additional information if required). Given the visitor agrees to share the information the verification status (valid / invalid) is presented as well as the attributes of the ticket. The access authority can use any device, which supports a web application (such as an laptop, mobile phone etc.) to verify the tickets of the visitor.

Our experience with verifiable tickets

We used verifiable tickets as part of our monthly Between the Towers event series. It was visited by around 70 people. While the download of the Lissi Wallet and derivation of the verifiable ticket was optional, more than 90 percent of visitors got the verifiable ticket in advance. While there were minor user experience issues (mainly due to work profiles on the phone) the vast majority of visitors were very satisfied with the user experience.

During the verification process most of the users started to show the verifiable credential within the wallet instead of directly scanning the QR-code presented, because the concept of scanning a QR-code to present a credential isn’t intuitive to users yet. However, once users present a credential with the wallet they understand how the process works.

Possible expansion for future events: Identification of the visitor in advance of the ticket purchase. Issuance of a picture of the visitor as part of the ticket. Usage of the ticket for the authentication (login) to an online platform. Communication with the visitor Provision of further information to the visitor via direct communication channel Usage of the ticket for discounted access (e.g. 10 % discount for the ticket next year)

If you are interested in diving deeper into the topic, the research paper “Exploring the use of self‑sovereign identity for event ticketing systems” by Simon Feulner, Johannes Sedlmeir, Vincent Schlatt and Nils Urbach will provide a great overview.

We would be delighted to hear your ideas about the usage of verifiable tickets in your next events. Write us about your event idea via info@lissi.id

About Lissi

Lissi provides convenient applications for companies and organizations to receive, organize and share trusted data from end users while respecting privacy and data sovereignty. This includes the Lissi Wallet as well as our applications for organisations. You can find more information on our Website.


ResofWorld

South Korea scrambles to challenge Biden’s made-in-America EV policy

Hyundai and Kia are the second-biggest EV sellers in the U.S. The Inflation Reduction Act threatens all of that.
Kwon Oh-hwan, a Hyundai Motor worker and labor organizer for more than a decade, says his company has been “stabbed in the back” by recent legislation in the United States....

Wednesday, 21. September 2022

MyData

Skills for creative futures? MyData starts the Cyanotypes project.

MyData Global has joined 19 expert organisations to provide a solid basis for the development of a strategic approach to researching, anticipating, co-creating, stress-testing and integrating new and concrete skills development solutions that can be adopted across the creative sector. Please welcome, the CYANOTYPES project.
MyData Global has joined 19 expert organisations to provide a solid basis for the development of a strategic approach to researching, anticipating, co-creating, stress-testing and integrating new and concrete skills development solutions that can be adopted across the creative sector. Please welcome, the CYANOTYPES project.

GS1

GS1 Switzerland – firstbase

GS1 Switzerland – firstbase glenda.fitzpatrick Wed, 09/21/2022 - 17:03 GS1 Switzerland – firstbase GS1 Switzerland - firstbase (powered by b-synced) Global Item Cornelia Willutzki Email: cornelia.willutzki@gs1.ch Tel. +41 58 800 72 84 Technical support email: 
GS1 Switzerland – firstbase glenda.fitzpatrick Wed, 09/21/2022 - 17:03 GS1 Switzerland – firstbase

GS1 Switzerland - firstbase (powered by b-synced)

Global Item

Cornelia Willutzki

Email: cornelia.willutzki@gs1.ch

Tel. +41 58 800 72 84

Technical support email: solutions@gs1.ch

Both

GS1 Switzerland

Monbijoustrasse 68
3007 Bern

Switzerland

1 https://www.gs1.ch/ https://www.gs1.ch/ 3 BAYARD - b-synced Yes

Next Level Supply Chain Podcast with GS1

The Phygital Future of the Supply Chain

The digital and physical world are merging more than ever before. As the supply chain becomes more ‘phygital,’ innovative ways of sharing data – like using verifiable credentials – are helping to build more trust with data along the supply chain. Join us as we chat with Senior VP of Innovation & Partnerships at GS1 US, Melanie Nuce, as we explore what’s around the corner and how standards play

The digital and physical world are merging more than ever before. As the supply chain becomes more ‘phygital,’ innovative ways of sharing data – like using verifiable credentials – are helping to build more trust with data along the supply chain. Join us as we chat with Senior VP of Innovation & Partnerships at GS1 US, Melanie Nuce, as we explore what’s around the corner and how standards play a crucial part in the phygital supply chain.


ResofWorld

How TikTok became an e-commerce juggernaut in China

The company made the right bets on live shopping, but it's struggled to bring that success overseas.
TikTok looked to storm onto the e-commerce scene this year, and its ambitions were widely telegraphed. A “game changer,” one investor called it — natural to believe, since, as Douyin...

Digital Identity NZ

Towards a Better Digital Identity Trust Framework in Aotearoa

It’s a great pleasure to share with you DINZ Reflections Report, a seminal piece of work that DINZ’s Digital Identity Trust Framework working group has developed over several months. The post Towards a Better Digital Identity Trust Framework in Aotearoa appeared first on Digital Identity New Zealand.

It’s a great pleasure to share with you DINZ Reflections Report, a seminal piece of work that DINZ’s Digital Identity Trust Framework working group has developed over several months. While Trust Frameworks are not a novel concept, their application to the digital identity space is much more recent, and new to Aotearoa. 

DINZ’s Reflections Report is industry’s response to the Final Report published in April by the Select Committee members of the Economic Development, Science and Innovation Committee that responds to and makes recommendations based on the submissions made on the Digital Identity Services Trust Framework Bill at the end of last year. The Select Committee is not expert in the subject matter of Digital Identity Trust Frameworks. However DINZ does have essential subject matter and operational expertise with an inherent obligation to share its experience for better outcomes in Aotearoa. DINZ welcomes the continued passage of the bill through Parliament recognising that the opportunity to change it substantially during this period is small. It is more likely that the detail contained in the DINZ Reflections Report will be considered once the regulatory operation of the Act is underway.     

It is a classic example of the demonstrable value of DINZ – Aotearoa’s own digital identity industry association – and for that matter all associations operating under the NZ Tech Alliance banner. DINZ’s members comprise both local and international digital identity service providers, providers of identity and eligibility attributes, relying parties and individual subject matter experts. Many have first-hand overseas experience of Trust Framework operations in digital identity and in other domains that can inform the future of Trust Framework operations and conversations around Digital Trust more broadly in Aotearoa. 


Be it submissions, responses to consultation papers, or reports like this Reflections Report, each participating member leaves their vested interest at the door to voluntarily pool their skills and knowledge in pursuit of better outcomes for all New Zealanders.

Read more here.

The post Towards a Better Digital Identity Trust Framework in Aotearoa appeared first on Digital Identity New Zealand.


OpenID

Notice of Vote for Fourth Implementer’s Draft of OpenID Connect for Identity Assurance Specification

The official voting period will be between Tuesday, October 4, 2022 and Tuesday, October 11, 2022, following the 45 day review of the specification. For the convenience of members, voting will actually open on Monday, September 26, 2022 for members who have completed their reviews by then, with the voting period still ending on Tuesday, […] The post Notice of Vote for Fourth Implementer’s Draft o

The official voting period will be between Tuesday, October 4, 2022 and Tuesday, October 11, 2022, following the 45 day review of the specification. For the convenience of members, voting will actually open on Monday, September 26, 2022 for members who have completed their reviews by then, with the voting period still ending on Tuesday, October 11, 2022.

The eKYC and Identity Assurance Working Group page is https://openid.net/wg/ekyc-ida/. If you’re not already a member, or if your membership has expired, please consider joining to participate in the approval vote. Information on joining the OpenID Foundation can be found at https://openid.net/foundation/members/registration.

The vote will be conducted at https://openid.net/foundation/members/polls/281.

– Michael B. Jones, OpenID Foundation Secretary

The post Notice of Vote for Fourth Implementer’s Draft of OpenID Connect for Identity Assurance Specification first appeared on OpenID.

ResofWorld

Google rolls the dice with gambling apps

After years of stalling, Google will allow gambling apps on the Play store in India, but the move isn't without controversy.
Earlier this month, Google launched a one-year pilot that will allow certain types of real-money games such as rummy and fantasy sports to be available on its Play store in...

Tuesday, 20. September 2022

Oasis Open Projects

Call for Consent for Secure QR Code Authentication Version 1.0 as OASIS Standard

Describes the use of QR Codes and a mobile phone as a replacement for a username and password The post Call for Consent for Secure QR Code Authentication Version 1.0 as OASIS Standard appeared first on OASIS Open.

Call to the primary or alternate representatives of OASIS Organizational Members to consent or object to this approval opens.

The Electronic Secure Authentication (ESAT) TC members [1] have approved submitting the following CS01 to the OASIS Membership in a call for consent for OASIS Standard:

Secure QR Code Authentication Version 1.0
Committee Specification 01
01 July 2022

This is a call to the primary or alternate representatives of OASIS Organizational Members to consent or object to this approval. You are welcome to register your consent explicitly on the ballot; however, your consent is assumed unless you register an objection [2]. To register an objection, you must:

Indicate your objection on this ballot, and Provide a reason for your objection and/or a proposed remedy to the project.

You may provide the reason in the comment box or by email to the TC on its comment mailing list [2]. If you provide your reason by email, please indicate in the subject line that this is in regard to the Call for Consent. Note that failing to provide a reason and/or remedy may result in an objection being deemed invalid.

Description

The specification describes the use of QR Codes and a mobile phone as a replacement for a username and password in user login authentication. An alternative to passwords that includes QR Codes is described, and typical use cases are described. This document also provides an overview and context for using QR Codes for security purposes.

In addition, the document specifies a “Secure QR Code Authentication Protocol” (SQRAP) and assesses the related security threats and risks.

Details

The Call for Consent opens at 21 September 2022 00:00 UTC and closes on 04 October 2022 23:59 pm timezone. You can access the ballot at:

Internal link for voting members: https://www.oasis-open.org/apps/org/workgroup/voting/ballot.php?id=3728

Publicly visible link: https://www.oasis-open.org/committees/ballot.php?id=3728

OASIS members should ensure that their organization’s voting representative responds according to the organization’s wishes. If you do not know the name of your organization’s voting representative is, go to the My Account page at

http://www.oasis-open.org/members/user_tools

then click the link for your Company (at the top of the page) and review the list of users for the name designated as “Primary”.

More Information

The Project received 3 Statements of Use from HYPR, Trusona, and CVS [3].

URIs
The prose specification document and related files are available here:

Editable source (Authoritative):
https://docs.oasis-open.org/esat/sqrap/v1.0/cs01/sqrap-v1.0-cs01.docx

HTML:
https://docs.oasis-open.org/esat/sqrap/v1.0/cs01/sqrap-v1.0-cs01.html

PDF:
https://docs.oasis-open.org/esat/sqrap/v1.0/cs01/sqrap-v1.0-cs01.pdf

For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP file at:

http://docs.oasis-open.org/esat/sqrap/v1.0/cs01/sqrap-v1.0-cs01.zip

Additional information

[1] Electronic Secure Authentication (ESAT) TC
https://www.oasis-open.org/committees/esat/

Project IPR page
https://www.oasis-open.org/committees/esat/ipr.php

[2] Comments may be submitted to the TC via the project mailing list at esat-comment@lists.oasis-open.org. To subscribe, send an empty email to esat-comment-subscribe@lists.oasis-open.org and reply to the confirmation email.

All emails to the TC are publicly archived and can be viewed at https://lists.oasis-open.org/archives/esat-comment/

[3] Statements of use

HYPR:
https://www.oasis-open.org/apps/org/workgroup/esat/email/archives/202207/msg00001.html Trusona:
https://www.oasis-open.org/apps/org/workgroup/esat/email/archives/202207/msg00000.html CVS:
https://www.oasis-open.org/apps/org/workgroup/esat/email/archives/202206/msg00009.html

[4] Timeline Summary:

Committee approved submitting the CS01 to the members as a candidate for OASIS Standard on 19 July 2022: https://www.oasis-open.org/committeesapps/ballot.php?id=3718 Committee approved the CS01 on 01 July 2022: https://www.oasis-open.org/committees/ballot.php?id=3713 Committee Specification Draft 01 (CSD01) with 30-day public review approved 25 April 2022: https://www.oasis-open.org/committees/document.php?document_id=69904&wg_abbrev=esat. 30-day public review 01 to be opened on 12 May 2022 and closed on 10 June 2022. Public review announcement: https://lists.oasis-open.org/archives/members/202205/msg00003.html.

The post Call for Consent for Secure QR Code Authentication Version 1.0 as OASIS Standard appeared first on OASIS Open.


ResofWorld

The Zenly implosion: Inside 6 months of tension, culture clash, and conflict

Fearing competition, Snap decided to shut down Zenly rather than sell it.
In early April, Evan Spiegel, the CEO of Snap Inc., wrote an impassioned email to the staff of Zenly, the social mapping platform acquired by Snap in 2017. He praised...

EdgeSecure

Ecosystem for Research Networking

The post Ecosystem for Research Networking appeared first on NJEdge Inc.

The Ecosystem for Research Networking (ERN, formerly the Eastern Regional Network) was formed to simplify multi-campus collaborations and partnerships in the Northeast, in order to advance the frontiers of research, pedagogy, and innovation. The ERN is first and foremost a network of people interested in pursuing this goal, and who use and manage the campus and regional research computing, data, storage and network resources that can make it happen.

Vision & Mission
The vision of the ERN is to simplify, support, catalyze, and foster multi-campus collaborations and partnerships between academic institutions of all types and sizes across the U.S. that advance the frontiers of research, pedagogy, and innovation. The mission of the ERN is to achieve this vision through a consortium of academic institutions, research facilities, core service providers, network providers, and industry partners, both public and private, organized around a shared interest in supporting and enabling collaborative data and computation enabled science/ This is accomplished by providing standards, blueprints, policies, and training associated with the design and implementation of an infrastructure to access data and research instruments, a distributed federated environment designed to simplify, support, catalyze, and foster collaborative science, scholarship, and education. To realize our mission and vision, the ERN will enable collaborations for democratization of access to research instruments, technical expertise, infrastructure, services, and resources to lower barriers to participation for scientists engaged  in collaborative research across institutional and disciplinary boundaries.

ERN Evolution
The ERN was formed in 2017 to address the challenges researchers face when participating in multi-campus team science projects, associated with shared access to research computing and data located within the national cyberinfrastructure ecosystem. The ERN began as a regional effort for two principal reasons: (1) a desire for face-to-face interactions and physical proximity to and access to shared instruments, and (2) a desire to serve the unique characteristics of our region—for example, the Northeast contains eight different state university systems in a geographic area whose size is comparable to that of the state of California, with nine different regional network providers, and close to two-thousand colleges and universities of all types and sizes, many of which are under-resourced or under-represented. As the ERN has grown, we came to realize that by addressing the challenges which we felt were  unique to the region, expanding our scope beyond the Northeast would not entail significant new logistical challenges and may, in fact, be more effectively pursued at the national level.

More recently, the ERN expanded its scope after interactions with several research communities led to the realization that the ERN needed to treat physical scientific instruments such as telescopes, research vessels, genome sequencers, and scanning electron microscopes similarly to research computing, storage, and networking in cyberinfrastructure planning. There is a need to access, move, store, and process the massive amounts of data generated by scientific instruments, and to access instruments remotely through federated services available to both researchers and their collaborators. Through interactions with the scientific and cyberinfrastructure communities, the ERN learned that these capabilities are often an afterthought when installing and commissioning new instruments, which can limit the value of major investments and lead to complications when sharing access the instruments and data there from. The ERN is now working on developing a federated solution to enable academic institutions to offer core services to the broader U.S. scientific community.

The ERN core activities: 

Organizing and/or supporting working groups focused on areas of interest to the community. Facilitating Workshops for deep dive explorations of cross-working group areas of interest. Hosting yearly All Hands Meetings to bring the community together to give updates and discuss future initiatives. Offering recommendations on data standards, architectural blueprints, and policies. Enabling delivery of training on topics related to new and emerging technologies and applications relevant to current areas of interest to ERN stakeholders.

Results of workshops, including findings and recommendations are shared with the broader community through publications and regional and national conference presentations. For example, three ERN papers were presented at the PEARC22 Annual Conference and the “ERN Cryo-EM Federated Instrument Pilot Project” paper received Best Short Paper. In addition to workshops, the ERN, along with its partners, offers a Data Science Seminar Series hands-on training of various software applications focusing on the support of Machine Learning, Deep Learning and Artificial Intelligence workflow methodology.  The workshops are open to anyone in the research community with emphasis on the  MSIs, HSIs, HBUCs, and EPSCoR institutions. Compute resources necessary for the on-hand efforts are made available to all participants and moderating support personnel address questions or issues. 

The ERN welcomes new members. For those interested in future participation in the Ecosystem for Research Networking (ERN), understanding who the stakeholders are, and membership requirements, please visit the ERN website www.ernrp.org.

2022

PEARC 2022 Short Papers 

“The ERN Cryo-EM Federated Instrument Pilot Project” – Best Short Paper “Federating CI Policy in Support of Multi-Institutional Research: Lessons from the Ecosystem for Research Networking”  “Broadening the Reach for Access to Advanced Computing: Leveraging the Cloud for Research”

PEARC 2022 Co-location Event,
“ERN – The Evolution”

Data Science Workshop Series

2021

Structural Biology Working Group Workshop “Enabling PROTEIN STRUCTURE PREDICTION with Artificial Intelligence at Rutgers and Beyond,” (Virtual)

Broadening the Reach Working Group (BTR) workshop “Leveraging the Cloud for Research”, (Virtual)

PEARC 2021 Short Papers (Virtual)

“Identifying Research Collaboration Challenges for the Development of a Federated Infrastructure Response” “Broadening the Reach for Access to Advanced Cyberinfrastructure – Accelerating Research and Education”

Structural Biology “The Voice of the Customer” Workshop, (Virtual)

2020

ERN Federated Open Cyberinfrastructure Collaboratory (OpenCI Labs) Design

NSF CC* CRIA: The Eastern Regional Network funded

Working groups formed

Broadening the Reach Computer Science Federation and Architecture Materials Discovery Policy Structural Biology 2019

Introductory Meeting about ERN with NSF

PEARC 2019

First ERN All-Hands

2018

Proof of Concept for Federated Computing

Coalition of the Willing: Gathering at Rutgers Newark 

2017

Germ of an idea:
2017 National Research Platform (NRP) meeting

GUIDING PRINCIPLES Adhering to principles that simplify access to both instruments and data through a federated platform in support of team science is a game changer for the research community. Accessing, sharing, curating, and archiving data is a priority for research and education. Supporting under-resourced and under-represented colleges and universities by democratizing research instruments and data is as important as serving R1 institutions. Our effort is best spent on the development of applications, workflows, and orchestration tools that enable innovative science, not to reinvent the wheel. Translational computer science is necessary for next generation infrastructure and services and the success of the ERN into the future. CORE VALUES Leadership – Embrace challenges and lead change.  Diversity and Inclusion – Encourage diversity of ideas and styles. Engage people with different strengths, interests, and backgrounds.  Community and Teamwork – Recognize the importance of working together and believe in the immense value from grassroot initiatives. Innovation – Drive innovation spurred by collaboration and partnerships that enhance capacity and capability for the future. Advocacy – Provide thought leadership that is valuable to funding agencies and policy makers. Integrity – Act in a responsible, honest, open, ethical, and equitable manner. Be considerate and thoughtful when implementing new ideas. Reciprocity – Listen and evolve together, helping and supporting each other to accomplish collective goals. ERN BY THE NUMBERS:

18 Events
11 Workshops
5 Papers
18 States

Participating types of organizations in events:

62% Academic (47% R1s and 53% non-R1s includes MSIs) 9% Federal Agencies 8% RENS/non-profit 17% industry 4% international

Over 1000 Participants in ERN sponsored workshops, seminars, and training

OBJECTIVES Align U.S. university and regional network providers with 21st century research needs through federated public and private cloud services to support data workflows, distributed AI, instrument sharing, and data curation through federation, tiered storage, virtualization, and common data models. Broaden the reach of ERN by supporting academic institutions of all types and sizes that attract and educate a more diverse workforce to design, build, and staff advanced research computing, core research services, advanced networking, and data services to create value through new business models, collaborative projects, and transformative/translational research. Treat physical scientific instruments, such as telescopes, research vessels, genome sequencers, and scanning electron microscopes, as part of an ecosystem along with advanced computing, storage, and networking. Build and support research infrastructure that simplifies access to both research instruments and data through a federated platform available to the research and education community. This work includes defining data standards, APIs, architectures, and policies.  Augment and extend the reach and impact of existing national programs aimed at universities, industries and/or national laboratories. View Article in EdgeDiscovery Magazine

The post Ecosystem for Research Networking appeared first on NJEdge Inc.


Dr. Vojislava Pophristic Transforming Scientific Research and Education at Rowan University

The post Dr. Vojislava Pophristic Transforming Scientific Research and Education at Rowan University appeared first on NJEdge Inc.

When Rowan University began their search for a candidate to lead the next chapter of the College of Science & Mathematics, there were several characteristics that were essential to filling this dean role. The University sought a leader who is collaborative, adaptive, and has a passion for use-inspired research, as well as someone who could bring a wealth of knowledge and experience in both teaching and research. Meeting all of these requirements and more, Dr. Vojislava Pophristic joined Rowan University in July 2021 and began her mission of helping to further build the institution’s academic excellence. 

Coming from a background in which both research and teaching played prominent roles, Pophristic was a chemistry professor and chair as well as the interim dean of the Misher College of Arts and Sciences at the University of the Sciences in Philadelphia. Drawn to chemistry and physics for as long as she can remember, Pophristic says she became interested in how the laws of physics govern chemical processes and structures. “During my Ph.D. studies, I was attracted to computational chemistry because the discipline allows researchers to play outside the limitations that are imposed by the real world. Using this virtual chemistry playground, we can shed important light on the natural and synthetic structures and processes, without the obstacles that experiments often have. When these two areas come together—experimental and computational—they can give a much more complete picture than one approach could on its own.”

Revolutionizing Science and Math Education
Pophristic earned her Bachelor of Science degree in physical chemistry from the University of Belgrade, Serbia, and later, a doctorate in chemistry from Rutgers University, New Brunswick. She also was a postdoctoral fellow in the Department of Chemistry and Center for Molecular Modeling at the University of Pennsylvania. “Coming to Rowan was a natural progression for me.” explains Pophristic. “Moving into this role at this time is particularly exciting because the impeding transformation of higher education. Rowan is uniquely positioned to be at the forefront of this transformation in science and mathematics, with its rich environment, 17 colleges and schools, including 2 medical schools, a veterinary school in development, highly-ranked engineering college, and a commitment to its community, regional workforce, and global sustainability.” 

As the Dean of Science & Mathematics, Pophristic has three top strategic priorities, including strengthening use-inspired research, transforming science and math education for the 21st century, and increasing access, retention, and success for underrepresented minority students in STEM. “We have embarked on growing our research efforts in the areas of regional, national, and global challenges,” says Pophristic. “Transforming math and science education to meet the needs of today is essential, but we must also look toward the future and anticipate the nature of work in the world of rapidly evolving technology, in particular artificial intelligence. This transformation will require that we think differently about program content and structure, delivery methods, credentialing, and how we integrate data sciences, artificial intelligence, machine learning, and computing into the education for scientists.”

Pophristic recognizes the access and retention of underrepresented minorities as a national challenge and one all institutions must address. “The first bottleneck is access; increasing it is critical. However, just as important are developing approaches to support retention and foster successful professional careers, particularly in STEM. Rowan is positioned well to address these areas: with its accessibility and affordability pillars, 2+2 and 3+1 programs with community colleges, and its location, it can grow and reshape the STEM workforce in southern New Jersey in unique ways. We will continue to develop and strengthen our programs to increase retention and give students the tools they need to have meaningful and successful careers in science after they leave our campus.”

Building Academic Excellence
Rowan University is the fourth fastest growing public university, with science and mathematics acting as major players in this progression. “As an economic engine for Southern New Jersey, Rowan is expanding rapidly in research and innovation,” explains Pophristic. “I wish to capitalize on this momentum and enrich research and education efforts, and provide support to students and faculty that will help solve global and national challenges such as those in health and life sciences, sustanability, and cybersecurity. Our focus is on fostering interdisciplinary research by building tighter integration between science and mathematics, and other Rowan schools and colleges. We also plan to support economic development and further build the STEM workforce by increasing our interactions with industry, health organizations, and other entities in our region.”

Rowan is among many institutions that are looking at ways to transform undergraduate education to provide students with the necessary knowledge and skill sets required not only for today’s workforce, but in the professions of tomorrow. “The careers that our current or incoming students will have in ten years do not exist now, so what our graduates will be doing a decade from now is unknown,” says Pophristic. “With the line blurring between traditional sciences and an unprecedented rate in technology development, we must think about education in entirely new ways. While there is a lot we do not know about how the fields of STEM will look in the future, we can be certain that data, computation, interdisciplinary themes, and a focus on scientific questions rather than on disciplines will be its critical elements.”

With a focus of restructuring education to better incorporate scientific problem-solving in the interdisciplinary domain, Pophristic wishes to integrate unique human skills, such as ethics, cultural competencies, and knowledge about the environment into the math and science curriculum. “To a large extent, we are now educating students for complex skills and knowledge.” says Pophristic. “We need to wrap our heads around the fact that repetitive tasks, regardless of how complex they are, will be shifting to machines. Thus, our focus should move to discovery, innovation, creativity, entrepreneurship, communication, and other uniquely human abilities, that machines will never be able to do as well as humans. We need to be intentional in integrating these elements, and areas like data, computing, and artificial intelligence, with modern science education and practice.”

Expanding Interdisciplinary Research
As Rowan continues to transform and raise the University’s competitiveness for research, Pophristic says many opportunities are on the horizon. “Rowan has two medical schools, is opening a veterinary school, and has a strong biomedical engineering program. We also just partnered with Virtua Health System, providing numerous possibilities in life sciences. All disciplines in the College of Science and Mathematics are part of this life science road, with each one being critical for developing our overarching knowledge. Areas like statistics, data science, applied mathematics, biophysics, material science, biology, psychology, and chemistry—all critically contribute to life sciences. We are embracing these opportunities and growing with them. For example, this year we opened the Ph.D. in pharmaceutical chemistry, and within the first month, we had eight students in the program.”

Oftentimes when growth is rapid within an institution, challenges can accompany the positive changes. “Just 25 years ago, Rowan was a college primarily focused on teaching; we’ve risen to an R2 university, and we are now quickly approaching R1 status,” says Pophristic. “We are continuing to build the infrastructure to support this growth, while ensuring that relevant entities in the wider community are aware of Rowan’s capabilities and connected to us. The complex problems we are facing today can’t be solved by one scientist or a group of scientists from one discipline, or by academicians alone. Collaborations will expand beyond a chemist and a biologist working together.  We’ll need sociologists, psychologists, engineers, basic scientists, applied mathematicians, artists, and others. We will need industry partners, government and non-profit entities, community involvement, all on the same team to tackle these complex problems that the world is facing now.”

Pophristic continues, “Rowan would greatly benefit from organizations such as Edge to keep us informed of new developments, technologies, and resources, and help us make better informed decisions as we grow our infrastructure. Additionally, Edge’s activities in gathering stakeholders to interact and strategize, as well as fostering collaborations between institutions, are highly valuable for Rowan and our expansion in scientific computing.”

“I wish to capitalize on this momentum and enrich research and education efforts, and provide support to students and faculty that will help solve global and national challenges such as those in health and life sciences, sustainability, and cybersecurity. Our focus is on fostering interdisciplinary research by building tighter integration between science and mathematics, and other Rowan schools and colleges. We also plan to support economic development and further build the STEM workforce by increasing our interactions with industry, health organizations, and other entities in our region.”

— Dr. Vojislava (Voki) Pophristic
Dean, College of Science & Mathematics, Professor of Chemistry
Rowan University

Excelling in Scientific Computing
With scientific computing having a transformative and growing importance in both research and education, Rowan aims to become a leader in computational science and help students develop critical skills that are needed to keep the business world running. “As a comprehensive university, Big Data computing is essential for the development of sciences, engineering, health, and social sciences; among others,” says Pophristic. “Rowan has a number of computational scientists in various colleges and departments, including Bioinformatics, Data Science, Chemistry, Physics, Mathematics, Molecular and Cellular Biology, Engineering, Environmental Science, and Geography. We have strategic initiatives in place that are focused on providing infrastructural support to researchers, training for students, streamlined resources—both hardware and software–and programmatic resources for developing collaborations between computational and experimental scientists. We not only want to become a leader in scientific computing in research, but also excel at integrating this discipline into our undergraduate education.”

To support these research and education priorities, Pophristic says working together is key. “We have celebrated many important milestones, such as the acquisition of the high performance computing cluster in 2015 and later the purchase of a cluster with 59 nodes through grant funds. In both instances, we see faculty working across departments and colleges, but also researchers working with various funding sources to purchase the necessary infrastructure. We are currently working on a model that will allow us to organize and align our efforts to provide access to shared resources and create synergy across Rowan. Our goal is to establish a structure that will allow sustainable growth and integration of computing in various disciplines and colleges.”

Pophristic says organizing researchers in a center structure allows the University to share purchases, streamline maintenance of hardware and software, and enable the timely replacement of hardware. “We’ve combined the know-how of computational scientists and IT professionals and we are able to provide more efficient training for students.  The way forward is to form the Center for Scientific Computing by creating a centralized computing facility as a shared platform for researchers across Rowan. Such a facility will provide efficiency in computing power, dedicated support personnel, efficient maintenance and replacement of infrastructure, and offer a platform for streamlined training of new users and the facilitation of interdisciplinary corroboration.”

The centralized facility will have dedicated personnel who will work together with faculty to help develop and execute research projects and educational programs. “We will have faculty and IT members working together on different aspects of computing,” explains Pophristic. “The Center will design programs that bring together researchers from different disciplines through seminars, workshops, and corporate events. We are also going to roll out regular workshops to train students and other users on basic scientific computing skills.”

“The NSF-funded Campus Cyberinfrastructure (CC*) planning grant, Advanced Cyberinfrastructure for Teaching and Research at Rowan University and the Southern New Jersey Region, will be instrumental in identifying the needs of the Rowan research community and its partners, and helping to shape the vision for research computing and the Rowan University cyberinfrastructure strategic plan. In addition to the Edge-Rowan partnership on the project, as a co-PI, a highlight for me is the collaborative spirit of the Rowan team in finding solutions that will impact not only Rowan’s researchers, but will help advance research initiatives of partner institutions within the broader community,” states Dr. Forough Ghahramani, Edge’s Associate Vice President for Research, Innovation, and Sponsored Programs.

Looking ahead, Pophristic says Rowan has a great opportunity to intensify its efforts in attracting and retaining a diverse group of students and helping more students of color have successful careers in STEM, and in particular, in computer science and computing. “We must provide students with the necessary knowledge, expertise, and soft skills to thrive in the workforce. Rowan already provides several programs for minority high school students in southern New Jersey and we want to continue to create more opportunities. There are truly transformative majors in higher education, and computer science is one of them. Not only can this discipline be life-changing for the student, but for the entire family, because of the highly competitive compensation that these students receive after graduation. We look to not only give students a superior education, but the confidence and support they need to progress through the program and enter a career in STEM with the skills and inspiration they need to make a positive impact on the world.”

Edge supports local, regional and national research projects. To learn more visit njedge.net/research/resources-featured-research-reports.

View Article in EdgeDiscovery Magazine

The post Dr. Vojislava Pophristic Transforming Scientific Research and Education at Rowan University appeared first on NJEdge Inc.


Rowan University Paving the Way for Advanced Cyberinfrastructure and Shared Innovation

The post Rowan University Paving the Way for Advanced Cyberinfrastructure and Shared Innovation appeared first on NJEdge Inc.

As a Carnegie-classified national doctoral research institution, Rowan University is renowned for their research expertise and exploration of groundbreaking innovations that could improve and advance society. With many competitive grant awards, Rowan continues to promote research activity both on campus and throughout the community. Along with an esteemed group of research advocates, Dr. Tabbetha Dobbins, Vice President for Research and Dean of the Graduate School, Rowan University, aims to address the challenge of building cyberinfrastructure (CI) and effectively supporting the diverse computational needs of Rowan’s students and faculty. To help advance this initiative, the group was recently awarded a National Science Foundation (NSF) Campus Cyberinfrastructure (CC*) Planning Grant. 

The project, known as the CC* Planning: Advanced Cyberinfrastructure for Teaching and Research at Rowan University and the Southern New Jersey Region, will focus on strategic planning that creates a coordinated approach to informing the community of the latest CI developments, enables partnerships between institutions, and assists Rowan in building shared and accessible CI. “This grant gives us an opportunity to write a 5-year cyberinfrastructure plan using information from our own campuses and from Edge and their partners,” says Dobbins, the project’s Principal Investigator.

“When I first became vice president, Dr. Forough Ghahramani was such a valuable resource and shared information about CC* grant opportunities,” explains Dobbins. “We decided on this grant and joined forces with three co-Principal Investigators including, Dr. David Klassen, Professor and Chair of College of Science and Mathematics; Dr. Nidhal Bouaynaya, Professor, Electrical and Computer Engineering Associate Dean for Research and Graduate Studies; and Dr. Mira Lalovic-Hand, Senior Vice President and Chief Information Officer. Our partner institutions are Rowan College at Burlington County (RCBC), Rowan College of South Jersey (RCSJ), and Stockton University. This project really began with Dr. Ghahramani and she was able to expand the list of potential resources, like the Eastern Regional Network (ERN), that Rowan could tap into as we develop our plan. Dr. Lalovic-Hand and her team have also been a committed part of the project since its inception from the grant writing stage, all the way through to the workshops and collecting feedback from presenters and participants.”

Creating an Effective CI Strategy
The awarded Rowan CC* Planning Grant will invest in coordinated campus-level networking and CI improvement, innovation, integration, and engineering for science applications and distributed research projects. The project has three distinct components to create a thorough and effective CI strategy: a survey, a focus group, and education. “Our goal is to be a regional service to all computational researchers in the region,” explains Dobbins. “We want to begin by surveying our researchers and the Division of Information Resources & Technology (IRT) to better understand what their needs and perceptions are of our current cyberinfrastructure. The focus group will then allow a deeper dive into that survey. We will meet with the stakeholders—the researchers, faculty, and students—and the university-level administration. We will also gather input from the support group inside the IRT to gain a clear picture of their vision for the cyberinfrastructure plan.”

For the education component, the group will be inviting speakers from Rutgers who currently have a research cluster to discuss their projects and the resources available. “We realize our high-performance computing (HPC) is quite outdated and we have researchers working on their own home-built clusters, with minimal use of our campus-wide HPC,” explains Dobbins. “There are other developments that have come along to help researchers with their projects, including cloud-based services. One of our speakers spoke to faculty and students about the Cyberteam to Advance Research and Education in Eastern Regional Schools (CAREERS). The group could receive training in ways to support computing-based research and faculty members could recruit students for mentoring opportunities on their individual research projects. We will be hosting additional presentations in the coming months to further inform our students and faculty about all the exciting resources available for advancing research and innovation.”

“When I first became vice president, Dr. Forough Ghahramani was such a valuable resource and shared information about CC* grant opportunities. We decided on this grant and joined forces with three co-Principal Investigators including, Dr. David Klassen, Professor and Chair of College of Science and Mathematics; Dr. Nidhal Bouaynaya, Professor, Electrical and Computer Engineering Associate Dean for Research and Graduate Studies; and Dr. Mira Lalovic-Hand, Senior Vice President and Chief Information Officer. Our partner institutions are Rowan College at Burlington County (RCBC), Rowan College of South Jersey (RCSJ), and Stockton University. This project really began with Dr. Ghahramani and she was able to expand the list of potential resources, like the Eastern Regional Network (ERN), that Rowan could tap into as we develop our plan. Dr. Lalovic-Hand and her team have also been a committed part of the project since its inception from the grant writing stage, all the way through to the workshops and collecting feedback from presenters and participants.”

— Dr. Tabbetha Dobbins
Vice President for Research, Dean of the Graduate School
Rowan University

Developing a Coordinated Approach
When creating a CI strategy, many organizations focus predominantly on hardware and access to software, as well as the staff who will support these elements, but Dobbins says input from the administration is equally as important. “Our University’s administration will be involved in our focus group sessions to help determine how to allocate internal resources and to discuss the most suitable location for research computational support personnel within our organization. As we begin to put the CI plan together, we must determine how the overhead return from grants, for instance, are distributed to various units. If we need to change that formula so a slice of that funding goes to supporting future computational infrastructure, we would need university-level buy-in. We must create a robust financial model that doesn’t put computational research expenses entirely on the University or entirely on the researchers themselves. Creating this shared structure will be an important part of our discussions moving forward.”

After the survey and focus groups are completed and information is gathered from the seminar series, the group will begin writing the CI plan. “All of our data collection should be completed by August 2022,” says Dobbins. “The presentations may continue beyond that time, but the writing of the CI plan will take place between August and December of this year. The implementation of the CI plan, including financial support of CI and access to hardware and software, will be conducted at Rowan, but we hope to be a service to our community college affiliates and other regional universities and remove barriers for accessing state-of-the-art cyberinfrastructure. Collaboratively, we can conduct larger scale transformative work and help more institutions to make a notable impact in data-driven computational research.”

To learn more about tapping into Edge’s comprehensive expertise and support for grant proposal development and research collaboration, visit njedge.net/grants-sponsored-programs/ and njedge.net/research/resources-featured-research-reports/.

View Article in EdgeDiscovery Magazine

The post Rowan University Paving the Way for Advanced Cyberinfrastructure and Shared Innovation appeared first on NJEdge Inc.


Leading into the Future

The post Leading into the Future appeared first on NJEdge Inc.

Following a comprehensive national search in 2020, Kean University selected Lamont O. Repollet, Ed.D. as its 18th president and the institution’s first Black president. The Kean alumnus and former Kean trustee is tasked with transforming the institution’s competitiveness for research grants and has vowed to elevate the University to Carnegie R2 research status within the next five years. In November 2021, Kean University joined the list of elite public research universities with its designation as the state’s first urban research university. This achievement will help to provide more opportunities for residents living in urban communities and will further expand the reach of Kean’s research and creative projects within art, science, and humanities. “Our value-driven mission is to become a national model for urban research universities across the country,” says Repollet. “With this prestigious designation, Kean is now well-positioned to test knowledge and research in every field and apply these findings to real-world issues facing our urban communities.”

Investing in Expanding Research
An important element in transforming Kean into a research university included investing in human capital and adding new tenure-track faculty across multiple disciplines. “While many institutions were cutting back on faculty and staff during the pandemic, we looked to grow our number of educators,” shares Repollet. “By this fall, more than a quarter of our full-time faculty will have joined us within the past two years. We’re also offering faculty grants to allow researchers to embark on projects that focus on urban issues and diversity, equity, and inclusion initiatives. Additionally, we have redirected faculty bandwidths to allow more time for research collaboration and provide participation opportunities for a greater number of students. By showcasing our students’ accomplishments, we inspire excitement and interest in our research and can take collaborative opportunities to new heights.”

Under Repollet’s leadership, Kean has also invested in research equipment and infrastructure. “Our commitment to our faculty and expanding our research footprint is shown through our budget and how we’re allocating funds,” says Repollet. “We are also expanding our network of affiliated startup companies and building the infrastructure for the commercialization of our intellectual property that has yielded several U.S. patents in areas such as computer science. To achieve our goal of making research more inclusive, Kean is partnering with government organizations on research initiatives that support their work. When we tell our students, ‘You can conduct research that affects your world,’ we truly mean their world. We are exploring everything from education, disparities in health care, and economic challenges within these communities. We want to leverage our capabilities to be a part of the solution to the issues impacting New Jersey’s residents, particularly in our urban centers.”

Building Pillars of Success
Since taking office, Repollet has focused on propelling the University forward by ensuring success within three pillars: safety, academic excellence, and equity. Prior to joining Kean as the University’s president, Repollet served two-and-a-half years as the New Jersey Commissioner of Education, overseeing the shift to remote education amid the pandemic and helping to plan for the 2020-2021 school year. Through this challenging time and moving forward, Repollet says safety is a top priority. “At Kean, we responded to COVID-19 by partnering with the County of Union on testing and vaccinations for our campus and the surrounding community. We also opened our own COVID lab on campus to process test results, and we stand ready to work with the county in any other public health emergency.”

With a goal of providing academic excellence to all students, growing faculty is an important part of the endeavor. “To move forward as a research university and provide support for our students, we needed to create new systems that aligned with our current priorities,” explains Repollet. “When it comes to academic excellence, we focus heavily on bringing in new faculty members and retaining those educators, as well as offering support for students from their first day on campus through graduation. We are now looking to strengthen these systems by looking at data and gathering feedback from faculty and students to ensure they have the tools they need to be successful.”

Among Kean’s top priorities is supporting equity and inclusion and creating an environment for all students to learn and grow together. “As a former commissioner and superintendent, equity has been a cornerstone of who I am, and I have always believed creating a diverse workforce is essential,” says Repollet. “I also believe all students should have the opportunity to pursue higher education. We have built entrepreneurial educational initiatives (EEI) that identify gaps within the pre-K to 12 space to make sure we build the strongest pipeline possible for those students entering into the college level. To offer exposure to more students, we provide college-level courses and have created an academy of scholars. The Kean Scholar Academy is a pre-college program that offers high school students the opportunity to earn college credits and participate in pre-college mentorships and internships.”

Strengthening the equity pillar of Kean University also requires making higher education both accessible and affordable. “By design, Kean is the most affordable comprehensive 4-year university in the state,” says Repollet. “We also make sure our policies are inclusive, where everyone has an opportunity to move up without being hindered. We also established our Office of Diversity, Equity and Inclusion, which is dedicated to promoting representation and inclusion at Kean. We want to assure we bring equity into everything we do, from academia to the student experience across campus.”

Kean is one of the most diverse universities in the northeast, where 77 percent of the students are students of color and 46 percent are first generation. “We celebrate the diversity among our student population and our faculty,” shares Repollet. “When you have an emphasis on diversity, you have an emphasis on diverse interests, and as a result of that approach, the research breaks out of the cookie-cutter model. The culture at Kean is changing, and there is an excitement among students and staff to be part of this shift to a renowned research university.”

Creating a Sustainable Research Enterprise
To continue Kean’s advancement toward Carnegie R2 status, the University is working to expand its research portfolio and gaining insight and expertise from the education community. “We formed a Presidential Advisory Committee that includes students, faculty, staff, and community members,” explains Repollet. “The committee will make recommendations and advise me on the steps we need to take to reach our R2 goal. For example, the group recently shared a recommendation for a $3 million investment in supplies and advanced research equipment. We approved this investment because funding research, supporting staff, and pursuing grant opportunities are all essential to moving the needle in the right direction.”

In the past, Kean would often hire faculty during the winter and spring months. Upon the recommendation of the Advisory Committee, the University has recently moved that timeline, with new faculty members starting in September. “We now have faculty members joining us with research grants and opportunities,” says Repollet. “Many individuals are just out of post-doctoral fellowships or are looking to relocate to the east coast. To ensure we remain on track and show our growth, we’ve created several benchmarks. The first was to gain recognition by our own state as a public research university. We are very thankful to Governor Murphy for signing legislation designating Kean University as the fifth research university in New Jersey, and the first urban research university focused on finding real-world solutions. Kean recently moved up to Doctoral University status, one step away from the R2 designation. This accomplishment shows that the work we’re doing and the investments we’re making are paying dividends and because of this, I’m very confident we will achieve our goal. More importantly, we are creating a sustainable research enterprise to ensure continuous growth for years to come.”

With technology being a key item for researchers to advance their projects and collaboration opportunities, Repollet says Kean University is looking forward to becoming more involved with Edge as the University continues to advance its research mission. “The pandemic has highlighted the central importance of technology and education,” says Repollet. “From pre-K to college and beyond, technology allows students to connect with educators. But at the same time, the pandemic has stripped bare the disparities that exist among different groups and their access to technology.  This issue is one that Kean is working hard to address. With technology often being costly and evolving so quickly, Edge helps keep our institutions cutting edge in a way that is much more efficient and cost effective than any other organization could accomplish.”

“We are very thankful to Governor Murphy for signing legislation designating Kean University as the fifth research university in New Jersey, and the first urban research university focused on finding real-world solutions. Kean recently moved up to Doctoral University status, one step away from the R2 designation. This accomplishment shows that the work we’re doing and the investments we’re making are paying dividends and because of this, I’m very confident we will achieve our goal. More importantly, we are creating a sustainable research enterprise to ensure continuous growth for years to come.”

— Lamont O. Repollet, Ed.D.
President
Kean University

Advancing Community Research and Education
Edge and Kean University have recently joined forces on a proposal that will provide infrastructure support and additional computer capacity for research in New Jersey. The National Science Foundation (NSF) Campus Cyberinfrastructure Regional Connectivity program invests in networking and cyberinfrastructure improvements, innovation, and integration for research projects. “Edge is pleased to partner with our member organization, Kean University, and to offer our solutions and services as they work to achieve their R2 status,” says Forough Ghahramani, Ed.D., Associate Vice President, Research, Innovation, and Sponsored Programs, Edge. “Through collaborations such as the NSF proposal and Edge’s advanced high performance network capability and access to regional and national resources, we are excited to help advance research and education within the community.”

Due to Kean’s commitment to building infrastructure and continuing to climb toward R2 status, the University is now becoming eligible to apply for more research grants and collaboration opportunities. “Our accomplishments as an institution are passed on to our students,” says Repollet. “As an urban research university, we are able to close the tuition gap and provide higher education opportunities to more students. Plus, the impact goes far beyond our campus. Our focus is on applied research that finds solutions to real-world challenges that are faced not only by the state’s urban residents, but all residents of New Jersey. The skills and expertise of our faculty and students support the greater community, and their influence permeates throughout the state.”

Promoting Economic Growth
To further build upon the University’s commitment to scholarship and community service, Kean established the John S. Watson Institute for Urban Policy and Research at the University in March 2021. “The Institute has an over 30-year history of urban policy,” says Repollet. “We’re delighted to have the Watson Institute installed at Kean and to be able to explore gaps in education and health care, economic challenges, and environmental justice. These challenges can now be addressed in a safe space where our faculty and students can come together to find solutions to some of the issues affecting urban communities. Now, as a state urban research university, we can further tap into their networks and embed urban policy within our colleges.”

The Institute works closely with the New Jersey Urban Mayors Association (NJUMA), which is now affiliated with the University and includes mayors from 32 urban centers across the state. “We now have built-in connections to government leaders across New Jersey, and we look forward to working with them to provide policy research and solutions on important issues in their communities. The Watson Institute gives us credibility and has provided a seat at the table that we wouldn’t have had in the past. Our goal is to harness all the expertise at Kean and channel that knowledge toward achieving these important goals and driving change within the region.”

Kean was among 25 institutions selected by the U.S. Economic Development Administration (EDA) University Center for a 5-year grant to promote innovation and strengthen regional economies. With $1 million of funding, the plan is to create the Center for Business and Workforce Development, Innovation and Social Entrepreneurship. Housed at the John S. Watson Institute for Urban Policy and Research at Kean, the University Center will address regional needs such as agriculture in South Jersey, advanced manufacturing in the central region, and small businesses in North Jersey. “We are very proud to receive this grant and be a partner in this collaborative effort to strengthen regional economies and promote economic growth, especially for minority-owned small businesses,” shares Repollet. “Our involvement supports who we are as a research university, and it is exciting being at the forefront of spurring this economic change. We are working to create the first data trust and ensure that these urban centers have the information, tools, and resources that they need to be successful. Most importantly, our students from these areas will be working as interns and will have the opportunity to help their own communities flourish.”

Inspiring through Leadership
President Repollet says his diverse career experience, including educator, coach, principal, superintendent of schools, and New Jersey Commissioner of Education, has helped him perfect how he looks at leadership and strategies for achieving organizational goals. “Each stop along the way has allowed me to view leadership from a micro to macro level. You must look at the quantitative and qualitative data to form who you are and to support your mission of being a provider of a world-class education. I’ve been developing smart goals for every endeavor and ensuring the members of our team understand their role. Each person is an expert in their lane, a cog in the system, so when everyone is fully engaged, we have touch points across multiple areas that bring us together.

“In regards to being the first Black president of Kean, this is about leadership, and being a successful leader comes down to whom you serve,” continues Repollet. “I always say to whom much is given, much is required, and I take that sentiment to heart because I understand the circumstances that our students are in. The pandemic health crisis has brought to bear the role and the moral obligation we have as a University and what we need to do. I believe passionately in the mission of our institution to provide access to a world-class education for all students, regardless of background, and I think people are excited about the culture we are creating. We aspire to be a model and a source of inspiration.

“People can see that we are investing in them and their communities, and the system has started to change because the processes that we put in place are starting to produce the results that support our mission, our vision, our values, and our goals. I’m excited about where we are at this moment and where we are going. My University, my students, and my community can feel the bus moving in the right direction, toward a culture of inclusivity that rewards and promotes excellence. I’m honored to be in this role and to help Kean climb higher on its path from great to elite.”

View Article in EdgeDiscovery Magazine

The post Leading into the Future appeared first on NJEdge Inc.


Seton Hall University Bringing Great Minds Together to Advance Research and Education

The post Seton Hall University Bringing Great Minds Together to Advance Research and Education appeared first on NJEdge Inc.

Among the country’s leading Catholic universities, Seton Hall University (SHU) is home to over 10,000 undergraduate and graduate students and offers more than 90 majors and programs. In the summer of 2020 during the height of the pandemic, Dr. Katia Passerini began her tenure as the new Provost and Executive Vice President of SHU. Along with many institutions that faced the challenges of remote learning, Passerini was immediately tasked with overseeing efforts to combine HyFlex teaching methods with classroom instruction in an effective and successful way. “My first challenge was starting a new job completely remote, while at the tail end of a strategic planning process that was put on pause by the pandemic,” shares Passerini. “The priority was to reopen the campus and bring our community back safely. My first ninety days—but I would argue, my entire first eighteen months—were focused on remote teaching through the Hyflex modality, the support systems for students and faculty, recruiting challenges in local and national markets, the paralysis of international recruiting, and the increased competition of online programs, which are now available everywhere across the country and the globe.”

Passerini says in this accelerated reactive environment, the most demanding challenge SHU faced was whether to continue the refinement and implementation of the strategic plan. “This decision would start the clock for the launch of an increased series of activities and goals. Quite frankly, there was only one option, and that was to move forward, because COVID-19 did not stop the overarching transformation of the higher education industry. On the contrary, the pandemic accelerated these changes and the only way to prepare for a possible hypercompetitive future is to reaffirm and chart a direction for growth that feeds on the strength of the mission and shows a path towards its full implementation. The challenge was that of intentionally deciding to complete these activities in parallel and this decision is why we have been able to proceed with new or renewed investments in academics and research.”

Gaining Experience in Program Development
Beginning her academic career at the New Jersey Institute of Technology (NJIT), Passerini worked on many different projects across the university. “Since my discipline is management information systems, I was involved in technology projects including enterprise resource planning upgrades, smart campus testing, and wireless tech infrastructure studies,” says Passerini. “Moving through the various phases of an academic career at NJIT from assistant to full professor, I taught courses and completed research activities that made me realize that I loved working closely on innovation projects with students.”

“This experience eventually paved the way for an exciting dean position in the Honors College, where I led the development of the University’s top students in a myriad of academic initiatives, service activities, and innovative research,” Passerini continues. “Later, when a dean position spanning multiple programs opened up at a nearby university, I applied and was selected to lead the largest undergraduate professional college at St. John’s University (the Collins College of Professional Studies). This experience gave me an opportunity to launch many new programs and think strategically about program development. I discovered how much I enjoy building new programs and exploring areas that may lead to transformation.”

From her decade in New Jersey, Passerini was very familiar with SHU and looked at the University’s Provost role as an exciting next step. “I am honored to have the opportunity to work with a dedicated community of teacher-scholars on new academic programs,” says Passerini. “The R2 status of Seton Hall was a clear signal of the commitment to high-level research within an institution dedicated to the scholarship and practice of teaching and service.”

Educating the Mind, Heart, and Spirit
Moving forward, SHU’s strategic plan focuses on five main areas: academic distinction, research excellence, student success, diversity and community, and long-term sustainability. More specifically, Passerini says the quest for academic distinction is connected to the fundamental belief that the University cannot be everything to everyone. “While we aspire to achieve excellence in all our programs, as comprehensive liberal arts institutions like ours should do, we also need to define areas in which we will focus to achieve unparalleled distinction. And that means making difficult decisions on how to prioritize resource allocation and growth, which is the most difficult job: saying “yes” and “no” to academic investments in specific areas, while launching new investments in others.”

To help raise SHU’s profile in the coming years, Passerini looks to determine ways to transfer the excellence of the institution’s notable faculty into a well-known story that shows how the University’s academic programs are conceived, delivered, and enhanced by these scholarly experts in their fields. “We have an incredible faculty who are scholars in their respective disciplines,” shares Passerini. “I am amazed at the number of faculty who publish books with the most prestigious academic presses and high-quality publications. We want to showcase the talent of these pioneers and give our students more opportunities to collaborate on research projects with these extraordinary mentors.”

The comprehensive nature of SHU, and their dedication to liberal arts and humanities-based education, is designed to expose students to a very large and diverse set of courses that push their imagination and thinking well beyond their chosen field of study. “Many majors have enough electives to enable explorations across courses and disciplines, and that is our unique advantage,” says Passerini. “Additionally, as a faith-based institution, we provide a unique ethos and focus on service to the community, reflection, and introspection that facilitates engagement with society, religious, and cultural issues. Our philosophy focuses on educating not only the mind, but also the heart and the spirit, and that is our recipe for academic excellence.”

Promoting Real-World Education
Seton Hall is highly focused on immersing students in real-world learning where they will gain knowledge and skills they can use to advance in the workforce. For example, SHU embeds data literacy throughout their liberal arts and humanities tradition. “We offer a digital humanities minor, medical humanities, and the like,” shares Passerini. “By complementing our professional studies with broad-based teaching, this helps not only in learning important skills, but creates new ones—moving from data, information, knowledge, and eventually through to wisdom. We also teach information and data literacy through the carefully organized work that our librarians lead. SHU offers a variety of seminars, including research data management, survey research in Qualtrics, ArcGIS for Spatial Data, Data Analysis in SPSS, and introduction to Microsoft Power BI.”

The University also offers an online business analytics program through the Stillman School of Business and an online data science program through their College of Arts and Sciences. “The courses offered through these programs are increasingly being re-used by other programs to further augment the data and text analytics know-how of our students,” explains Passerini. “Ideally, a certificate/minor in data science and business analytics could become part of any set of electives or course sequence that students include in their schedule. We provide access to software and resources for such analysis across many programs.”

“My first challenge was starting a new job completely remote, while at the tail end of a strategic planning process that was put on pause by the pandemic. The priority was to reopen the campus and bring our community back safely. My first ninety days—but I would argue, my entire first eighteen months—were focused on remote teaching through the Hyflex modality, the support systems for students and faculty, recruiting challenges in local and national markets, the paralysis of international recruiting, and the increased competition of online programs, which are now available everywhere across the country and the globe.”

— Dr. Katia Passerini
Provost and Executive Vice President
Seton Hall University

Creating a Shared Vision
In 2019, Seton Hall received the “R2” designation, placing the University among the group of institutions across the country classified as “High Research.” “We have an expansive research portfolio that feeds from the excellent research that is happening in existing centers and within the nine colleges and schools that we have at the University,” says Passerini. “I recently asked the Deans to highlight areas of excellence that span across colleges. Our key areas of distinction in research include: Health and Well-Being; Life Sciences, Data Sciences, and Analytics; Ethics, Spirituality, and Science; Society, Technology, and Communication. These areas are supported by local institutes, centers, and academic programs. One particular characteristic of these thematic areas is that they thrive from the interdisciplinary collaboration across units. In a nutshell, our research competitiveness relies heavily on our ability to work across the disciplinary specializations and open a dialogue that moves beyond isolated silos and finds a shared vision. That central direction is that we put people, humans, humanity, and society at the center of our research endeavors and everything we do.”

In the area of Health and Well-Being, the School of Health and Medical Sciences (SHMS) established a Center for Interprofessional Education in the Health Sciences (CIEHS) engaged in and creating opportunities for meaningful and cross-disciplinary educational, research, and clinical experiences. The goal is to further develop team-based, person-centered learning in healthcare. The College of Nursing also delivers undergraduate and graduate nursing programs leveraging an interprofessional approach to treating individuals with chronic illnesses, including funded research on substance use disorders and more.

Led by the College of Arts & Sciences and the Stillman School of Business, research advancement in the Life Sciences, Data Sciences, and Analytics is taking place at the various centers and degree programs offered at SHU. Students and faculty gain the opportunity to better understand societal challenges and positively impact the world by synthesizing data in all forms, analyzing that data to find meaning, and communicating information effectively to drive important discovery insights, as well as applied policy, management and practice implications.

In Ethics, Spirituality, and Science, centers for ethics, interfaith dialogue, and institutes of religious studies and communication promote theological engagement with the natural sciences and medicine and probe the relationship between faith and reason. This area brings together work at Seton Hall Law School, at the School of Theology, College of Arts and Sciences, and the College of Communication and the Arts.

Research in the thematic area of Society, Technology, and Communication fosters ethical, servant leaders for diverse local, regional, and global communities. “Communities flourish when members feel confident, safe, and empowered by collective pursuits,” says Passerini. “This is enabled by formal and informal systems education, public and international safety, savvy diplomacy and international relations, technology as a tool and a means to liberation, and communication in all forms, especially digital communication. The College of Education and Human Services, the School of Diplomacy, and the College of Communication and the Arts collaborate in research in these areas.”

Fostering Interdisciplinary Collaboration
Drawing knowledge from multiple fields of study to drive innovation can be beneficial in creating a holistic approach to research, but there are often challenges to overcome as well. “Interdisciplinary research is a romantic concept that we all aspire to implement, but this approach is not the way academic institutions have traditionally worked in the past,” says Passerini. “Research universities can achieve excellence and distinction through concentration and vertical specialization. There is an inherent risk with interdisciplinarity, where an institution may span in too many directions without control and may not achieve the level of depth that is typical of hyper-specialization. That level of depth is very difficult to achieve or copy. On the other hand, because academic institutions have their own networks of collaborators that are difficult to replicate, the interdisciplinary approach opens so many more possibilities, creating an innovation ecosystem with a spiral of increasing level of knowledge that is unique to the context in which it blossoms. What we need to do to overcome the limitations and fully take advantage of the opportunities is to enable people to work with colleagues in other schools and colleges and identify reward systems that encourage this collaboration. Specifically, we must reconsider how to promote team teaching and sharing of faculty hires, even though hiring and promotions are often closely tied to disciplinary areas within academia.”

With significant research taking place at Seton Hall, the University is being strategic about partnering locally, nationally, and internationally moving forward. “We have partnered with research organizations that can help us understand program development and research,” shares Passerini. “We have also connected with international associations, like the International Federation of Catholic Universities, that give us access to networks of partners around the world with the purpose of exchanging students and faculty who will study and conduct research in the U.S. or abroad.”

A new initiative at SHU, called “Academies,” looks to support interdisciplinary research and help drive progress in health sciences, international relations, law, humanities, and theology. Named after Plato’s Academy—the grove where Athenians gathered outdoors for impromptu philosophical conversation about pressing questions—the Academies enjoy seed funding for three years to engage in timely matters of public concern, including green chemistry, meaningful work, applied technology, health research, and Catholic social work in action.

Launching Innovation Initiatives
As part of SHU’s strategic plan, the Provost’s Office, aided by the help of various committees and experts across the University and nationally, recently reviewed the overall academic structure and assessed its ability to innovate as measured by a number of success metrics. “The extensive study, which was not without its limits and challenges, guided an overall reorganization of academic units through the clarification of goals and targets by launching incremental innovation initiatives,” explains Passerini. “This strategy pushed radical collaboration that brings together some colleges and schools in new ways. For example, the School of Diplomacy and International Relations is working closely with Seton Hall Law School. The College of Education and Human Services, and the College of Communication and the Arts will come together by Fall 2023 into a new unit that will focus on the future of education, communication, and professional development.”

In partnering with Edge, Passerini looks forward to gaining support for the University’s research initiatives and accessing a broad range of collaborative multi-institutional local, regional, and national advanced technology resources. “Edge is fundamentally dedicated to pushing the research achievements in New Jersey through shared infrastructure, collaboration, and access to advanced resources, including physical, digital, and human networks,” says Passerini. “This goal is very much what we wish to do internally first, and then continuing that beyond Seton Hall, so partnering with Edge is a great opportunity for us to advance this agenda.”

The other colleges and schools at SHU are working on ambitious targets in areas like enrollment, students’ success, and program development to bring many of the existing and new programs to the next level. “We have some busy years ahead of us,” says Passerini. “However, this work will enable reinvestment in stronger academic units, and we expect to shift over two million dollars of funding—just from this initiative—permanently into the academy. Additional funding will likely take place through expected programs growth, funded grants, and fundraising for chaired positions/programs. We are looking to hire thirty new faculty members this year!”

Globally Transforming Education
An important mission at Seton Hall is advancing diversity, inclusivity, and equity and providing opportunities to a greater number of students. “If we look at the education sector, women are surpassing men in obtaining a higher education degree, although there are differences by field of study,” says Passerini. “Diversity brings new ideas, and we need to source ideas from wherever they exist, including different ethnic communities, countries, and states. Ultimately, by hosting and welcoming a variety of experiences and perspectives, we become better as a whole. SHU celebrates these principles by dedicating an entire strategic priority to community diversity and every single unit is working on academic, research, student services, financial, admission, and administrative goals that lead to a larger participation across the institution.”

As a previous international student, Passerini continues to be passionate about study abroad and international exchange programs and the benefits that they can provide to both the University and the students. “I would like to double our current incoming and outgoing International student numbers by 2025 and build more partnerships across various continents,” shares Passerini. “In addition, COVID has fast-tracked the entire world into digital communication. I cannot think of a better time to start digital connections with partners worldwide and invite a different way of ‘virtual travel’ and remote collaborations.”

Passerini says the ability for institutions to leverage digital transformation and online learning depends on their own ability to adapt to multiple modalities of teaching and learning without impacting their core resources and the needs of their students and faculty. “While we can now reach a larger audience, so can everyone else, including well-known international players. Ultimately, some universities will simply modify and augment what they already do, and others will convert to a fully online model. This is similar to the transition we experienced with the rise of electronic commerce. First online sales were just another channel, then they became the preferred channel, and for some, they became the only channel.”

“However, learning is different and is a socially constructed process that feeds from interactions, communication, and collaborations,” Passerini continues. “If having access to information was enough for people to learn, we would not need degrees, just books and public libraries. COVID showed that we must indeed come together and discuss, share, and argue about what we are learning, and we must do this with others, including our peers and mentors. Institutions across the education community will likely be exploring the impact of digital learning—both positive and negative—for years to come. I do suspect that hybridity is here to stay, especially for new and emerging learners that may need to retool and retrain for an increasingly different workplace. We must each decide what type of digital transformation we are ready for and what will provide the most impactful educational and career opportunities for our students as they prepare for the future.”

Looking for leading-edge technology, advanced computing resources, and collaboration opportunities to drive your research initiatives forward? Explore how EdgeDiscovery is helping transform the research community at njedge.net/research.

View Article in View From The Edge Magazine

The post Seton Hall University Bringing Great Minds Together to Advance Research and Education appeared first on NJEdge Inc.


Oasis Open Projects

OASIS Announces Open Innovation Veteran, Francis Beland, as Executive Director

20 September 2022 – OASIS Open, the global open source and standards consortium, announced Francis Beland as its Executive Director. A business builder and advisor, Beland brings more than 25 years of experience helping companies identify breakthroughs and elevate technical agendas, products, and achievements. He will utilize his open innovation background to drive new partnerships, […] The post

New Leadership to Prioritize Innovation to Advance Open Collaboration Initiatives

20 September 2022 – OASIS Open, the global open source and standards consortium, announced Francis Beland as its Executive Director. A business builder and advisor, Beland brings more than 25 years of experience helping companies identify breakthroughs and elevate technical agendas, products, and achievements. He will utilize his open innovation background to drive new partnerships, ideas, and expertise to the wide range of open collaboration projects at OASIS.

“We welcome Francis Beland’s leadership, vision, and relationship-building experience,” said Gershon Janssen, chair of the OASIS Board of Directors. “His in-depth knowledge from different perspectives as an open innovation entrepreneur will be invaluable to the OASIS community.” 

Throughout his career, Francis has served as partner at Global Accelerated Ventures and Oceans.Studio, E-TRON Technologies, and Deloitte/Monitor Group focusing on research, development, and commercialization of breakthrough technologies. In addition, he was vice president at the XPRIZE Foundation, where he led numerous innovation projects. Francis has helped organizations engineer Open Innovation practices into their ecosystem that bolstered innovation, transformed mindsets, and unlocked possibilities. 

“It’s an exciting time to step into this role, and I’m grateful to have the opportunity to expand the OASIS community,” Beland said. “As Executive Director, my goals are to leverage OASIS Open’s systems to help governmental organizations and Fortune 500s alike change their thinking, enhance their strategic initiatives, and envision a world of possibility that hasn’t existed before. Working closely with OASIS members to continue advancing the organization’s goals while focusing on growing the membership base, will ultimately lead to a stronger and more collaborative OASIS community.”

In addition to his background developing large-scale innovation programs in healthcare, automotive, biotech, medical devices, governments, oil & gas and energy industries, Francis was an innovation advisor to Facebook, the United Nations, and the European Commission, and served as an Entrepreneur-in-Residence at the White House for the Food and Drug Administration.

As Executive Director, Beland leads an international staff that supports the collaboration of its members in more than 100 countries who are committed to advancing work across a broad technical agenda.

About OASIS Open

One of the most respected, nonprofit open source and open standards bodies in the world, OASIS advances the fair, transparent development of open source software and standards through the power of global collaboration and community. OASIS is the home for worldwide standards in cybersecurity, blockchain, privacy, cryptography, cloud computing, IoT, urban mobility, emergency management, and other content technologies. Many OASIS standards go on to be ratified by de jure bodies and referenced in international policies and government procurement. More information can be found at https://www.oasis-open.org/.

Media Inquiries

communications@oasis-open.org

The post OASIS Announces Open Innovation Veteran, Francis Beland, as Executive Director appeared first on OASIS Open.


ResofWorld

Brazilian tech veteran explains fintech’s footprint on Latin American industries

Ricardo Sangion, partner at VC firm TheVentureCity, is helping to build on the region’s successful payments sector for other verticals.
Ricardo Sangion, partner at VC firm TheVentureCity and former country manager of Pinterest Brazil, is one of the Latin American tech pioneers who are looking into the most promising industries...

SelfKey Foundation

The Ethereum Merge

As a result of the upgrade, Ethereum implemented proof-of-stake, a more energy- and environmentally-friendly mechanism. The post The Ethereum Merge appeared first on SelfKey.

As a result of the upgrade, Ethereum implemented proof-of-stake, a more energy- and environmentally-friendly mechanism.

The post The Ethereum Merge appeared first on SelfKey.

Monday, 19. September 2022

FIDO Alliance

Webinar: Optimizing User Experiences with FIDO Security Keys

This webinar will provide essential education for any organization that wants to implement phishing-resistant authentication with FIDO security keys. FIDO security keys have been deemed the “gold standard” for multi-factor […] The post Webinar: Optimizing User Experiences with FIDO Security Keys appeared first on FIDO Alliance.

This webinar will provide essential education for any organization that wants to implement phishing-resistant authentication with FIDO security keys.

FIDO security keys have been deemed the “gold standard” for multi-factor authentication. With this in mind, the FIDO Alliance published user experience guidelines earlier this year to help online service providers design a better, more consistent user experience for the consumer security key audience and ultimately maximize adoption. View the slides.

The post Webinar: Optimizing User Experiences with FIDO Security Keys appeared first on FIDO Alliance.


Webinar: Optimizing User Experiences with FIDO Security Keys

This webinar will provide essential education for any organization that wants to implement phishing-resistant authentication with FIDO security keys. FIDO security keys have been deemed the “gold standard” for multi-factor […] The post Webinar: Optimizing User Experiences with FIDO Security Keys appeared first on FIDO Alliance.

This webinar will provide essential education for any organization that wants to implement phishing-resistant authentication with FIDO security keys.

FIDO security keys have been deemed the “gold standard” for multi-factor authentication. With this in mind, the FIDO Alliance published user experience guidelines earlier this year to help online service providers design a better, more consistent user experience for the consumer security key audience and ultimately maximize adoption. View the video.

The post Webinar: Optimizing User Experiences with FIDO Security Keys appeared first on FIDO Alliance.


SelfKey Foundation

SelfKey Exchange Marketplace

The SelfKey exchange marketplace is where you can compare different exchange accounts and sign up instantly. The post SelfKey Exchange Marketplace appeared first on SelfKey.

The SelfKey exchange marketplace is where you can compare different exchange accounts and sign up instantly.

The post SelfKey Exchange Marketplace appeared first on SelfKey.


ResofWorld

For Myanmar’s revolutionaries, adopting digital currency can mean life or death

The anti-coup administration is now circulating $620,000 worth of its own digital currency. But security fears are mounting.
In May of last year, just over three months after the military seized power from the civilian government in Myanmar, Wathon joined the country’s armed uprising. By then, the military...

Saturday, 17. September 2022

SelfKey Foundation

“The Merge”

The “merge,” also known as Ethereum’s long-awaited transition to proof of stake, finally took place. The post “The Merge” appeared first on SelfKey.

The “merge,” also known as Ethereum’s long-awaited transition to proof of stake, finally took place.

The post “The Merge” appeared first on SelfKey.

Friday, 16. September 2022

ID2020

International Identity Day: An Opportunity to Reflect

Nearly one billion people on earth lack any form of widely recognized identity. Let me say that again…a billion people! Looked at another way, that is one person in eight alive today living without any official record of their existence. These individuals are mostly women and children, the majority are poor, and many are refugees or displaced persons. Their status — or rather, lack of official s

Nearly one billion people on earth lack any form of widely recognized identity.

Let me say that again…a billion people! Looked at another way, that is one person in eight alive today living without any official record of their existence.

These individuals are mostly women and children, the majority are poor, and many are refugees or displaced persons. Their status — or rather, lack of official status — represents a constant barrier to participation in modern social, economic, and political life.

Many of us are lucky enough to live in countries where we have multiple forms of ID; a driver’s license or transit pass, which enables us to get where we need to go, a work ID to access our place of employment, credit or debit cards to make purchases, health ID cards to receive medical care, logins to access our work, financial, and social media accounts, and more. We use them without thinking about it and generally take them for granted.

But, if you want to get a sense of what life is like without a formal identity, try leaving all your forms of ID at home for one day. It will open your eyes.

If you are lucky, you will make it to work without being pulled over by a police officer (caution: your day is likely to get much worse if you do). Without carrying a driver's license, you will probably be looking over your shoulder and driving more slowly and carefully, experiencing — though to a lesser degree — the fear and uncertainty that those without ID experience on a daily basis, across all of their activities. You may return home hungry because you were unable to pay for lunch, or do any of the other activities that require a credit card. And, hopefully, the security guard in the lobby recognizes you — or can call someone to admit you — otherwise, you might be heading home early to “work remotely.”

Seriously… try a day of not using any form ID to recognize just how much you depend on it.

Digital ID can be a powerful tool that both empowers individuals and protects their basic human rights and civil liberties.

Those who lack an official identity find it difficult or impossible to access basic services, such as education, employment, health care, and financial services. They are unable to exercise their rights as citizens and voters and participate in the modern economy. Giving these individuals an official identity unlocks countless opportunities.

Article Six of the Universal Declaration of Human Rights states that “Everyone has the right to recognition everywhere as a person before the law.” Adopted in 1948, the Declaration defines a variety of rights to which we are all entitled; equal treatment before the law, dignity, nationality, privacy, education, mobility, and more. Being able to prove one’s identity is fundamental to the full exercise of these rights.

In 2015, the United Nations Sustainable Development Goals (SDG 16.9) established a target of providing legal identity for all, including birth registration, by 2030. The UN, World Bank, and nations around the world have made admirable progress toward closing the “identity gap.” In a recent Biometric Update 16.9 Podcast, UNDP’s Niall McCann predicted that, by 2025, 350 million more people will have a recognized form of identity. This would be a remarkable accomplishment. But, from our perspective, closing the identity gap is necessary, but, ultimately, insufficient.

The world would be a simpler place if having an ID guaranteed these rights. Of course, it doesn’t. For some individuals who do have an ID — religious and ethnic minorities, political dissidents, for example — relying on a national ID system can have the opposite effect, making them more susceptible to exclusion, oppression, and persecution. For these individuals, alternative forms of ID are necessary to ensure that their rights — and, in some cases, their lives — are protected.

Done properly, “good ID” can help address both challenges, offering the promise of both empowerment and protection. And yet, all ID systems — digital or paper-based — come with attendant risks, which must be understood and intentionally mitigated through technology, design, policy, and enforcement choices by public and private sector decision-makers.

At ID2020, we often say that “good ID = good technology + good policy + good governance.”

There is a dangerous tendency to think that we can “tech our way out of any problem.”

The reality is that technology alone cannot adequately prevent exclusion, oppression, surveillance, and a variety of other undesirable outcomes. Building ID systems — especially digital ID systems — in an ethical manner requires governance frameworks and robust policy and regulatory safeguards that add an extra layer of protection. This is why collaboration between governments, multilateral and bilateral funders, civil society, and the private sector is so essential.

We are encouraged by the progress being made. At the same time, we are humbled by the task ahead of us and know that we must do more.

Living up to the intent of SDG 16.9 and the Universal Declaration of Human Rights will require not only expanding access to ID, but also ensuring that these systems are designed, built, and implemented in ways that protect fundamental human rights, enhance equity, and promote social and financial inclusion.

We hope that you will join us today in celebrating Identity Day by taking a moment to reflect on how our community — and, indeed, each of us individually — can help enhance equity, inclusion, and social and economic justice through our work.

Thank you.


FIDO Alliance

UploadMagazin: Passkeys and FIDO: The future without passwords explained

The future without passwords is explained in this German feature piece, exploring why passkeys are outdates, who FIDO is and how passkeys work. The piece concludes that while there may […] The post UploadMagazin: Passkeys and FIDO: The future without passwords explained appeared first on FIDO Alliance.

The future without passwords is explained in this German feature piece, exploring why passkeys are outdates, who FIDO is and how passkeys work. The piece concludes that while there may be some limitations with passkeys, it’s undeniable that passkeys offers a means forward and a positive note for the industry.

The post UploadMagazin: Passkeys and FIDO: The future without passwords explained appeared first on FIDO Alliance.


Security Insider: What is FIDO?

This piece in a top tier German security magazine offers an overview of the FIDO Alliance and accompanies a podcast episode on the topic hosted with Rolf Lindemann, an active […] The post Security Insider: What is FIDO? appeared first on FIDO Alliance.

This piece in a top tier German security magazine offers an overview of the FIDO Alliance and accompanies a podcast episode on the topic hosted with Rolf Lindemann, an active FIDO Alliance Board Member and Co-Chair of numerous working groups, that explores how FIDO will replace passwords with passkeys.

The post Security Insider: What is FIDO? appeared first on FIDO Alliance.


Help Net Security: IoT: The huge cybersecurity blind spot that’s costing millions

This contributed byline from Andrew Shikiar, executive director and CMO of FIDO Alliance, details cybersecurity blind spots generated by growing IoT technology adoption. To address these issues, the FIDO Alliance […] The post Help Net Security: IoT: The huge cybersecurity blind spot that’s costing millions appeared first on FIDO Alliance.

This contributed byline from Andrew Shikiar, executive director and CMO of FIDO Alliance, details cybersecurity blind spots generated by growing IoT technology adoption. To address these issues, the FIDO Alliance launched FIDO Device Onboard (FDO) in 2021 to tackle two main problems: deployment efficiency and security at the point of onboarding. The main feature of FDO is fully automated device onboarding, which considerably speeds up the previously manual process. FDO also replaces generic password credentials with highly secure cryptographic keys, making the devices considerably more robust against attack.

The post Help Net Security: IoT: The huge cybersecurity blind spot that’s costing millions appeared first on FIDO Alliance.


The Times: The Times view on the magic of ‘passkeys’: Open Sesame

Teams from Apple, Google, Microsoft, Amazon, Meta (the owner of Facebook, Instagram and other social media platforms) and other leading technology groups have worked together to develop a passkey, unique […] The post The Times: The Times view on the magic of ‘passkeys’: Open Sesame appeared first on FIDO Alliance.

Teams from Apple, Google, Microsoft, Amazon, Meta (the owner of Facebook, Instagram and other social media platforms) and other leading technology groups have worked together to develop a passkey, unique to each user, that can unlock apps and provide access to websites, eventually across all platforms. Passkeys were launched by Apple yesterday in the latest version of its operating system, iOS16.

The post The Times: The Times view on the magic of ‘passkeys’: Open Sesame appeared first on FIDO Alliance.


The Times: Using your face as a password is easy as abc123

Apple, Google and Microsoft put aside rivalries to work together on the passkey, along with a group called the Fido (Fast Identity Online) alliance, so that they can be used […] The post The Times: Using your face as a password is easy as abc123 appeared first on FIDO Alliance.

Apple, Google and Microsoft put aside rivalries to work together on the passkey, along with a group called the Fido (Fast Identity Online) alliance, so that they can be used on different devices, browsers and operating systems.

The post The Times: Using your face as a password is easy as abc123 appeared first on FIDO Alliance.


BFM Tech&CO: How does the “passkey” work, the authentication system that will bury passwords?

The end of forgotten or stolen passwords? Apple is launching “passkeys” today, a new identification system that should make the use of cryptic passwords to guarantee the security of one’s […] The post BFM Tech&CO: How does the “passkey” work, the authentication system that will bury passwords? appeared first on FIDO Alliance.

The end of forgotten or stolen passwords? Apple is launching “passkeys” today, a new identification system that should make the use of cryptic passwords to guarantee the security of one’s accounts a thing of the past. In practice, logging in anywhere will be as easy as unlocking your screen: every site that offers to use passkeys will ask the user if they want to use them to authenticate. It will then be necessary to use the usual method of unlocking the phone (PIN code, pattern, fingerprint or facial recognition) to validate the connection, explains the Fast Identity Online Alliance (FIDO Alliance), which is behind this process.

The post BFM Tech&CO: How does the “passkey” work, the authentication system that will bury passwords? appeared first on FIDO Alliance.


WELT: This technology should soon make the password superfluous

Even the best password can be intercepted or stolen. Instead, “Fido 2” can make logging on with a computer or smartphone secure – and without a password at all. Apple, […] The post WELT: This technology should soon make the password superfluous appeared first on FIDO Alliance.

Even the best password can be intercepted or stolen. Instead, “Fido 2” can make logging on with a computer or smartphone secure – and without a password at all. Apple, Google and Co. already use the IT standard. And even older PCs can be upgraded.

The post WELT: This technology should soon make the password superfluous appeared first on FIDO Alliance.


Süddeutsche Zeitung: This is how Apple wants to make passwords superfluous

Apple has shown it to everyone again. In early May 2022, Apple, Google and Microsoft jointly declared that passwordless login with security keys was coming “sometime in 2023”. Now the […] The post Süddeutsche Zeitung: This is how Apple wants to make passwords superfluous appeared first on FIDO Alliance.

Apple has shown it to everyone again. In early May 2022, Apple, Google and Microsoft jointly declared that passwordless login with security keys was coming “sometime in 2023”. Now the iPhone company has packed its version of the login – Apple calls it “Passkeys” – directly into its new mobile operating system iOS 16. It has been available to users since Monday. This is how Apple wants to make passwords superfluous.

The post Süddeutsche Zeitung: This is how Apple wants to make passwords superfluous appeared first on FIDO Alliance.


SelfKey Foundation

Web3 identity verification

Next-generation digital identity management might develop into a fully decentralized peer-to-peer networking system with the rise of Web3. The post Web3 identity verification appeared first on SelfKey.

Next-generation digital identity management might develop into a fully decentralized peer-to-peer networking system with the rise of Web3.

The post Web3 identity verification appeared first on SelfKey.

Thursday, 15. September 2022

ResofWorld

Unauthorized Shein boutiques are popping up across Mexico

Customers get a similar experience from buying on the app, but what they most want is the human touch.
In a small street in Chipilo, in the Mexican state of Puebla, rows of dresses, accessories, leggings, and bodysuits are neatly placed on the walls of a store run by...

Why a coal company created an EV startup in Indonesia

Since the pandemic, the country’s old-school business empires have been going all-in on tech, hoping to secure their futures.
One day in 2019, Pandu Sjahrir found himself being scolded by his wife. “The air quality in Jakarta is getting bad,” she said. “What are you going to do about...

We Are Open co-op

An Architecture of Participation for Community growth

Some recommendations for the LocalGov Drupal community​​ Over the last few months, we’ve been working with the LocalGov Drupal team to shore up support for the project and help the community scale. We’ve been looking at the ways the project can help more people to get involved in a way that is sustainable for the existing community. In Quick wins to improve your Open Source community’s Architectu
Some recommendations for the LocalGov Drupal community​​

Over the last few months, we’ve been working with the LocalGov Drupal team to shore up support for the project and help the community scale. We’ve been looking at the ways the project can help more people to get involved in a way that is sustainable for the existing community. In Quick wins to improve your Open Source community’s Architecture of Participation, we talk about some tactics any project can implement quite quickly.

In this post, we continue using our Architecture of Participation, and present some strategies that will help this successful project. In one way or another, they all deal with developing empathy.

Clear mission

LocalGov Drupal has a fantastic mission. As the project grows, it’s important to ensure that the community stay on course with that mission:

The publishing platform created by councils, for councils.

This is expanded to explain that:

LocalGov Drupal is a publicly owned asset that delivers a better digital experience for citizens, improves service outcomes, and saves money.

In order for councils to continue creating the platform, there needs to be clarity around how it is publicly owned and operated. What mechanisms exist for the community to influence the direction of the project?

Diagram via Sociocracy for All Recommendations Involve the community in decision making through defined workflows and roles. Share information and be transparent about financials (e.g. shortfalls in funding, investment opportunities) by creating a ‘funding’ circle that members can join. Use consent-based decision making within relevant Sociocratic circles to guide relationship establishment with partner organisations. Invitation to participate

The advice in our blog post to take the time to personally invite people stands true, this is a game changer for participation. Another helpful way to ensure that you are inviting a diverse group of people is to establish some repeatable norms for the community.

At the beginning of meetings, invite people to check in by saying how they are arriving at that meeting. This gives people an opportunity to say how they are feeling, what might be bothering them or what they hope to get out of their participation.

In addition, create repeatable norms by inviting people to check out places they can get involved. Ask for feedback early and often, model pro-social behaviours around invitations that extend across the project.

Participatory Culture by Visual Thinkery is licenced under CC-BY-ND Recommendations Get in the habit of using check–ins / checkouts in ALL meetings to make people feel welcome, bring their ‘full selves’, and be ready for participation. Sign-ins and written check-ins are great! Feed the #showyourwork channel by encouraging people to share what they’ve done, however small. Share v0.1 of your work for feedback (rather than v1.0) to get feedback around direction as well and not just the ‘final polish’. Easy onboarding + modular approach

A successful open source project like LocalGov Drupal has A LOT of information to wrap your head around. There are a lot of ways into the project, different places communication is taking place and a variety of technical and social skills required to participate.

In order to make onboarding to a project or community easy for anyone, it can help to present information in several different ways. Thinking about (and documenting!) pathways people might be using to come into a project can help the community see where information could be tidier. This in turn can help the community identify places where a different view of the information might be helpful.

Visualised contribution pathways for LGD Recommendations Create a step-by-step checklist of onboarding and interview new community members regularly to help improve it. Develop and promote the documentation system (aka the wiki) to ensure that contribution guidelines are up-to-date. Ensure the full context of the LGD project isn’t just held in the heads of core team members by creating standing agenda items. Help prevent confusion for new community members by using (and updating) contribution pathways. Identify the “most used” resources and make sure they are accessible in multiple ways (e.g. record a screencast of the most popular slidedeck or write a blogpost about the most popular graphic) Strong leadership + celebration of milestones

There are many different types of leadership. Strong leadership in an open source project is both distributed and diverse, marked by empathy, fair processes, and the establishment/encouragement of positive relationships.

The approach being experimented with by LocalGov Drupal, and which we have seen work extremely well within the co-operative movement is Sociocracy. LGD already has a product group, steering group, and technical group, however consent-based decision-making is not necessarily the norm within these groups’ meetings.

Governance is a work in progress and so we should celebrate both milestones in the project (e.g. technical development) but also milestones in the maturity of the organisation. Those with more mature governance are able to devolve decision-making to relevant circles, encouraging democratic processes and removing bottlenecks.

Recommendations Arrange a Sociocracy refresher workshop and invite everyone in the community. Document the content of the workshop and include it in the LGD knowledge base. Ensure that each circle has an established “lead” and ask that person to participate in creating standing agenda items together with the other leads. Celebrate milestones by issuing badges for everything from onboarding, to pro-social behaviours the LGD community wants to encourage, through to membership of groups/circles. Plan for a specific role around governance and operations to allow ‘business as usual’ to flourish as well as innovation work. Share progress around governance issues as well as technical development on the blog, newsletter, and in presentations about the project. Ways of working open + backchannels

There are bits of information that need to be kept confidential for the good of the project, but as an open source community, you should default to the highest level of openness you can.

As you work openly, try not to make judgements about what’s “relevant” to the community. Community members will decide for themselves what is relevant and what isn’t. Just remember to add an appropriate license (e.g. Creative Commons) to help people know in what ways they can share and contribute.

In order for people to bring their full selves to the project and contribute in diverse ways, they need to be able to talk about things which may be slightly off-topic. These are opportunities to strengthen relationships between community members, much as people who work in the same office bond by sharing stories around the watercooler.

Positive, pro-social behaviours need to be modelled by those in leadership positions. This is why the habits of those leading meetings, giving presentations, and otherwise having responsibility within the LGD community are so important.

CC-BY-ND Bryan Mathers Recommendations Establish at least one #backchannel in Slack to enable community members to get to know one another without being disruptive in a work-related channel. Provide guidance on licences which relate to documentation of the project, over and above the code. For example, Creative Commons CC BY-SA. Make decisions about technology used for community interaction based on established processes and criteria. Revisit the Code of Conduct on at least an annual basis to ensure that nothing is standing in the way of diverse community contribution. Issue badges based on regular (monthly/quarterly) mini-workshops on what it means to work openly and model/encourage open behaviours. Onwards!

Open source is about collaboration, not just code. Finding ways to help people feel welcome and seen is a good way to help your open source project be sustainable.

An Architecture of Participation for Community growth was originally published in We Are Open Co-op on Medium, where people are continuing the conversation by highlighting and responding to this story.


SelfKey Foundation

Ethereum Merge

Now the merging is finished. The Merge is about Ethereum transitioning to proof of stake, a more energy-efficient way of validating transactions that take place on the platform. The post Ethereum Merge appeared first on SelfKey.

Now the merging is finished. The Merge is about Ethereum transitioning to proof of stake, a more energy-efficient way of validating transactions that take place on the platform.

The post Ethereum Merge appeared first on SelfKey.


Blockchain Commons

Silicon Salon 2 Posted!

Thanks to everyone who joined us for our second Silicon Salon, this one focused on Secure Boot, Supply-Chain Security, and Firmware Upgrades. Courtesy of some terrific presentations, we were able to get into good depth on these topics, both discussing the state of the art and what we could do better. You can find all the info on the Silicon Salon 2 pages of siliconsalon.info. At the website, you ca

Thanks to everyone who joined us for our second Silicon Salon, this one focused on Secure Boot, Supply-Chain Security, and Firmware Upgrades. Courtesy of some terrific presentations, we were able to get into good depth on these topics, both discussing the state of the art and what we could do better. You can find all the info on the Silicon Salon 2 pages of siliconsalon.info.

At the website, you can find the videos, slides, and transcripts of all the presentations, plus an overview of the discussion. We’re also continuing to use our Silicon Salon topic to further these discussions as part of our Community repo.

If you would be interested in sponsoring or planning Silicon Salon 3, either this fall or winter, please email us.

Wednesday, 14. September 2022

EdgeSecure

Rutgers University Connects with Edge on Their 100 Gbps Optical Fiber Network

The post Rutgers University Connects with Edge on Their 100 Gbps Optical Fiber Network appeared first on NJEdge Inc.

NEWARK, NJ, September 14, 2022 – Edge member, Rutgers University, recently migrated one of their enterprise Internet connections to the Edge optical fiber network, EdgeNet, at 100 Gbps—making them the second institution in New Jersey to connect to EdgeNet network services at this advanced speed. Fairleigh Dickinson University (FDU), also an Edge member, celebrated this accomplishment earlier this year.

Historically, Rutgers and Edge have been well partnered with network services and collocate in data centers located in Philadelphia and Newark. Up until now, Edge has provided the University with their guest wireless network Internet service but with this recent enhancement, Edge will provide internet services directly to Rutgers. After getting Rutgers ready for the connection and overcoming supply chain issues to secure the hardware required for this upgrade, the project was completed successfully in less than four months.

“Along with receiving the benefit of the included DDOS mitigation service, peering connection to Internet2, and direct connection to the AWS cloud infrastructure, Rutgers will also be able to leverage the peering infrastructure that we have put in place. Rutgers exchanges a great deal of traffic with service providers that we peer with on the network, including Amazon, Netflix, Facebook, Google, and Microsoft. By moving their internet connection over to EdgeNet, Rutgers is able to benefit from a peering infrastructure that reduces latency, improves reliability, and optimizes network performance.” — Bruce Tyrrell, Associate Vice President for Programs & Services, Edge

The design of the peering infrastructure provides for a higher performing, more highly available connection to the services provider, where they are located on one hop off of the Edge network. “By moving their connection from a commodity internet provider to the EdgeNet network, Rutgers is gaining member-to-member connectivity via our advanced layer 3 service capability,” explained Tyrrell. “The routing design offers leading edge network characteristics to meet the constantly evolving needs of high-speed research and collaboration.”

Adrienne Esposito, Director of Network Operations and Architecture, Rutgers University commented, “Edge has been our trusted partner for over two decades.  As part of our Rutgers traffic optimization strategy, it was an easy decision to move one of our commodity internet 100Gb links to Edge. The cutover was seamless, and the move resulted in annual savings.”

“I would like to commend Rutgers for further supporting our partnership and believing in our mission of helping connect organizations and sparking growth and development through technology transformation,” shared Tyrrell. “We are proud of their commitment and taking an important next step in upgrading their network connectivity experience. Edge is highly invested in the success of our connected members and we are excited to see how this advancement will inspire new opportunities for Rutgers going forward.”

To learn more about how EdgeNet can create a gateway to high performance and growth, visit https://njedge.net/solutions-overview/network-connectivity-and-internet2/.

The post Rutgers University Connects with Edge on Their 100 Gbps Optical Fiber Network appeared first on NJEdge Inc.


Oasis Open Projects

U.S. Government to Transition National Information Exchange Model (NIEM) to OASIS Open

14 September 2022 – OASIS Open, the international open source and standards consortium, today announced that NIEM (formerly known as National Information Exchange Model), will transition to NIEM Open, an OASIS Open Project, in October 2022. A collaborative partnership between private industry and all levels of governmental agencies, the NIEM framework enables the effective and […] The post U.S.

Department of Homeland Security Signs on as First Premier Sponsor of New Public/Private Partnership

14 September 2022 – OASIS Open, the international open source and standards consortium, today announced that NIEM (formerly known as National Information Exchange Model), will transition to NIEM Open, an OASIS Open Project, in October 2022. A collaborative partnership between private industry and all levels of governmental agencies, the NIEM framework enables the effective and efficient sharing of critical data as currently demonstrated in the justice, public safety, emergency and disaster management, intelligence, and homeland security sectors. NIEM is designed to facilitate the creation of automated enterprise-wide information exchanges. The U.S. Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has committed to support NIEM Open at the Premier Sponsor level to advance the critical work of the project.

This October, when NIEM transitions from the U.S. Department of Defense to OASIS, an ANSI-accredited and ISO-recognized standards development organization, NIEM’s expansion into global markets will provide access to a larger pool of stakeholders and developers to contribute to the project, creating a path for NIEM to become an official standard in national and international policy and procurement.  

“Transitioning to an OASIS Open Project allows NIEM to become more readily available to international communities and organizations that want to adopt NIEM,” said Stuart Whitehead of the U.S. Department of Defense. “We look forward to working with new alliances in the private sector to assist in the integration of NIEM into even broader user communities, allowing NIEM to become the gold standard for public-private partnerships. This is an exciting time to continue to advance the NIEM model technically as it transforms into an open, international standard.”

“At OASIS, there’s an extensive set of processes for collaborative development of standards. This is the type of environment that technology companies and government agencies need to accelerate interoperability initiatives across boundaries,” said Katherine Escobar, Deputy Division Chief for the Joint Staff’s J6 Data and Services Division. “We will continue to look for ways to simplify use, embrace emerging technologies, and welcome new communities. We look forward to expanding the NIEM footprint and seeing NIEM Open help organizations exchange information to improve decision making, increase efficiency, and advance their missions.”

“DHS S&T is excited to see the evolution of NIEM to an OASIS Open Project,” said Philip Mattson, Standards Executive and Senior Standards Advisor at the U.S. Department of Homeland Security. “This will strengthen NIEM’s overall development, raising the level of collaboration in diverse communities.”

NIEM Open’s Sponsors will provide strategic vision, governance, and technical guidance for future efforts and have the option to serve on the Project Governing Board, where they approve work produced by the community as well as proposals for new open source projects. To learn more about becoming a Sponsor and joining the Project’s Governing Board, please contact join@oasis-open.org.

Additional Information:

About NIEM:

Established in 2005 by the U.S. Department of Justice and the U.S. Department of Homeland Security, NIEM is a community-driven, standards-based approach to facilitate information sharing. U.S. and International organizations across Federal, State, Local, Tribal, Territorial, Public, Private and Commercial sectors use NIEM as a common base data model and methodology to promote interoperability of data and software, reduce design and development time for information exchange applications, and allow the reuse of intellectual capital and skills across multiple projects.

About OASIS:

One of the most respected, nonprofit open source and open standards bodies in the world, OASIS advances the fair, transparent development of open source software and standards through the power of global collaboration and community. OASIS is the home for worldwide standards in IoT, cybersecurity, blockchain, privacy, cryptography, cloud computing, urban mobility, emergency management, and other content technologies. Many OASIS standards go on to be ratified by de jure bodies and referenced in international policies and government procurement. More information can be found at https://www.oasis-open.org/.

Media inquiries:

communications@oasis-open.org

The post U.S. Government to Transition National Information Exchange Model (NIEM) to OASIS Open appeared first on OASIS Open.


SelfKey Foundation

SelfKey MetaProof Platform

The SelfKey MetaProof Platform, with its focus on preventing Sybil attacks, has various uses in both the Web3 and the Metaverse. The post SelfKey MetaProof Platform appeared first on SelfKey.

The SelfKey MetaProof Platform, with its focus on preventing Sybil attacks, has various uses in both the Web3 and the Metaverse.

The post SelfKey MetaProof Platform appeared first on SelfKey.


Findy Co-operative

The Findynet Cooperative starts building a trust network by strengthening its organization

On August 31, 2022, the Finnish Ministry of Finance has granted the Findynet Cooperative a three-million-euro government grant to build a pilot environment for a self-sovereign identity network. With the financing, the cooperative initiates the building of the trust network and strengthens its organization by appointing Mika Huhtamäki as Chairman of The Board and Markus… The post The Findynet Co

On August 31, 2022, the Finnish Ministry of Finance has granted the Findynet Cooperative a three-million-euro government grant to build a pilot environment for a self-sovereign identity network. With the financing, the cooperative initiates the building of the trust network and strengthens its organization by appointing Mika Huhtamäki as Chairman of The Board and Markus Hautala as CEO.

The Findynet Cooperative board has elected Mika Huhtamäki as the new Chairman of The Board. Huhtamäki has been a member of The Findynet Cooperative’s board of directors since June 2021. For the past 15 years, he has been building Vastuu Group Oy’s business and serves as the company’s Vice President with responsibility for identification services and MyData business. Mika is an innovative pioneer in service development and sustainable data business, with extensive experience in i.a., Tax Administration, Financial Supervisory Authority solutions and ecosystem-driven development of law-based personal and business information services. Mika is a Certified Board Member (CBM) recognized by The Finland Chamber of Commerce.

The Findynet Cooperative Board has appointed Markus Hautala as CEO of the cooperative. With this appointment, Markus Hautala has resigned as a cooperative board member. Hautala has 20 years of experience in building and bringing innovative digital services to the market within financial services and the IT industry. Since June 2021, he has served as the chairman of the board of The Findynet Cooperative. In addition to his role as CEO of the cooperative, he will continue as Head of Digital Identity at Tietoevry.

The Findynet Cooperative is developing a common and secure self-sovereign identity network, which can be used to ensure the correctness of information in electronic interactions. The network allows connected digital wallets, individuals, and organizations to share information about themselves in a reliable and secure manner in various situations. The Findynet Cooperative includes nine public and private sector organizations: Finance Finland, Finnish Post, Nixu, Nordea Bank, OP Financial Group, Social Insurance Institution of Finland (Kela), Technology Finland, Tietoevry and Vastuu Group.

The Findynet Cooperative’s previous announcement about the funding granted by the Ministry of Finance can be found here.

For more information, please contact:
Mika Huhtamäki, Chairman of the Board, Findynet Cooperative, tel. +358 40 061 6253, mika.huhtamaki(at)vastuugroup.fi

Markus Hautala, CEO, Findynet Cooperative, tel. +358 40 182 4299, markus.hautala(at)tietoevry.com

The post The Findynet Cooperative starts building a trust network by strengthening its organization appeared first on .

Tuesday, 13. September 2022

Hyperledger Aries

Energy & Mines Digital Trust: The Open-Source Journey Towards a Clean, Resilient Economy

As the world works towards climate goals, a government project from Canada is using digital trust technology to make it easier and more secure for natural resource companies to share... The post Energy & Mines Digital Trust: The Open-Source Journey Towards a Clean, Resilient Economy appeared first on Hyperledger Foundation.

As the world works towards climate goals, a government project from Canada is using digital trust technology to make it easier and more secure for natural resource companies to share sustainability data. 

Energy & Mines Digital Trust (EMDT) was established by the Government of British Columbia in recognition that we must do more to facilitate the transition to a clean, resilient economy. British Columbia (B.C.), Canada’s western-most province, was the first province in Canada to implement greenhouse gas emission reduction targets and mandatory sustainability reporting for major sectors of the provincial economy. As leaders in climate change legislation, B.C. is well positioned to explore cutting-edge technology in the journey towards a low-carbon economy. To improve trust, accuracy, and efficiency when sharing sustainability data, EMDT is coordinating a digital ecosystem – a network of organizations including environmental auditors, government bodies, mining and energy companies, and non-government organizations.

Improved Sustainability Reporting 

Currently, reporting sustainability data can be challenging. Data is difficult to exchange internationally, and consumers cannot always access, or trust, reported data, not to mention the administrative burden.  

EMDT’s digital ecosystem makes it possible to exchange sustainability information simply and securely, using digital credentials.

Digital credentials: 

Can be shared quickly and are tamper-proof.  Allow companies to control their data.  Guarantee the integrity of the information.  Preserve privacy in business-to-business interactions. 

Digital Trust Ecosystem: EMDT Pilot  

EMDT has been testing and refining their technology and governance through multiple pilot projects to demonstrate how sustainability reporting can be made more efficient and trustworthy. Two pilot projects explore greenhouse gas emissions reporting in the mining sector and the natural gas sector. These pilots allow participants to test sharing and receiving digital credentials that include verified GHG emissions data for a specific mine site or natural gas facility.

*Because this is a pilot, the process depicted in this diagram does not satisfy or replace existing regulatory reporting obligations.

The greenhouse gas (GHG) mining pilot builds upon the existing regulatory emissions reporting process in British Columbia. PricewaterhouseCoopers (PwC), an environmental auditor, issues a digital credential to Copper Mountain Mining Company containing verified GHG data. Copper Mountain can then use the Greenhouse Gas Emissions Report Verification Credential as part of their GHG emissions report to British Columbia’s Climate Action Secretariat. Copper Mountain can use the same digital credential to complete voluntary reporting to organizations such as the Open Earth Foundation

Increased Connections 

To facilitate the broad exchange of sustainability data, EMDT used Hyperledger Indy and Hyperledger Aries to create a highly interoperable tool, called Traction. Traction is an API accelerator built on top of Hyperledger Aries Cloud Agent Python (ACA-PY). Traction streamlines the process of sending and receiving digital credentials for governments and organizations.

Hyperledger Aries makes Traction highly interoperable with the technological solutions of companies and organizations around the world. “While two wallets might be different implementations or might be written in different code, they can still exchange data because both wallets use Aries,” explains Kyle Robinson, EMDT’s Senior Strategic Advisor. 

Traction makes it easier to integrate digital trust technology into existing lines of business: 

API-first Architecture: Traction is designed with an API-first architecture. This RESTful API allows for integration into existing line-of-business applications already being used by organizations. The Tenant user interface is built on this API to enable adoption prior to integration and for low-use functions. Multitenancy: ACA-Py is implemented on a cloud-based server so multiple wallets can be managed with one Traction instance.  Higher Scalability: Traction is open-source technology, encouraging collaborative refinement, faster release, and higher scalability of the technology.

Collaborative Climate Change Progress

With an increasing emphasis on responsibly sourced products, simplified methods for exchanging sustainability data ensures that B.C. natural resource providers can compete in a global market. Digital trust technology streamlines access to trustworthy sustainability data, allowing businesses, governments, and non-government organizations to work towards climate change goals more efficiently and effectively. Visit our website to learn more about Energy & Mines Digital Trust.

The post Energy & Mines Digital Trust: The Open-Source Journey Towards a Clean, Resilient Economy appeared first on Hyperledger Foundation.


Elastos Foundation

Elastos Financial Report – First Half 2022

...

Commercio

Connect Commercio blockchain to 5000+ apps with Zapier

Until now, integrating with the Commercio blockchain required an IT framework and in-depth technical knowledge. The two options available to date were: develop a native integration (in case using the sdk), develop an integration in Rest Api (using the Commercio.app). Both options require a large number of tasks that added together really take up a lot of time and energy. […] L'articolo Connect C

Until now, integrating with the Commercio blockchain required an IT framework and in-depth technical knowledge.

The two options available to date were:

develop a native integration (in case using the sdk),
develop an integration in Rest Api (using the Commercio.app).

Both options require a large number of tasks that added together really take up a lot of time and energy.

This is where automation comes in. It gives you back this valuable time and makes a complex concept, such as blockchain, accessible to anyone who needs to use it.

Starting today, thanks to the invaluable work of the brilliant Nicola Contin of We Can Consulting SpA, you can use Zapier to connect your Commercio app to 5000+ other services. 

 

How to get started with Zapier

Zapier is a tool you can use to automate different tasks, connect different Apps, and integrate them. It then allows you to tell Zapier what you want to achieve, without having to write a single line of code.

For example, whenever you get a new lead, Zapier can ask Dropbox to tell it what files you have uploaded, and in real time notarize them on Commercio.network.
With more than 5,000 integrations, you can integrate any storage system or any action produced by one of these integrations with Commercio.network.

To use Zapier, you must first create an account.  There are different plans, including a free plan that includes 5 single-step zaps and 100 activities.

But before we begin, here are some terms you need to know:

Zap
A Zap is an automated workflow between your Apps. They are a set of instructions you define in Zapier to perform predefined tasks. A zap is triggered when a certain event (a trigger) occurs in an app.

Trigger
Triggers are basically events within software that initiate a workflow. The trigger sends a set of information to Zapier that can be used in zaps to perform actions in other online services, which are also connected to Zapier.

Action
The action is any step taken by zap. For example, each time a row is added to a Google sheet, a zap updates the stock of a product.

Task
A task is how Zapier keeps track of your actions. This is important when you choose your plans. Each time a zap performs one of its “Action” steps, Zapier considers it to be a task. For example, your zap updates the product stock twice a day, Zapier considers this as two tasks.

Remember this when you select your rate plan.

Commercio Network + Zapier

Grazie al nuovo Add-On Zapier, ora puoi connettere la blockchain di Commercio ad altri servizi online e impostare l’automazione, sempre senza scrivere una sola riga di codice.

Prima di tutto ti devi collegare a https://commercio.app/ , creare un account, confermarlo e acquistare una membership.

A quel punto, colleghi l’account tramite l’estensione Zapier inserendo username e password dell’account di Commercio.

Now your connection is complete, and you can start configuring triggers and ready-to-use actions.

Your App automatically notifies Zapier whenever one of these two triggers occurs:

List of share doc processes initiated Wallet amount

For example, you can create a zap that checks your wallet funds in real time, or that checks whether a new document has moved from the process queue to actual notarization.

You can automate the following actions in your Commercio.app using the information collected in Zapier:

Creating a new share doc Searching for a specific process id to check the status of a transaction

Killer APP: Dropbox integration

 

An example of a Killer APP might be the Dropbox integration:

connect your Dropbox account, and with each file upload start a new share doc and notice it in real time.

 

L'articolo Connect Commercio blockchain to 5000+ apps with Zapier sembra essere il primo su commercio.network.

Monday, 12. September 2022

OpenID

The OpenID Connect Logout specifications are now Final Specifications

The OpenID Foundation membership has approved the following OpenID Connect specifications as OpenID Final Specifications: OpenID Connect Session Management 1.0 OpenID Connect Front-Channel Logout 1.0 OpenID Connect Back-Channel Logout 1.0 OpenID Connect RP-Initiated Logout 1.0 A Final Specification provides intellectual property protections to implementers of the specification and is not subject t

The OpenID Foundation membership has approved the following OpenID Connect specifications as OpenID Final Specifications:

OpenID Connect Session Management 1.0 OpenID Connect Front-Channel Logout 1.0 OpenID Connect Back-Channel Logout 1.0 OpenID Connect RP-Initiated Logout 1.0

A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision.

The Final Specifications are available at:

https://openid.net/specs/openid-connect-session-1_0-final.html https://openid.net/specs/openid-connect-frontchannel-1_0-final.html https://openid.net/specs/openid-connect-backchannel-1_0-final.html https://openid.net/specs/openid-connect-rpinitiated-1_0-final.html

The voting results were:

Approve – 62 votes Object – 0 votes Abstain – 10 votes

Total votes: 72 (out of 280 members = 25.7% > 20% quorum requirement)

— Michael B. Jones – OpenID Foundation Board Secretary

The post The OpenID Connect Logout specifications are now Final Specifications first appeared on OpenID.

MyData

Open position: Executive Director

HIRING! Are you the new MyData Global Executive Director? We're looking for a strategic, impact-minded leader to take us to the next level! International work with purpose! More info: https://mydata.org
HIRING! Are you the new MyData Global Executive Director? We're looking for a strategic, impact-minded leader to take us to the next level! International work with purpose! More info: https://mydata.org

Ceramic Network

ComposeDB: Using Ceramic as a Graph Database

ComposeDB provides a complete data solution that supports multi-player use cases—like those demanded by social and DAO applications.
💡 Read the Getting Started Guide to start building with ComposeDB  What is ComposeDB on Ceramic?

ComposeDB on Ceramic is a decentralized, composable graph database. It provides different configurations (building blocks) that allow developers to quickly build applications on Ceramic—including the ability to discover, create, share and reuse composable data models using GraphQL.

ComposeDB provides a complete data solution that supports multi-player use cases—like those demanded by social and DAO applications. Popular use cases include projects around user profiles, reputation (publicly verifiable attestations for skills, credentials, and contribution scores), and user-generated content (portable social graphs, social media apps, networking, messaging, and blogs).

Today, Ceramic applies to a wide variety of use cases across different markets and segments. Its many examples include:

Storing user-generated content as Ceramic streams for app interoperability Storing contributor credentials for DAOs Issuing and storing verifiable credentials Creating unified conversation layers that can work across applications Enabling fully encrypted wallet-to-wallet messaging Storing user profile data Storing dynamic NFT content and metadata attached to user identities Dynamically appending metadata to NFTs over time

Following the production-ready release of ComposeDB, we expect to see applications that offer extremely rich end-user experiences—all built by developers who contributed to the community-driven data ecosystem on Ceramic.

Ceramic’s core team will present a production-ready version of ComposeDB in early 2023, one that will:

Enable developers to define and query complex graph database schemas that feature many different forms of relations between accounts (e.g. a user) and their content (e.g. a social post) Make indexing and querying possible on Ceramic Make data models and data more easily reusable on Ceramic Support advanced permissioning Overview of ComposeDB on Ceramic

This section outlines the five features and components that make ComposeDB on Ceramic possible. Click here for a full overview of concepts.

Composites & Data Models

Composites are composable building blocks used by developers. They are groups of data models (e.g. profiles, blog posts, and comments) that together define the graph database schema for an application. Content streams in Ceramic have metadata that automatically associates them to a data model, which defines the shape and schema of that data, as well as to accounts and other content (e.g. User X liked a post by User Y). Composites aggregate these lower-level data models into higher-level groups for application development. Composites are created by developers in the community and all feed into Ceramic’s ecosystem, making it easy for different applications to reuse and share data.

As we shift toward Composites, we’ll be sunsetting the previous data models module and discouraging using TileDocument streams.

Database

There are a few important changes required when running a JS Ceramic node after the ComposeDB release. Every node must now be backed by a SQL database, SQLite or Postgres, that will be used to index the data and construct the database for the data models in your Composite. Each node decides what to index and store in the database based on the models contained in its Composite, which must be passed to the node during development time.

Ceramic acts as a syncing protocol that maintains your local database state against a global network of documents and interoperable data models, maintained via the same verifiable event streams that have always been at the core of Ceramic—allowing you to trust the integrity of your index.

GraphQL

Developers only need to use one library, the ComposeDB Client, which provides a GraphQL interface to Ceramic. This client needs to be passed a Composite in order to saturate its own APIs and know which data models you’re using. Once your ComposeDB Client is loaded with your Composite, you can make GraphQL queries and mutations against your Ceramic node. Using ComposeDB will be much easier and more streamlined than building directly with previous developer packages on Ceramic—such as IDX or DID DataStore.

Data Model Reusability and Marketplace

Composites and their underlying data models are designed to be reusable, making it simple to build complementary and interoperable apps. Apps that reuse each other's Composites create instant interoperability, without any integrations needed. To date, developers have had to manually submit data models to the Registry on Github. Data models are now automatically indexed, enabling easier discovery and reuse. In the first release milestone, getting existing models happens through commands in the ComposeDB CLI, but we’ll follow closely with a UI.

Object Capabilities

One of the biggest challenges in Web3 is offering the ease of use of Web2—one-click sign-in and user sessions—while also preserving the user’s control of their data. To enable this, we have a new library called “did-sessions” built with CACAO (Chain Agnostic Capability Object), offering a permissions model called capability-based access control. CACAO will integrate with ComposeDB to grant granular permissions to specific models. Permissions open up a range of new use cases, sign in flows, and data access patterns on Ceramic. This includes capability-based permission scoping, which allows a developer to specify which Composites or data models they’re asking permission for.

The first major use case we’re enabling with CACAO is Sessions. We’ve paired CACAO and did-sessions library with a new DID method, called did:pkh, and the Sign-In With Ethereum specification (with more chains to come). This will allow users to seamlessly sign-in with their wallet and delegate actions (e.g. “liking”) and storage permissions to the developer for time-bound periods.

Ceramic Today vs. ComposeDB on Ceramic

Ceramic Today

ComposeDB on Ceramic

DB Type

Key-Value Store

Graph Database

Models

Account to single JSON object (Data Models)

Property graph supporting one-to-many relationships (Composites)

Storage

TileDocument streams

Model streams, MID streams

Indexing

None

Indexing by each Ceramic node

Queries

Many JS Library Method Calls

GraphQL Queries

Clients

HTTP Client, ModelManager, DID DataStore, Self.ID SDK

HTTP Client, GraphQL Client

Accounts

3ID as default

did:PKH as default

Authentication

All-or-nothing permissions

Granular permissions per model

Composability

GitHub Data Models Registry

Marketplace for models

DX

Patchwork of client libraries

Streamlined flow and tooling

UX

Specific Ceramic sign-in popups

Familiar, Web3 wallet-native

Milestones for ComposeDB on Ceramic

The following milestones represent different releases of ComposeDB on Ceramic. The dates are targets, not commitments. Please join our mailing list or Discord Server to find out when new releases go live.

Developer Preview

The Developer Preview will be available for developers who want to familiarize themselves with the new ComposeDB stack. Over the coming months the Ceramic core team will release new versions with improved functionality and documentation.

Available Early September

The earliest Developer Preview will offer the CLI and GraphQL Client, Composites, Sign-In With Ethereum, DID-Sessions, and the ability to explore models in the CLI. The core team will provide a Getting Started Guide, high level docs and js-ComposeDB API documentation.

Limitations: Currently, ComposeDB only supports defining relations between an account and the documents created by this account. Relations between documents and accounts are under development. In addition, there will be no scalability guarantees, no access to historical third-party data, it will not be available on mainnet and there will be no retroactive data availability.

Available Early October at Devcon in Bogota, Colombia

This release milestone provides simple relations between documents and accounts, enabling developers to test graph models so they can build richer and more engaging applications on Ceramic.

This version of the preview will offer simple (as compared to the following release) model relations, an improved docs portal with updated API documentation (js-compose, js-did, js-ceramic), Sign-In With Solana functionality and an updated way to index models that doesn’t require developers to restart their nodes.

Limitations include no access to historical third-party data, no optimization for deeply-nested queries with many relations and, at this time, ComposeDB will allow duplicate relations (e.g. liking the same post twice); therefore, developers will need to build preventative logic.

Available Late December

This release enables support for interfaces, allowing developers to evolve their application through extending existing data models, and unifying queries across different data models. This will also make it easier for developers to build shared interfaces with other applications (e.g. an interface for comments) as well as extend models for their app (e.g. adding more fields to a model).

For example, there could be a generic verifiable credential interface, this interface could be implemented by an education credential and a job employment credential. An application could make a union of these two credentials and seamlessly query across both of them. Verifiable credential MID streams won’t belong to the generic VC interface, but they will belong to more specific data models that implement the verifiable credential interface (e.g. education credential, job employment credential, DAO contribution credential, etc.).

Developers can expect support for sets, and indexable anchors that enable historical data sync retroactively. Historical data sync will enable a node to connect to the network and sync previous data (before the point in time that the particular node started indexing the data model). Historical data sync also means that if Node B goes down it will still be able to index the data via Node A, allowing historical data to sync between applications that share the same data model.

Available January 2023

This release enables developers to build on an open data ecosystem and define the data standards for their app (and others to come) to interoperate.

At this stage, queries will be executed more efficiently than before (server-side query execution), improvements will come to the dev portal, and easy-to-use node metrics will be available—in addition to self-serve mainnet access.

Limitations at this stage include multi-node deployments and a lack of hosted node options.

Production

Available Early 2023

Developers can build quickly on ComposeDB to offer rich end-to-end user experiences on their apps—providing data models and interoperable data within the Ceramic ecosystem.

At this point, Ceramic will handle a standard deployment of millions of writes and reads per day, in addition to a UI for searching Composites (data models) and improved Getting Started documentation. A UI for searching data models and Composites will make building with ComposeDB on Ceramic faster than before. Templates for scaled deployments and a hosted infrastructure option will also become available.

💡 Read the Getting Started Guide to build with ComposeDB and let us know what you think via this 2-minute survey

Saturday, 10. September 2022

OpenID

Public Review Period for Proposed Final Unmet Authentication Requirements Specification

The OpenID Connect Working Group recommends approval of the following specification as an OpenID Final Specification: OpenID Connect Core Error Code unmet_authentication_requirements A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision. This note starts the 60-day public review period for the specification draf

The OpenID Connect Working Group recommends approval of the following specification as an OpenID Final Specification:

OpenID Connect Core Error Code unmet_authentication_requirements

A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision. This note starts the 60-day public review period for the specification draft in accordance with the OpenID Foundation IPR policies and procedures. Unless issues are identified during the review that the working group believes must be addressed by revising the draft, this review period will be followed by a seven-day voting period during which OpenID Foundation members will vote on whether to approve this draft as an OpenID Final Specification. For the convenience of members, voting will actually begin a week before the review period ends, for members who have completed their reviews by then.

The relevant dates are:

Final Specification public review period: Friday, September 9, 2022 to Tuesday, November 8, 2022 (60 days) Final Specification vote announcement: Wednesday, October 26, 2022 Final Specification early voting opens: Wednesday, November 2, 2022 Final Specification official voting period: Wednesday, November 9, 2022 to Wednesday, November 16, 2022 (7 days)*

* Note: Early voting before the start of the formal voting will be allowed.

The OpenID Connect working group page is https://openid.net/wg/connect/. Information on joining the OpenID Foundation can be found at https://openid.net/foundation/members/registration. If you’re not a current OpenID Foundation member, please consider joining to participate in the approval vote.

You can send feedback on the specification in a way that enables the working group to act upon it by (1) signing the contribution agreement at https://openid.net/intellectual-property/ to join the working group (please specify that you are joining the “AB/Connect” working group on your contribution agreement), (2) joining the working group mailing list at https://lists.openid.net/mailman/listinfo/openid-specs-ab, and (3) sending your feedback to the list.

— Michael B. Jones – OpenID Foundation Board Secretary

The post Public Review Period for Proposed Final Unmet Authentication Requirements Specification first appeared on OpenID.

Friday, 09. September 2022

Elastos Foundation

Elastos Bi-Weekly Update – 09 September 2022

...

ELA Buyback Program To Support DPoS 2.0 Monthly Update – August

...

FIDO Alliance

Washington Examiner: Farewell, passwords: How Passkeys will change digital privacy 

When Apple releases iOS 16 in September, it will debut the highly anticipated Passkey, a new form of security authorization that will allow users to sign into accounts without having […] The post Washington Examiner: Farewell, passwords: How Passkeys will change digital privacy  appeared first on FIDO Alliance.

When Apple releases iOS 16 in September, it will debut the highly anticipated Passkey, a new form of security authorization that will allow users to sign into accounts without having to use a password. This effort was announced in May as part of a joint press release by Google, Apple, and Microsoft promoting a “passwordless future” based on new support for FIDO credentials. FIDO credentials are built on a digital standard that uses public-key cryptography to communicate secure authorizations to a user’s account.

The post Washington Examiner: Farewell, passwords: How Passkeys will change digital privacy  appeared first on FIDO Alliance.


Security Management: The Pernicious Problem of Passwords

While some experts continue to stress the use of password managers to solve the password problem, other developments might quash it entirely by killing the password altogether. This effort gained […] The post Security Management: The Pernicious Problem of Passwords appeared first on FIDO Alliance.

While some experts continue to stress the use of password managers to solve the password problem, other developments might quash it entirely by killing the password altogether. This effort gained momentum when Apple, Google, and Microsoft committed to expanding their support for the FIDO standard to accelerate the availability of passwordless sign-ins. Users will soon be able to use two new capabilities for passwordless sign-ins. The first will let users automatically access their FIDO sign-in credentials on devices without re-enrolling their accounts. The second will let users enable FIDO authentication on their mobile devices to sign into an application or website on a nearby device, regardless of the operating system platform or browser they are using.

The post Security Management: The Pernicious Problem of Passwords appeared first on FIDO Alliance.


Help Net Security: IoT: The huge cybersecurity blind spot that’s costing millions 

This contributed byline from Andrew Shikiar, executive director and CMO of FIDO Alliance, details cybersecurity blind spots generated by growing IoT technology adoption. To address these issues, the FIDO Alliance […] The post Help Net Security: IoT: The huge cybersecurity blind spot that’s costing millions  appeared first on FIDO Alliance.

This contributed byline from Andrew Shikiar, executive director and CMO of FIDO Alliance, details cybersecurity blind spots generated by growing IoT technology adoption. To address these issues, the FIDO Alliance launched FIDO Device Onboard (FDO) in 2021 to tackle two main problems: deployment efficiency and security at the point of onboarding. The main feature of FDO is fully automated device onboarding, which considerably speeds up the previously manual process. FDO also replaces generic password credentials with highly secure cryptographic keys, making the devices considerably more robust against attack. 

The post Help Net Security: IoT: The huge cybersecurity blind spot that’s costing millions  appeared first on FIDO Alliance.


Wired: Apple’s Killing the Password. Here’s Everything You Need to Know

Apple’s rollout of passkeys is one of the largest implementations of password-free technology to date and builds on years of work by the FIDO Alliance, an industry group made up […] The post Wired: Apple’s Killing the Password. Here’s Everything You Need to Know appeared first on FIDO Alliance.

Apple’s rollout of passkeys is one of the largest implementations of password-free technology to date and builds on years of work by the FIDO Alliance, an industry group made up of tech’s biggest companies. Apple’s passkeys are its version of the standards created by the FIDO Alliance, meaning they will eventually work with Google, Microsoft, Meta, and Amazon’s systems.

The post Wired: Apple’s Killing the Password. Here’s Everything You Need to Know appeared first on FIDO Alliance.


Computerwoche BILD: Passwordless PC access: Tips and tools for a passwordless PC

Passwords can be replaced. With the tools here, they are still in play, but fade into the background. Truly password-free web services are those that allow logging in via a […] The post Computerwoche BILD: Passwordless PC access: Tips and tools for a passwordless PC appeared first on FIDO Alliance.

Passwords can be replaced. With the tools here, they are still in play, but fade into the background. Truly password-free web services are those that allow logging in via a special USB security key – keyword FIDO2 (Fast IDentity Online 2). The range of compatible web services is still rather thin. It is possible that FIDO replaces passwords or functions as a second factor (2FA, two-factor authentication).

The post Computerwoche BILD: Passwordless PC access: Tips and tools for a passwordless PC appeared first on FIDO Alliance.

Thursday, 08. September 2022

FIDO Alliance

White Paper: FIDO Authentication in Digital Payment Security

The Indian Payments ecosystem is going through rapid change and advancement. The Reserve Bank of India (Digital Payment Security Controls) Directions 2020 were issued for regulated entities to set up […] The post White Paper: FIDO Authentication in Digital Payment Security appeared first on FIDO Alliance.

The Indian Payments ecosystem is going through rapid change and advancement. The Reserve Bank of India (Digital Payment Security Controls) Directions 2020 were issued for regulated entities to set up a robust governance structure for such systems and implement common minimum standards of security controls for channels like internet, mobile banking, and card payments, among others. In this paper, we demonstrate how FIDO Authentication represents the best way for organizations to implement simpler, stronger authentication that meets Reserve Bank of India’s Master Direction on Digital Payment Control requirements, while also enhancing the user experience.

The post White Paper: FIDO Authentication in Digital Payment Security appeared first on FIDO Alliance.


We Are Open co-op

Creating a culture of recognition

How to take steps to recognise and encourage pro-social behaviours Image CC BY Bryan Mathers for WAO Anyone can create a badging system, if by ‘badging system’ we mean ‘lots of badges for discrete things’. Too often, though, these badges focus on credentialing rather than recognition. Open Recognition is the awareness and appreciation of talents, skills and aspirations in ways that go beyond
How to take steps to recognise and encourage pro-social behaviours Image CC BY Bryan Mathers for WAO

Anyone can create a badging system, if by ‘badging system’ we mean ‘lots of badges for discrete things’. Too often, though, these badges focus on credentialing rather than recognition.

Open Recognition is the awareness and appreciation of talents, skills and aspirations in ways that go beyond credentialing. This includes recognising the rights of individuals, communities, and territories to apply their own labels and definitions. Their frameworks may be emergent and/or implicit.”
(What is Open Recognition anyway?)

We’re so conditioned into getting certificates and trophies for achievement (aka ‘credentials’) that sometimes we have to remind ourselves what we mean by recognition.

So instead of talking about this in an abstract way, let’s talk about it in the context of the Keep Badges Weird (KBW) community, which currently has over 300 members.

Identifying pro-social behaviours

Pro-social behaviours are those intended to benefit others, or society as a whole — for example, helping, sharing, donating, co-operating, and volunteering. Within a community, they’re the behaviours that make it an attractive space to belong to, and which encourage its growth and/or development. It’s a central part of the value cycles that underpin the Communities of Practice model.

Image CC BY Bryan Mathers for WAO

Within the KBW community, we already have a series of fine badges including those shown above. These also happen to be ‘stealth’ badges, awarded to community members without them actively seeking them.

The particular pro-social behaviours we have identified with these badges are:

Coming to someone’s rescue — is someone stuck with a problem, or in an awkward situation? Kicking off a discussion — has someone gone out of their way to prompt discussion or debate on an issue? Keeping it positive — is there someone who’s done a good job of keeping the community focused on solutions rather than endlessly talking about problems?

People don’t have to reach a high bar of have done something out of the ordinary to earn a badge that recognises a pro-social behaviour. For example, the first badge that most people in the KBW community earn is the ‘Keep Badges Weird’ badge, issued to those who introduce themselves in a dedicated thread.

Encouraging participation

The best badging systems evolve over time with communities. A great example of this is the Fedora Linux community, which has a badging system which at this point is around eight years old and contains hundreds of badges. These range from commonplace badges such as making a single contribution to the codebase, through to ultra-rare badges such as overall project leader.

Screenshot of Fedora badges

It’s interesting to note the different types of badges that are issued within this community:

Content Development Community Quality Event Miscellaneous

These categories can emerge over time, and may not even be necessary at all. It’s important to understand that these emergent badge systems are built with community members, not for them.

A worked example

One of the resources that the KBW community helps maintain is Badge Wiki, a knowledge base for the entire Open Badges community. While it’s true that anyone with an account can edit the wiki, not so many do.

So the first thing we did was to create a time for us all to come together and work on it. We call this Badge Wiki barn raising, and we do it monthly. Ideally, there are always new people on this call, as well as those who have been to at least one previous session.

Screenshot of Barn Raiser badge, description and criteria

The badge that those who come to a session can earn is shown above. This serves several purposes, from validating attendance (for those who need it) through to recognising the contribution they have made.

But where do we go next? How do we go from a single badge to start building out a badge system around stewardship of this particular resource?

Image CC BY Bryan Mathers for WAO

Perhaps the easiest place to start is to recognise people turning up on multiple occasions. They don’t have to be consecutive, and it doesn’t need to be the organiser of the session that keeps track. Instead, this could be a claimed badge based on pointing to evidence.

This kind of approach can be repeated ad infinitum. There’s value in doing so — the Fedora badges system has a badge for people who have performed 10,000 builds! But what else can we recognise and encourage? After all, people contribute to communities (including Open Source communities) in many and varied ways.

Image CC BY Bryan Mathers for WAO

People also have different interests and talents, so why not recognise those? We chose three types of people from this helpful list as a way of helping people identifying roles for themselves, and to help people understand that there are lots of different ways to contribute and create value. Every Badge Wiki barn raising call starts with this, as a ritual and routine and a way for people to feel welcome.

Image CC BY WAO

Even this small demarcation of roles helps in a number of ways:

People can start small and work their way onto bigger tasks Contributors arrive with varying energy levels, so may be in the mood for different tasks on different days People can follow their interests as well as their talents for contributing to the project.

Inevitably, even in the first session, those who turned up as contributors to the Badge Wiki barn raising started identifying themselves as ‘FairyGardeners’ . That is to say they felt like doing a couple of different things, or mashing up those roles. This is absolutely to be encouraged!

Conclusion

This has been a brief guide with worked examples of how to create a culture of recognition, taking steps to recognise and encourage pro-social behaviours. WAO don’t have all of the answers, so we’d love to hear from you! Please do comment below if you’ve got examples (or questions)

Recognition within a community of practice is best as a varied and emergent system, and so our next task is to create badges from these reflections for the Badge Wiki barn raising sessions. If you would like to come along, please join the KBW community and turn up for the monthly sessions!

Creating a culture of recognition was originally published in We Are Open Co-op on Medium, where people are continuing the conversation by highlighting and responding to this story.

Wednesday, 07. September 2022

Next Level Supply Chain Podcast with GS1

Tips for Navigating E-Commerce Compliance on Amazon Leveraging GS1 Standards

E-commerce has exploded the past few years and with low barriers to entry – like selling on Amazon – business owners can get up and running relatively quickly. However, just because it’s easy to start up an e-commerce store doesn’t mean it’s easy to build a reputable brand. Join us as we sit down with Amazon Seller Consultant, Leah McHugh, as we explore how e-commerce is evolving on Amazon, what t

E-commerce has exploded the past few years and with low barriers to entry – like selling on Amazon – business owners can get up and running relatively quickly. However, just because it’s easy to start up an e-commerce store doesn’t mean it’s easy to build a reputable brand. Join us as we sit down with Amazon Seller Consultant, Leah McHugh, as we explore how e-commerce is evolving on Amazon, what to keep in mind, and tips for scaling your business.


EdgeSecure

Dr. Forough Ghahramani to Present at the New Jersey Equity in Commercialization Collective TTO Workshop

The post Dr. Forough Ghahramani to Present at the New Jersey Equity in Commercialization Collective TTO Workshop appeared first on NJEdge Inc.

NEWARK, NJ, September 7, 2022 – Edge’s Dr. Forough Ghahramani, Associate Vice President for Research, Innovation, and Sponsored Programs, will be presenting at the New Jersey Equity in Commercialization Collective (NJECC) Technology Transfer Office (TTO) workshop on September 8, 2022. This virtual workshop brings together TTO administrators and leaders from academic institutions from around the state to educate attendees about the systemic barriers faced by underrepresented inventors in STEM and the factors that encourage and dissuade women’s participation in technology commercialization. 

Workshop attendees will have an opportunity to review their organization’s current processes and data through an inclusivity, equity, and intersectionality lens. During this reflection, TTOs will learn how to employ inclusive outreach and network development tools to develop relationships with more historically underserved inventors and gain strategies for creating effective action plans for implementing change at their organizations.

The NJECC is an NSF Advance Partnership project. An important goal of NJECC is increasing the diversity of STEM faculty researchers who participate in New Jersey’s entrepreneurship and innovation ecosystem. As Co-PI on the NJECC, Ghahramani and the collaborators on the project are exploring the equity issues within the academic community, the key barriers that many women and underrepresented populations face when participating in research and innovation, and concrete actions that can be taken to ensure systemic change.

Ghahramani is dedicated to helping create better outreach programs and resources that foster greater inclusion in academic innovation. As co-author of “Engaging More Women in Academic Innovation,” recently published in the National Academy of Inventors: Technology and Innovation Journal, she notes, “I am excited to share insights and key findings of the study with workshop attendees and discuss how institutions can be effective change agents within the community.”

You can learn more about this event at URL, or visit the NJECC website at https://www.njeccadvance.com to explore the important initiatives that are fostering diversity and inclusion throughout the state.  

The post Dr. Forough Ghahramani to Present at the New Jersey Equity in Commercialization Collective TTO Workshop appeared first on NJEdge Inc.

Tuesday, 06. September 2022

We Are Open co-op

Coming soon the Tao of WAO: Season 5!

A roundup of previous seasons and a sneak peak into Season 5 planning After summer holidays, sunshine and lollipops, we’re getting back into the groove. This includes some thinking and planning around Tao of WAO Season 5. The Tao of WAO is a podcast about the intersection of technology, society, and internet culture — with a dash of philosophy and art for good measure. We announced the
A roundup of previous seasons and a sneak peak into Season 5 planning

After summer holidays, sunshine and lollipops, we’re getting back into the groove. This includes some thinking and planning around Tao of WAO Season 5.

The Tao of WAO is a podcast about the intersection of technology, society, and internet culture — with a dash of philosophy and art for good measure. We announced the podcast in May 2021, and since then we’ve been pumping out season after season. We haven’t summed up the previous seasons, ever, so this is a quick post to do that and talk about what we’re planning for Season 5. Don’t want to read about it? Then just go give it a listen!

Our Soundcloud header Season 1

When we started the Tao of WAO, we weren’t sure what kind of format we wanted to have. We kicked off the podcast talking about cooperatism because, well, we’re a co-op. Over the course of the season we talked about being geriatric millennials, doing digital detoxes and had our first guest, John Evans from Code Operative.

Season 2

We started to hit our stride in Season 2. We kicked off the season with a trailer, and then had great conversations with Jess Klein on Ethical Design and Kudzayi Ngwerume on Creativity and Movement Building. We also chatted about working remotely, unframeworks and keeping badges weird.

Season 3

Our first episode of Season 3 had all the We Are Open Co-op folks on. We talked about some of our internal policies around dormancy in the co-op. This was also the season we talked to Kerri Lemoie about Verifiable Credentials, Alex Worrad Andrews about Networks of Networks, and Adam Procter about Social Impact Games. When we weren’t interviewing these amazing people, we recorded an episode on Misinformation and used our final episode of the season a somewhat random conversation about stuff we’d been working on and newsletters we like to read.

Season 4

Again in Season 4, we managed to have amazing guests. We talked to Kayleigh Walsh about Restorative Justice, Heather Leson about Opening Up Social Impact Organisations and Bryan Alexander about Futurism. In between our guest focused episodes, Doug and I talked about participation in Civic Society, Self-hosting IT and Reentering Events after Covid.

Season 5 (coming soon!)

You can probably tell from this short summary that we cover a wide variety of social, cultural and techie issues. In the new season, we’re planning to talk about edtech, communities of practice, feminism and more. We’ll have more book recommendations from our guests and more laughs coming soon to wherever you listen to your podcasts.

Get in touch!

We’re always looking for interesting folks with interesting things to say, so if you’d like to be a guest on the Tao of WAO, let us know. We are also extremely grateful when listeners get in touch to give feedback! You can support this podcast and other We Are Open Co-op projects and products at Open Collective.

Coming soon the Tao of WAO: Season 5! was originally published in We Are Open Co-op on Medium, where people are continuing the conversation by highlighting and responding to this story.

Friday, 02. September 2022

FIDO Alliance

Security Management: The Pernicious Problem of Passwords

A recent SpyCloud study showed that over 64% of people reuse their passwords. Some experts continue to stress the use of password managers to mitigate this issue, but this could […] The post Security Management: The Pernicious Problem of Passwords appeared first on FIDO Alliance.

A recent SpyCloud study showed that over 64% of people reuse their passwords. Some experts continue to stress the use of password managers to mitigate this issue, but this could be squashed by eliminating passwords all together. Going passwordless gained momentum in the second half of 2022 when Apple, Google and Microsoft committed to expanding their support for the FIDO standard. FIDO’s work has resulted in the development of FIDO Universal Second Factor (FIDO U2F), FIDO Universal Authentication Framework, and FIDO2- which have been embraced and further utilized by a few of the largest tech companies in the world.

The post Security Management: The Pernicious Problem of Passwords appeared first on FIDO Alliance.


The New Stack: Why Developers Need Passwordless

In recent years, developers have been the targets of multiple attacks due to their access to sensitive systems.  As the tech giants have begun their collaboration on making the user […] The post The New Stack: Why Developers Need Passwordless appeared first on FIDO Alliance.

In recent years, developers have been the targets of multiple attacks due to their access to sensitive systems.  As the tech giants have begun their collaboration on making the user experience of passwordless better, users still need to register across all their devices. The solution to this is passkeys that allow users to easily and securely access passwordless systems across all devices. The FIDO2 Authentication standards are based on public key cryptography for authentication that is more secure than passwords and SMS one-time passwords. FIDO2 Authentication enables password-only logins to be replaced with secure and fast login experiences across websites and apps.

The post The New Stack: Why Developers Need Passwordless appeared first on FIDO Alliance.


Digital Journal: Google Chrome Soon to Offer Biometric Authentication Option on Desktops

To help businesses eliminate data risks and carve out a competitive advantage, Transmit Security, a leading provider of modular, orchestrated identity services, offers passwordless logins with FIDO authentication. According to […] The post Digital Journal: Google Chrome Soon to Offer Biometric Authentication Option on Desktops appeared first on FIDO Alliance.

To help businesses eliminate data risks and carve out a competitive advantage, Transmit Security, a leading provider of modular, orchestrated identity services, offers passwordless logins with FIDO authentication. According to Chrome Unboxed, Google will soon introduce biometric authentication to Chrome on Windows and MacOS. This new upgrade will provide users with a more secure option for authentication while viewing their saved passwords in Chrome. In light of this new move by Google, Transmit Security has released a guide to biometric authentication.

The post Digital Journal: Google Chrome Soon to Offer Biometric Authentication Option on Desktops appeared first on FIDO Alliance.


EdgeSecure

Risk Management: Gramm-Leach-Bliley Act Security Compliance

The post Risk Management: Gramm-Leach-Bliley Act Security Compliance appeared first on NJEdge Inc.

Webinar

Thursday, September 29, 2022
10 am EDT

Gramm-Leach-Bliley Act, or GLBA, is a federal regulation that requires financial institutions to safeguard sensitive customer information and clearly explain their information-sharing practices. For higher education institutions offering financial aid to students, GLBA means your institution is required to meet compliance standards for the security and protection of financial information, and to provide transparency related to how personal information is used and shared. Failure to meet these standards carries significant risk for institutions, including restrictions or loss of eligibility for Title IV funding.

In this session, we’ll share insights into the current GLBA compliance standards relevant to higher education institutions. Edge’s virtual Chief Information Security Officer will also highlight strategies for safeguarding financial information that every college and university should employ, from assessment and auditing procedures to specific cybersecurity policy to ensure compliance.

Register Today

The post Risk Management: Gramm-Leach-Bliley Act Security Compliance appeared first on NJEdge Inc.


Hyperledger Aries

Developer showcase series: Jason Sherman, Developer at Energy & Mines Digital Trust, Government of British Columbia

Back to our Developer Showcase Series to learn what developers in the real world are doing with Hyperledger technologies. Next up is Jason Sherman, Developer at Energy & Mines Digital... The post Developer showcase series: Jason Sherman, Developer at Energy & Mines Digital Trust, Government of British Columbia appeared first on Hyperledger Foundation.

Back to our Developer Showcase Series to learn what developers in the real world are doing with Hyperledger technologies. Next up is Jason Sherman, Developer at Energy & Mines Digital Trust, Government of British Columbia’s Ministry of Energy, Mines and Low Carbon Innovation.

Give a bit of background on what you’re working on and how you got into blockchain

Energy & Mines Digital Trust (EMDT) is a pilot project enabling a collaborative digital ecosystem between the B.C. government, natural resource companies, and organizations around the world, making it simpler and more secure to share sustainability data. I am currently working on EMDT’s technology, called Traction. Traction is basically a layer above Hyperledger Aries  Cloud Agent Python (ACA-Py) that enables the Government of British Columbia to use our technology for line of business applications. This allows the government to onboard into the world of digital credentials easily, and to track their business data with their credential and presentation exchanges. 

What Hyperledger frameworks or tools are you using in your projects? Any new developments to share? Can you sum up your experience with Hyperledger?

We are using Hyperledger Aries Cloud Agent Python (ACA-Py) and Hyperledger Indy. Using Hyperledger frameworks has increased Traction’s interoperability, making it possible to incorporate a broader range of participants, tools, and technologies into the digital ecosystem EMDT is coordinating. We’re using Hyperledger’s open-source software to accelerate the Government of B.C.’s ability to adopt these tools. My experience with Hyperledger technologies is that things change quickly! And any problem or use case I identify is usually already being addressed.

What do you think is most important for Hyperledger Foundation to focus on in the next year?

I think the Hyperledger Foundation should focus on multiple ledger support (which is already underway) and onboarding users (not developers) of the implemented technology.

What advice would you offer other technologists or developers interested in getting started working on blockchain? 

There is a very steep learning curve, but it’s extremely worthwhile. You will very quickly identify areas where the technology could benefit your clients.

As Hyperledger’s projects continue to mature, what do you see as the most interesting technologies, apps, or use cases coming out as a result?

I am interested in the ability for Hyperledger projects to enable more automated business flows using truly trusted and tamper-proof data. The number of personnel hours that can be saved just through automated conversation and interchange of data programmatically is massive.

What’s the one issue or problem you hope blockchain can solve?

I am hopeful that blockchain has the potential to improve trust between businesses. By exchanging information using blockchain technology and digital credentials, the validity and origin of the credential can always be verified, and businesses can proceed with their interactions confidently.

Where do you hope to see Hyperledger and/or blockchain in five years?

I would hope to see blockchain as a viable and easily selected technology, along the lines of Postgresql or MongoDb. I would hope that blockchain could be adopted as a mainstream technology that development teams can look at as a solution to solve their problems.

What is the best piece of developer advice you’ve ever received?

Your code isn’t precious. 

What technology could you not live without?

Plumbing.

The post Developer showcase series: Jason Sherman, Developer at Energy & Mines Digital Trust, Government of British Columbia appeared first on Hyperledger Foundation.


EdgeSecure

Electric Symphony Media Awarded EdgeMarket Contract to Support Higher Education Enrollment Marketing

The post Electric Symphony Media Awarded EdgeMarket Contract to Support Higher Education Enrollment Marketing appeared first on NJEdge Inc.

NEWARK, NJ, September 2, 2022 – Edge, the region’s nonprofit research and education network and technology consortium, has announced a partnership with Electric Symphony Media (ESM), to make their media planning and buying services available via its EdgeMarket Cooperative Pricing System. EdgeMarket provides safe, simple, smart technology procurement options for higher education and public sector entities. As the result of a thorough RFP process, EdgeMarket has awarded a contract which will give its participants the ability to efficiently and affordably procure ESM’s services in support of enrollment marketing efforts. 

ESM specializes in brand strategy, research, media buying and activation, and marketing services, helping customers and brands uncover unique value in their marketing investments. ESM’s expertise spans far and wide across many industries including higher education, non-profit/advocacy groups, government agencies, healthcare, fin-tech, and small businesses. 

“We are passionate about supporting institutions and businesses in our community, across the state of New Jersey, and beyond. This partnership with EdgeMarket is an exciting opportunity to make our services in media and advertising more accessible, by building direct relationships with organizations in the industries we are already well versed in, while also growing and developing our agency as a trusted partner and resource,” says ESM Managing Partner Patrick Carroll of the contract. 

The availability of support services for enrollment marketing efforts comes at a vital time for education institutions, as they aim to accelerate enrollment improvements after a sharp decline during the pandemic. ESM is well positioned to provide that support, as it already works with a number of institutions and programs, including Middlesex College, The University of Pennsylvania, and Rutgers School of Engineering. The agency is also able to provide media planning and buying services across a wide range of products and geographies, to amplify the marketing of online learning programs which are less geographically dependent.

“Reaching the right audience at the right time in the right place is vital for our members, especially as the higher education enrollment environment becomes more competitive,” notes Adam Scarzafava, Assistant Vice President for Marketing and Communications at Edge. Scarzafava continued, “A partner like ESM helps our member institutions build on the capabilities of existing marketing staff to launch, track, and improve marketing campaigns across a blend of traditional and digital media properties.” 

Existing Edge members and other institutions interested in leveraging the EdgeMarket purchasing consortium for access to streamlined technology purchasing and preferred pricing can find more information at https://edgemarket.njedge.net/.

The post Electric Symphony Media Awarded EdgeMarket Contract to Support Higher Education Enrollment Marketing appeared first on NJEdge Inc.


Nyheder fra WAYF

WAYF understøtter MFA og alt hvad der ligner

WAYF gør det muligt for it-brugerne i en organisation at tilgå tjenester uden for organisationen med det login de bruger til organisationens interne systemer. Det giver en række fordele for brugernes organisation, brugerne selv og udbyderne af de eksterne tjenester. Language Danish Tags:  tjenesteudbyder brugerorganisation MFA LoA SAML2 RequestedAuthnContext AuthnCont

WAYF gør det muligt for it-brugerne i en organisation at tilgå tjenester uden for organisationen med det login de bruger til organisationens interne systemer. Det giver en række fordele for brugernes organisation, brugerne selv og udbyderne af de eksterne tjenester.

Language Danish Tags:  tjenesteudbyder brugerorganisation MFA LoA SAML2 RequestedAuthnContext AuthnContext Read more about WAYF understøtter MFA og alt hvad der ligner

FIDO Alliance

The SCTE: Forget Password?

The recent announcement from the FIDO Alliance promises to do away with post-it notes, memorable words and password reset emails clogging up your inbox, as soon as next year. The post The SCTE: Forget Password? appeared first on FIDO Alliance.

The recent announcement from the FIDO Alliance promises to do away with post-it notes, memorable words and password reset emails clogging up your inbox, as soon as next year.

The post The SCTE: Forget Password? appeared first on FIDO Alliance.


Computer Weekly: LastPass breach limited in scale and well-managed, say experts

A cyber security breach that unfolded at LastPass – a provider of credential management services – appears to have affected only the firm’s developer environment, and is unlikely to rebound […] The post Computer Weekly: LastPass breach limited in scale and well-managed, say experts appeared first on FIDO Alliance.

A cyber security breach that unfolded at LastPass – a provider of credential management services – appears to have affected only the firm’s developer environment, and is unlikely to rebound on users, according to community experts, who have praised the firm for its quick and transparent response to the incident. Many providers, including LastPass, are offering and migrating to passwordless logins which use more advanced security technologies such as FIDO2 security keys. This reduces friction for end-users and increases the overall account security.

The post Computer Weekly: LastPass breach limited in scale and well-managed, say experts appeared first on FIDO Alliance.


Tech Radar: The journey to passwordless – it’s a marathon, not a sprint

Our online lives are protected, first and foremost, by passwords. They are a part of our everyday lives and protect our sensitive information in the digital world. However, they aren’t […] The post Tech Radar: The journey to passwordless – it’s a marathon, not a sprint appeared first on FIDO Alliance.

Our online lives are protected, first and foremost, by passwords. They are a part of our everyday lives and protect our sensitive information in the digital world. However, they aren’t a flawless system of protection, and our lives would certainly be easier without the need for them. Many reuse passwords across accounts or set up very weak ones, easily guessed ones, and the truth is we are under a constant threat of cyberattacks by increasingly savvier hackers. Current basics of online security must ensure there is a high standard of education and password hygiene. From there, there are tools to help reinforce the education, such as password managers, and Single Sign-On (SSO) or Multi-factor Authentication (MFA) options. For a passwordless world, however, there needs to be more. Fast Identity Online (FIDO) technologies support authentication mechanisms, such as biometric face and fingerprint ID and the addition of hardware security keys.

The post Tech Radar: The journey to passwordless – it’s a marathon, not a sprint appeared first on FIDO Alliance.


BR24: Passkeys: Why we will soon no longer need passwords

The tech industry agrees: the days of the password are numbered. So-called “passkeys” are supposed to be a secure and simple alternative. The first services are now introducing them as […] The post BR24: Passkeys: Why we will soon no longer need passwords appeared first on FIDO Alliance.

The tech industry agrees: the days of the password are numbered. So-called “passkeys” are supposed to be a secure and simple alternative. The first services are now introducing them as a login option.

The post BR24: Passkeys: Why we will soon no longer need passwords appeared first on FIDO Alliance.


Medienwoche: Passkeys and FIDO: The future without passwords explained

Apple recently presented its version of “passkeys”, which are to replace passwords in the not too distant future. In doing so, the US company is not going its own way, […] The post Medienwoche: Passkeys and FIDO: The future without passwords explained appeared first on FIDO Alliance.

Apple recently presented its version of “passkeys”, which are to replace passwords in the not too distant future. In doing so, the US company is not going its own way, but is relying on the open standard of the FIDO Alliance, which is also supported by other industry giants such as Microsoft, Google, Facebook (“Meta”) and Amazon.

The post Medienwoche: Passkeys and FIDO: The future without passwords explained appeared first on FIDO Alliance.

Thursday, 01. September 2022

DIF Blog

Universal Resolver - resolve practically any DID

The Uni Resolver is a utility developed at DIF to resolve Decentralized Identifiers (DIDs) across many different DID methods, based on the W3C DID Core 1.0 and DID Resolution Specifications

The Universal Resolver is a utility developed by the community at DIF to resolve Decentralized Identifiers (DIDs) across many different DID methods, based on the W3C DID Core 1.0 and DID Resolution specifications. It is a work item of the DIF Identifiers & Discovery Working Group, and is provided as a tool to support interoperability efforts and enable testing.

New DID methods

We continue to receive great contributions from the community in the form of new drivers as well as updates to existing ones, in order to support as many DID methods as possible. Several more DID methods have recently been added to the Universal Resolver, including:

did:indy (the long-awaited upgrade of the original did:sov method) - See https://hyperledger.github.io/indy-did-method/

did:cheqd (from the Cheqd community) - See https://github.com/cheqd/did-resolver

did:com (from Commercio Network) - See https://commercio.network/

did:ala

Did:everscale

The Universal Resolver can now resolve 45 DID methods, and more are being added regularly. Visit https://dev.uniresolver.io/ to see the full list of supported methods, and visit this github page to contribute a driver for a DID method.  In the event of a problem resolving a did or with driver functions, the contributor has 30 days to resolve the issue before the driver and DID method get delisted. This ensures that the list of methods on the Universal Resolver is regularly tested, and remains updated and functional.

For example, try the following commands to resolve DIDs to their DID documents:

curl -X GET https://dev.uniresolver.io/1.0/identifiers/did:indy:idunion:BDrEcHc8Tb4Lb2VyQZWEDE

curl -X GET https://dev.uniresolver.io/1.0/identifiers/did:cheqd:mainnet:zF7rhDBfUt9d1gJPjx7s1JXfUY7oVWkY

curl -X GET https://dev.uniresolver.io/1.0/identifiers/did:com:1l6zglh8pvcrjtahsvds2qmfpn0hv83vn8f9cf3

Or try opening the UI to resolve the above DIDs:

https://dev.uniresolver.io/#did:indy:idunion:BDrEcHc8Tb4Lb2VyQZWEDE

https://dev.uniresolver.io/#did:cheqd:mainnet:zF7rhDBfUt9d1gJPjx7s1JXfUY7oVWkY

[https://dev.uniresolver.io/#did:com:1l6zglh8pvcrjtahsvds2qmfpn0hv83vn8f9cf3

](https://dev.uniresolver.io/#did:com:1l6zglh8pvcrjtahsvds2qmfpn0hv83vn8f9cf3)

New hosting environment

It seems the community has been just as excited about the Universal Resolver as we are, and it has seen traffic grow steadily over the past few months: In order to serve this increased demand the hosting environment of the Universal Resolver has been upgraded and should now be able to handle additional load. DIF's public instance of the Universal Resolver can be reached at https://resolver.identity.foundation/ and https://dev.uniresolver.io/.

Keep in mind however that this instance is meant for experimentation and testing only, NOT as a production service. It should not be used in situations where a reliable DID Resolution service is needed, or when DIDs are being resolved that are potentially sensitive from a privacy perspective. In general, self-hosting the Universal Resolver, or using other client-side DID Resolution tools, is preferable over relying on the public DIF-hosted instance.

Do you have any interesting applications or examples of where you have used the Universal Resolver? We would love to hear your experiences of it; constructive feedback is always welcome. Get in touch with us directly at ops@identity.foundation or attend one of the meetings of the DIF Identifiers & DIscovery Working Group to discuss. For further backstory on the Universal Resolver, see this blog post and this webinar.

This new-and-improved Universal Resolver joins other tools, such as the Universal Registrar, a DIF community-maintained tool to create, update and deactivate Decentralized Identifiers (DIDs). DIF has also recently published version 2 of the DIDComm protocol spec and version 2 of the Presentation Exchange Protocol. Other community tooling includes items like the Verifier Universal Interface, standard APIs to enable interoperability between ID Wallets and Verifier components, and the completed Sidetree specification, a protocol for creating scalable Decentralized Identifier networks that can run atop any existing decentralized anchoring system and be as open, public, and permissionless as the underlying anchoring systems they utilize. The most popular implementation of Sidetree currently is ION (the Decentralized Identity Overlay Network), a layer 2 system. Read more about ION at Microsoft's blog here!

How else can you dive into the identity community? Joining DIF is a great way to start; you are invited to contribute, learn and connect with our diverse community. Don't forget to subscribe to our monthly newsletter on our website here to stay up to date on developments at DIF and in the wider digital identity landscape, and to follow us on Twitter & LinkedIn!


eSSIF-Lab

SSI subgrantee’s solutions booklet: download now! 

Subgrantee SSI Infrastructure and Business-oriented projects

Download here!!

Wednesday, 31. August 2022

Findy Co-operative

The Findynet Cooperative receives a government grant to develop a trusted way to share information in electronic interactions

The Finnish Ministry of Finance has granted the Findynet Cooperative a three-million-euro government grant to build a pilot environment for a self-sovereign identity network. The aim of this public-private cooperation is to strengthen Finland’s leading position in digitalization and support the emergence of investments in new digital services. The Findynet Cooperative aims to develop a… The post

The Finnish Ministry of Finance has granted the Findynet Cooperative a three-million-euro government grant to build a pilot environment for a self-sovereign identity network. The aim of this public-private cooperation is to strengthen Finland’s leading position in digitalization and support the emergence of investments in new digital services.

The Findynet Cooperative aims to develop a network that ensures that digital wallets developed by different service providers are interoperable, and work seamlessly for both organizations and individuals. Digital wallets enable individuals and organizations to share information about themselves in a reliable and secure manner in various situations. The funding will enable the Findynet Cooperative to develop a common and secure self-sovereign identity network, which can be used to ensure the correctness of information in electronic interactions.

– We are very happy to have received this government grant, which allows us to continue our long-term work with public and private sector actors and build a trust network covering all of society, comments Markus Hautala, Chairman of the Board of the Findynet Cooperative.

The trust network, which will now be built, promotes digital and human-centered data economies. This means that end-users manage their own data and can decide for themselves what information they share about themselves with different parties to preserve their privacy. For example, this exchange of information could involve electronic receipts, credit information, and proof of professional qualifications.

The founding members of the Findynet Cooperative include nine public and private sector organizations: Finance Finland, Finnish Post, Nixu, Nordea Bank, OP Financial Group, Social Insurance Institution of Finland (Kela), Technology Finland, Tietoevry and Vastuu Group.

The announcement by the Ministry of Finance on the subject can be found here (in Finnish).

For more information, please contact
Markus Hautala, Chairman of the Board of Findynet Cooperative, tel. 040 182 4299, markus.hautala(at)tietoevry.com

The post The Findynet Cooperative receives a government grant to develop a trusted way to share information in electronic interactions appeared first on .

Tuesday, 30. August 2022

Energy Web

Unlocking the Potential of Self-Sovereign Identity for Enterprise with Energy Web Switchboard

Switchboard provides companies with simple tools to administer decentralized identifiers and verifiable credentials for organizations, users, and assets. At Energy Web we believe self-sovereign identity (SSI) will become a fundamental pillar of the energy transition, enhancing interoperability and strengthening security for billions of assets, organizations, and customers. Today we’re pleas

Switchboard provides companies with simple tools to administer decentralized identifiers and verifiable credentials for organizations, users, and assets.

At Energy Web we believe self-sovereign identity (SSI) will become a fundamental pillar of the energy transition, enhancing interoperability and strengthening security for billions of assets, organizations, and customers.

Today we’re pleased to announce a major step forward in making this vision a reality with the production deployment of Switchboard on the Energy Web Chain. This release includes major updates to the front-end Switchboard web application as well as the back-end libraries and components, giving companies access to the full suite features offered by legacy identity access management solutions in a decentralized architecture.

Why we built Switchboard
Digital identity is integral to every facet of the energy sector, from basic administrative procedures (processing customer rebates for smart thermostats, or registering new solar systems) to high-stakes operational tasks (granting access to customer data, or sending control signals to generators). Given the importance of keeping identity data accurate and secure, as well as the risks and limitations of centralized management approaches as energy systems become increasingly diverse and distributed, SSI has emerged as one of the fastest-growing segments of the enterprise IT landscape in recent years.

We began developing what is now Switchboard in 2019 to address two gaps in the market that were hindering SSI adoption in the energy sector and beyond:

Most SSI solutions are focused narrowly on end-users (individual identity wallets to store credentials) or organizations (platforms to issue credentials to internal users). We saw a need for a harmonized solution that not only addressed both of these requirements but also provided sophisticated features like role-based access control and identity management for non-human actors (i.e. hardware and software systems). The end-to-end solutions that do exist align with open standards, but are based on proprietary technology, costly contracts, or permissioned back-ends (either private blockchains or centrally-administered databases). We saw a need for a fully open-source, low-cost solution built on a public network and tightly integrated with the Ethereum ecosystem to improve interoperability (e.g. support for multiple wallets) and usability.

The alpha version of Switchboard was launched on the Volta test network in late 2020 with basic tools for users to manage identities and credentials, and for application, developers to define roles and implement simple role-based access control for users. Since then the Energy Web team has overhauled both the user interface and back-end components to turn Switchboard into a comprehensive, enterprise-grade solution.

What’s new in production?
The production release of Switchboard incorporates several exciting new features that are critical for enterprise adoption:

Credential Revocation: Identity and access management is a dynamic process, and when circumstances change they need to be reflected in user credentials. For example, when an employee resigns from the company, access rights need to be revoked in order to keep confidential information secure. Switchboard now offers tools for administrators to manually or programmatically revoke credentials based on customized business logic. Credential Expiration: To maximize security credentials should never grant indefinite or permanent access to a given system. Just like driver’s licenses and passports, credentials should carry expiration dates and require ongoing renewal processes. Switchboard now allows role definers (e.g. organization administrators) to set default validity periods for credentials, which can be optionally overridden by issuers. Full Support for Role-authorized Issuance: This feature allows administrators to delegate responsibility for the issuance of certain credentials to other entities based on their role within or relationship to the organization. For example, a user within a utility company who holds credentials to acquire the role of “IT Manager” may then inherit the ability to issue credentials to other internal users, or an external contractor with credentials granting the role of “Solar Hardware Installer” may inherit the ability to issue credentials to new photovoltaic systems. Multi-level hierarchies are now supported (for example, “Solar Hardware Installer” may be issued by “Installation Coordinator”) and the full hierarchy is verified upon each credential presentation. Credential Issuance Based on Email Verification: Switchboard is currently used to support Energy Web’s staking system, which issues a verified email role credential based on email verification. This role credential is then used to authorize users to stake. (If you have participated in any Energy Web staking pools, you already have a DID with this credential and you can view its status in Switchboard under the “My Enrolments” page.) This functionality is now available for any other credential issuance and authorization use case that requires email verification. Better Alignment with Verifiable Credentials Standards: We’ve made significant improvements to Switchboard’s underlying libraries and components to better align with new W3C Verifiable Credential Standards. Switchboard now supports the issuance of JSON-LD format Verifiable Credentials using an EIP-712 signature. Asset Administration: Switchboard allows asset owners to assign identities to individual assets so they can be enrolled in applications and services, or managed throughout their lifecycle. These tools make it easy for owners to prove attributes to external parties and transfer ownership (including tracking ownership history).

What’s next?
We’re proud to celebrate the launch of Switchboard as a milestone in Energy Web’s long-term technology roadmap. You can learn more about how it works, and start using it today.

However, there are many steps ahead in the journey to unlock the full potential of SSI in support of the energy transition. While Switchboard currently offers all the tools necessary to implement SSI in enterprise environments, we will continue to develop additional tools and features across our broader identity and access management stack, including a decentralized universal resolver service for both credential holders and issuers that makes it possible to resolve identity data from any blockchain or database.

Stay tuned for more announcements, and be sure to follow us for the latest updates.

About Energy Web
Energy Web is a global non-profit accelerating the clean energy transition by developing open-source technology solutions for energy systems. Our enterprise-grade solutions improve coordination across complex energy markets, unlocking the full potential of clean, distributed energy resources for businesses, grid operators, and customers.

Our solutions for enterprise asset management, data exchange, and Green Proofs, our tool for registering and tracking low-carbon products, are underpinned by the Energy Web Chain, the world’s first public blockchain tailored to the energy sector. The Energy Web ecosystem comprises leading utilities, renewable energy developers, grid operators, corporate energy buyers, automotive, IoT, telecommunications leaders, and more.

Unlocking the Potential of Self-Sovereign Identity for Enterprise with Energy Web Switchboard was originally published in Energy Web on Medium, where people are continuing the conversation by highlighting and responding to this story.


Trust over IP

Avast Joins the ToIP Foundation as a Steering Member

Avast (LON:AVST), a company best known for its antivirus and other cybersecurity products for consumers, has joined the Trust Over IP (ToIP) Foundation as a Steering Member. Avast recently acquired... The post Avast Joins the ToIP Foundation as a Steering Member appeared first on Trust Over IP.

Avast (LON:AVST), a company best known for its antivirus and other cybersecurity products for consumers, has joined the Trust Over IP (ToIP) Foundation as a Steering Member. Avast recently acquired Evernym, a founding ToIP Steering Member, and SecureKey, a ToIP Contributor Member since 2020.

Avast’s ToIP Steering Committee member will be Drummond Reed, Director of Trust Services at Avast. Mr. Reed has served as Evernym’s Steering Committee member since the founding of ToIP in May 2020. He currently co-chairs the ToIP Governance Stack Working Group and Concepts and Terminology Working Group and is a vice-chair of the Technology Stack Working Group.

“Avast brings a new perspective to the Foundation’s mission of defining Internet-scale decentralized digital trust infrastructure,” said Mr. Reed. “Avast has a 30 year history of protecting the digital devices of over 435 million consumers. Now Avast wants to extend that protection to individual’s digital identity and relationships online because identity is at the very heart of cybersecurity.”

Avast, headquartered in Prague, is rapidly building one of the largest decentralized digital trust teams in the world. In June of 2021, they hired Charles Walton, a former Mastercard executive (and Mastercard’s original ToIP Steering Committee member), as General Manager of their new Digital Trust Services division. Then in December 2021, Avast acquired Evernym, one of the global leaders in self-sovereign identity (SSI). In March 2022 they announced the acquisition of SecureKey, operators of the Verified.Me network in Canada that is one of the largest bank ID networks in the world.

In a keynote speech at the European Identity Conference in Berlin, Mr. Walton said Avast would be focusing its efforts on the “empowered consumer”—giving individuals the tools they need to have portable, reusable digital identity credentials that do not depend on any one device, operating system, or identity federation. “It is finally time we had digital wallets with digital credentials that work exactly the same way our real-world wallets do,” said Mr. Reed. “We can take and use them anywhere to privately prove just what another party needs to know in the context of a particular transaction. We don’t have to go through any third-party gatekeeper to do this. That’s the way it should work in the digital world too.”

The challenge, of course, is interoperability—the entire raison d’etre of the ToIP Foundation. According to Mr. Reed, this is the reason that Avast intends to participate very actively in advancing the work of ToIP Working Groups. “Avast is a global company, and the #1 challenge in establishing digital wallets and credentials that work around the world is interoperability,” said Mr. Reed. “It is a key focus of the European Digital Identity Wallets initiative as well as other government-sanctioned digital wallet projects. Avast believes that the ToIP stack is the answer, and we want to help drive its completion and adoption as quickly as possible.”For more information about Avast’s digital trust services and products, please visit www.avast.com/digital-trust. For more information about the ToIP Foundation, visit our website or see the Introduction to ToIP white paper.

The post Avast Joins the ToIP Foundation as a Steering Member appeared first on Trust Over IP.


MyData

Rulebook overcomes the lack of trust in data sharing

Marko Turpeinen from 1001 Lakes shares insights about the Rulebook model - a planning and development tool for data sharing, developed through Sitra’s fair data economy program. The Rulebook model and MyData for Cities approach was used to explore potential new services, as part of MyData Global's Human-Centric Companies and Cities (H3C) project.
Marko Turpeinen from 1001 Lakes shares insights about the Rulebook model - a planning and development tool for data sharing, developed through Sitra’s fair data economy program. The Rulebook model and MyData for Cities approach was used to explore potential new services, as part of MyData Global's Human-Centric Companies and Cities (H3C) project.

Digital Scotland

Nurturing Adoption: Supporting Growth of Early-Stage AI Businesses in Scotland

Recap of the expert panel session on growing AI startups in Scotland. The post Nurturing Adoption: Supporting Growth of Early-Stage AI Businesses in Scotland appeared first on digitalscot.net.

This video shares a talk from the Scottish AI Summit, addressing how best we can support the commercialization of AI technologies to meet real-world needs.

The University of Edinburgh has programmes to nurture data-driven entrepreneurs at different stages on their journey from the seed of an idea to scaling globally. As well as supporting both technology transfer from academic research and home grown businesses, the University is also attracting high growth global AI start-ups.

In this panel session, Katy Guthrie and Laura Bernal from the University’s Data-Driven Entrepreneurship programme will be joined by founders of some the companies they have supported, across different sectors including MedTech and ClimateTech.

The discussion will focus on the opportunities and challenges for companies using AI, how scaling AI driven business can benefit the people of Scotland and the world and what can be done to stimulate activity and address issues.

Introductions – (3m:15s)

Katy Guthrie, the Manager for the University of Edinburgh AI accelerator program commenced the summit by stating the purpose of the panel, which is to explore how best to support the commercialization of AI technologies.

The university has entrepreneurs at different stages on their journey from the seed of an idea to scaling globally, as well as supporting both technology transfer from academic research and home-grown business. The University is also attracting high-growth global AI start-ups.

She introduced the other members of the panel who are founders of AI-driven companies at different stages. They’ve all taken entrepreneurship programs at the university too.

After the introduction, at about 4m:20s Katy listed the topics to be discussed which are:

The role of AI as an enabler. The areas of opportunity. Challenges faced and how well to overcome them.

She describes how they had a recent program that supported 12 AI-driven companies over a period of 6 months and it’s helped companies to build commercial skills, connect them into networks, and to learn from each other.

At 6m:47s Laura Bernal talks about how they supported Ph.D. students and early career researchers who are looking to commercialize IP or research, and that their program helps companies to be more business-minded. They help scientific background people to think about business because they believe academia can have a relationship with industries. She was formerly a founder before she joined the program.

At 8m:14s they are joined by the other panel members introducing themselves and what they do. Xiaoyan Ma, founder and CEO of Danu Robotics introduced herself and talked more about her company.

Then at 9m:00s, she hands over to Lorenzo Conti, a founder and managing director at Crover who talked about his Edinburgh-based startup which focuses on helping grain storage operators like grain merchants, port operators, and cooperatives.

On to Debbie Wake (10m:28s), a medical doctor and clinical academic with the University of Edinburgh. She is also a Co-founder of a digital health company MyWay. She gave a brief talk on how they manage conditions like diabetes, drug response and diagnostic prediction as well as how they offer tools to Education platforms.

Joseph Twigg, CEO of Aveni, introduces his company (11m:56s), also an Edinburgh-based startup, where they focus on natural language processing, delivering and helping with solutions in the service industries. They derive insight and automation from customer conversation.

Scaling AI in Scotland

From 13m:40s Katy moves on to the detail of the discussion, with the main perspective being to identify why it is important to support the scaling of these businesses, which is to boost economic growth and productivity because these companies are creating high-value jobs.

They also support companies that tackle societal issues in Scotland. They have a strong capability in AI in Scotland which is attractive to companies who want to work not just at the University of Edinburgh but in Scotland.

They are often seen as being great at inventing things but not as good as commercializing them. For example from a review it was identified that the UK is ranked third in the world for research in AI but only 11th in its ability to realize Impact from it. So they want to change that and make Scotland seen as an excellent place to build a high-value AI-driven business.

It’s partly about supporting homegrown businesses and also attracting AI start-ups from elsewhere. The key point is about building the ecosystem.

In Scotland, they’ve got lots of big corporates in industries and they need innovative smaller businesses like start-ups that can bring new ideas. Developing and fostering that ecosystem is a key part of what they do at the Bayes Centre of the University of Edinburgh with the data-driven entrepreneurship support program at the university.

The Role of AI as the Enabler (16m:23s)

Here Katy asks the panel why they use AI, to explore what role the technology plays as an enabler.

For example at 17m:04s Joseph said he worked in the financial services industry for 15 years and identified a number of potential scenarios for improved efficiencies through using the technology.

Debbie highlights how they didn’t start as an AI business, but rather as an educational web site for diabetes information, and they came to realize how important data was to that process, and it became clear that AI could play a key role in facilitating better personalized access to that data.

For Lorenzo (20m:00s) they were working with a very novel and complex technology that involves hardware locomotion through a very kind of unstable environment data and they employed AI to tackle several technical challenges in a different part of their product, and to reach the required level of performance. In a very efficient way, AI helped them in the prediction of the robot’s movement around the environment, and since then they have employed it in other areas like the accuracy of their sensors.

At 23m:41s Katy asked Laura if she has any other companies looking up to AI for solutions to early-stage academic problems.

In response to this she mentioned a company that didn’t start as an AI company but later employed AI to model how the results of diagnosis will perform and how effectively it could put them to an advantage over their competitors. She said she has seen many companies that are AI-driven and need AI to increase their competitive advantage.

Finding Opportunities

Laura takes over at 25m:11s and asks the panel if there are other areas where AI can be applied.

For Xiaoyan it will have a huge opportunity in traditional industries such as agriculture risk management and manufacturing. AI can help people in the space to improve their operational efficiency, profitability, and sustainability, and can help in changing the procurement processes.

For Lorenzo (29m:35s), what is needed for the AI solution to work is assistance on how to manage funding.

There’s a need for access to another company’s customers’ data and regulatory bar set very high to train models (Joseph 32m:58s), and AI also needs to make a product that compensates for the risk companies are taking.

If you could do something different this time what it be? (Laura 34m:14s)

According to Joseph, partner selection would be the first thing to do differently, especially in the first critical phase of developing and validating the concept.

Debbie seconds this at 35m:25s, describing their challenge with Information Governance in the NHS, and how bringing in an expert consultancy to address this early on for them would have saved them up to two years of work.

At 38m:00s Laura asks Katy what opportunities she has seen and the ones coming up next. Katy replies that she sees many, in key areas like Natural Language Processing, and that you can view them through a lens of industry vertical or horizontal technology specialisms, and that there is potential to cut across multiple use cases.

She cites an example of a body scanning app that took part in their accelerator, which can be used for e-commerce scenarios where it can be used to match customers sizes to reduce returns, and it can also be used in Healthcare.

Challenges Faced by AI-Driven Business

At 43m:45s the panel moves on to the final topic: Challenges Faced by AI-Driven Business.

These include the volume of data (Debbie 44:23), and when dealing with AI there’s high-risk complexity often that brings in regulatory burden, therefore there’s a need for additional research evaluation risk assessment.

Joseph makes a critical point at 45m:42s, that the Scottish startup support ecosystem is great, but it’s not so great when it comes to encouraging large enterprise organizations to work with those startups. For example providing them incentives to choose to work with a local startup vs AWS.

From 49m:18s, Debbie talked about what can help:

Support within the Scottish ecosystem. Support from using wider support. Support from Scottish Enterprise. They support in a lot of ways around market scoping internationally and have amazing networks and obviously the AI accelerator program.

From 51m:58s Lorenzo adds that there’s a need for support programs that truly understand deep hardware innovators, a challenge globally not just in Scotland.

At 54m:45s Katy asks Joseph: Should early-stage businesses worry about the public perception of AI, or should they just get on with making the best possible solutions?

Lorenzo believes it’s a lot to do with perception, that most people assume AI is intelligent robots when really what is in use is the type of business applications improved by algorithms that have been discussed on this panel. Similarly Joseph adds that while AI is used to augmented processes like those in financial services it is still ultimately a decision made by a human.

Debbie also added that though changing public perception is really hard but as SMEs she thinks they’ve got restricted resources as to how to do that. Working with policymakers and bodies to try and support the industry image is a good thing.

Wrap Up

At 57m:32s: Katy handed over to Laura to round off the summit.

Laura started by accepting the fact that there are always going to be challenges in the process. Therefore she encouraged us to think about how we could help companies that are developing in AI and how we can start changing that infrastructure to overcome those challenges as an ecosystem in general.

In her closing remark, she said the AI accelerator would be opening applications for their next intake in April to start the program in September. And also if anyone wants to scale an AI company should contact Katy through her LinkedIn: Katie Guthrie.

The post Nurturing Adoption: Supporting Growth of Early-Stage AI Businesses in Scotland appeared first on digitalscot.net.


Ministerial Statement – Transforming Scotland’s Tech Sector

Statement to the Scottish Parliament from Kate Forbes on Building Scotland's Tech Ecosystem. The post Ministerial Statement – Transforming Scotland’s Tech Sector appeared first on digitalscot.net.

In this video Kate Forbes, the Cabinet Secretary for Finance and the Economy, delivers a statement to the Scottish Parliament, about transforming Scotland’s tech sector.

In August 2020, the Scottish Government published the “Scottish Technology Ecosystem Review”, which is a blueprint to establish Scotland as a leading hub for tech start-ups. The report was written by Mark Logan, the former Chief Operating Officer of Skyscanner, which was one of Scotland’s first tech companies to achieve a valuation of more than £1 billion.

Professor Logan’s report was greeted with acclaim on publication. It was described as an “exciting route map for how the government and the private sector can work together to build Scotland into a global leader.

Last October, the Scottish Government invited suppliers to tender for a contract to establish a national network of five ‘tech scaler’ hubs in Glasgow, Aberdeen, Dundee, Edinburgh and Inverness.

The hubs will provide Scottish companies with commercial education sourced from the best providers in the world. That education will be complemented with physical co-location, first-rate mentoring and vibrant peer communities. Through state-of-the-art remote technologies, all of that will be available virtually in every community in Scotland.

Those tech scalers are a game changer. The government has established a new organization named Scottish Teachers Advancing Computing Science (STACS) which helps driving improvements in equipment, teacher training and the curation of best practice. Working with Toni Scullion and Brendan McCart, the government has invested more than £1 million pounds to add to schools’ existing stocks of computing hardware.

The Scottish Government also invested a further £500,000 in the digital skills pipeline, a bespoke set of modular courses running from beginner level all the way through to advanced coding. They provided grant funding of £150,000 to CodeYourFuture, a truly exceptional organization that supports refugees with the skills and networks necessary to progress in education and employment.

The Scottish National Investment Bank has agreed to support the all-female investor group, Investing Women Angels, to establish a new investment fund focused exclusively on women and minority founders based in Scotland. That makes Scotland one of very few European nations with a bespoke seed investment fund focused on stimulating the growth of female-led companies, delivering yet another of Mark Logan’s recommendations.

STACS ensures that there is greater choice for young people in their formal subject choices and informal extracurricular activities. It is a teacher-led organization, which starts with teachers. It aims to provide support and expertise to and promote skills among computing science teachers across Scotland.

Many young people in Scotland are choosing to work and study simultaneously, and a number of tech businesses are already taking advantage of that apprenticeship model. According to the government, work has also started on expanding the young person’s guarantee.

The Scottish Government is progressing a number of recommendations specifically around investment and investment funding, to avoid the situation whereby, for a Scottish start-up to expand, grow and develop, it needs to access funding elsewhere. Although no one would dispute that Skyscanner has been a success, some of the recommendations looked at, for example, establishing a series A funding partnership between the Scottish Government, Scottish venture capitalists and external investors; investment vehicles specifically for certain groups, such as female founders.

In the opinion of Kate Forbes, the government has much to do with the 95 per cent of access to broadband that already exists. Clearly reaching the goals of the R100 program it needs to ensure that every property has access to broadband. They will progress that and ensure that it is delivered despite the fact that it is a reserved area and they are stepping into the breach to do that and the work is progressing.

The tech ecosystem fund has supported multiple events for and by women, with more than £160,000 of funding given to Women’s Enterprise Scotland, Female Founder Squad, Mint Ventures and other organizations providing learning and peer networking opportunities and helping to overcome some of the challenges faced by women in tech. There is a clear gender gap in business participation in Scotland. Closing that gap and unlocking the full economic potential of women in enterprise will have a transformative impact on Scotland’s economic performance.

According to Kate Forbes, being able to provide extracurricular activity that creates equity of access to opportunities to learn is so important. The young women are being role models as female founders and in celebrating female computer science teachers, which is critical to all of this. Right now, Education Scotland has a dedicated team that is working with schools and early learning centers specifically to deal with early gender stereotyping and to ensure that that engagement carries on throughout primary school and high school and ultimately into the university years.

The Scottish Government is keen to see more small and medium-sized enterprises embracing the opportunities of technology, and that needs to go hand in hand with cybersecurity. In the past, they have provided financial support, such as vouchers, to help SMEs to do that. She has referred to some of the cyber apprenticeships that all goes hand in hand with promoting best practice across the public, private and third sector.

Video Timeline

0:00 Intro
1:00 Update on Scottish Technology Ecosystem
4:30 Establishment of Scottish Teachers Advancing Computing Science
6:00 Investments in tech sector by Scottish Government
11:00 Q&A Session
16:00 Steps taken by Scottish Government to increase lagging productivity growth
22:24 When new start-ups, apprenticeships and entrepreneurial learning will be delivered?
28:30 How will the government ensure equal opportunities in access for children in more deprived communities to benefit from technology?
34:24 What Steps are being taken to ensure women’s tech businesses play a leading part in transforming Scotland’s tech sector?
36:20 What action is the Scottish Government taking to address the chronic gender imbalance in computer science?
38:25 Providing Cyber Security
39:45 Outro

The post Ministerial Statement – Transforming Scotland’s Tech Sector appeared first on digitalscot.net.


First Minister Nicola Sturgeon Addresses the Launch of Tech Scalers

CodeBase awarded £42m contract to roll out nationwide Tech Scalers network. The post First Minister Nicola Sturgeon Addresses the Launch of Tech Scalers appeared first on digitalscot.net.

Speaking at the Barclays Glasgow Campus on 13 July 2022 First Minister Nicola Sturgeon outlines the Scottish Government’s commitment to supporting entrepreneurship and innovation through the launch of the Tech Scalers network. Video Summary

Barclays will be the host of the Glasgow Tech Scaler hub and that is good news, a further demonstration of how important this campus is going to be not just to Glasgow but to Scotland as a whole.

Over the last few years Scotland’s tech sector has really developed a very strong sense of community, and you can see, hear and feel this. Businesses are constantly sharing and learning from each other’s experiences.

Within the context of the Scottish Government’s overall approach to the economy the establishment of the Tech Scalers are central to the ambition of creating a more entrepreneurial nation, making sure that the commitment to and success in entrepreneurship in a future Scotland is very much chiming with that reputation for enterprise innovation and entrepreneurship that we have down through past generations.

A few months ago, we published the new Scottish government national strategy for economic transformation looking at how particularly we emerge from the Covid pandemic. We want to build a country that is greener, fairer and wealthier for this and generations to come, and to help us achieve those aims that we’ve set very clearly.

There is a need to establish a sense of common purpose among businesses trade unions, government and the many other partners that all need to contribute to building a successful economy and that sense of common purpose is already very striking in the tech and entrepreneurship sectors.

This has been developed in recent years by the likes of CodeBase, FutureX, the Bayes Centre EIE team, as well as by networks like Startup Grind, The Female Founders Squad, the Scottish Games Network and many others besides.

So, it’s something that as government we want to support and encourage across other parts of the economy. In recent years, for example, we funded SCDI to run productivity clubs to bring companies together to learn from each other about how to operate more effectively and how to benefit from new technology. So, it’s a simple but really powerful way of tackling what is one of the biggest issues facing our economy and how do we sustainably increase productivity.

The benefits of that approach where businesses and organizations cooperate and collaborate for a common purpose is already very clear in this sector. In the tech sector, the efforts you’ve made in recent years are already making this sector a very significant Scottish success story. Scottish startups and scale-ups employ more than 135,000 people which is more than anywhere else in the UK outside of London and the south east.

Our universities are recognized rightly as world leaders in areas like data analytics and informatics and we have got enormous strengths as a country in really key areas for the future like AI robotics and FinTech. So we’ve got lots to be proud of we’ve got lots to be enthusiastic and optimistic about.

The sector can still do much better and to illustrate that with just one example in recent years – Scotland has produced three unicorn companies of course valued at more than one billion dollars and two of these have been tech companies. It is something be celebrated but over that same period that Scotland has produced three unicorns, Ireland has produced seven, Estonia ten, Israel sixteen and Sweden thirty five.

Obviously, the creation of unicorn companies isn’t by any stretch of the imagination the only measure of a country’s success but it is a strong indicator and one that we should take seriously. We can and should be doing even more to build on the current strengths that this sector has. Scotland’s ecosystem before the pandemic was closer to this tipping point than at any time in its modern history.

It highlighted that relatively limited interventions by government could help reach that tipping point and it set out what those interventions should be in the three key areas of education, infrastructure and financing. The Scottish government has started implementing these recommendations.

For example, we’ve established a new organization called Scottish Teachers Advancing Computing Science and are designing a new plan for skills development for computer science and teaching. It will help to shape and transform how computer science is taught in our schools. We also establish the tech ecosystem fund which provides support for organizations that help entrepreneurs connect with their peers and with potential investors.

We invited tenders last year to establish the Tech Scalers. The bidding process generated a lot of interest which is really encouraging and has already led to new collaborations between Scottish and international organizations.

The contract has been awarded to CodeBase, who already run a very successful tech incubator in Edinburgh and under the contract they will establish seven Scalers in Aberdeen, Dumfries, Dundee, Edinburgh, Glasgow, Inverness and Stirling.

These hubs will be delivered in partnership with universities, local authorities and businesses. The Scalers will provide the basic infrastructure but also a complete support service for startups, will offer five separate courses for companies at different stages of development from new startups onwards. The course for advanced companies will include free access to a program called Reforge, which is Silicon Valley’s most prestigious education program for tech startups.

CodeBase have also promised to develop a national calendar of events for the tech community and companies led by women and minorities, currently significantly underrepresented amongst tech startups will be prioritized for entry to the incubators.

These companies will also be given extra support that recognizes the greater challenges they currently face in raising investment and developing peer networks. Supporting entrepreneurship is one of the most important interventions any government can make in an economy, so that’s why the new role Mark Logan is taking up as chief entrepreneurship officer is so vitally important.

The Scottish Government is determined to do everything we can to create a more entrepreneurial nation indeed that’s why we’re investing in these tech scalers at a time when we’re facing a tough public spending environment, because we know that by providing the right environment for business government action can help to support a much stronger and more sustainable economy.

Video Timeline

0:00 – Intro
2:00 – Rise of Tech Sector
2:46 – Scottish Government Approach on Tech
7:10 – Impact of Covid-19
16:33 – Supporting Entrepreneurship
17:53 – Outro

The post First Minister Nicola Sturgeon Addresses the Launch of Tech Scalers appeared first on digitalscot.net.

Monday, 29. August 2022

Trust over IP

ToIP Steering Committee Member, the Government of British Columbia,  Improves Sustainability Reporting with Digital Trust Technology

While many self-sovereign identity solutions offer tools for individuals, a government team from Canada is using digital trust technology to improve sustainability reporting in the natural resource sector for organizations.   ... The post ToIP Steering Committee Member, the Government of British Columbia,  Improves Sustainability Reporting with Digital Trust Technology appear

While many self-sovereign identity solutions offer tools for individuals, a government team from Canada is using digital trust technology to improve sustainability reporting in the natural resource sector for organizations.   

Nancy Norris

The Government of British Columbia (B.C.) – a Trust Over IP (ToIP) Steering Committee Member – initiated the Energy & Mines Digital Trust (EMDT) project under the Ministry of Energy, Mines and Low Carbon Innovation (EMLI) to facilitate the transition to a resilient, clean economy. EMDT’s pilot enables a collaborative digital ecosystem between the B.C. government, natural resource companies, and organizations around the world to improve sustainability reporting using digital credentials. Digital credentials make sustainability reporting more efficient, enhance business-to-business trust, and protect data from manipulation. Digital credentials can be checked in real time, expediting access to trustworthy information. These trusted, verifiable digital credentials are the core digital trust technologies being piloted and the trust ecosystem in which they operate are defined in ToIP architecture, governance, and related documents.   

Join members of the open-source community as they share projects, discuss problems, and collaborate on new solutions at three Linux Foundation conferences this September. Attend one of three sessions featuring EMDT’s business application of digital credentials with Nancy Norris, Senior Director of ESG & Digital Trust in the Ministry for Energy, Mines and Low Carbon Innovation for the Government of British Columbia, and Kyle Robinson, Senior Strategic Advisor.

Kyle Robinson Hyperledger Global Forum, September 12: Learn how EMDT is enabling and accelerating the B.C. government’s entry into a digital trust ecosystem by creating a simple and secure way to share sustainability data, certifications, and credentials.     Trust Over IP Summit, September 14: In Session 2, witness a demo, exchanging digital credentials between an environmental auditor, a mining company, and the Government of British Columbia. Stay for Session 4, to learn how and why digital trust ecosystems benefit government bodies.   Open Source Summit Europe, September 15: EMDT will participate in the “Blockchain in Action in the Fight Against Climate Change” panel session with Hyperledger’s Daniela Barbosa and others to discuss the role of government in creating digital trust ecosystems and how enhanced sustainability reporting supports climate goals.  

To learn more about Energy & Mines Digital Trust, be sure to include the Trust Over IP Summit as a co-located event to your Open Source Summit Europe registration and/or register for Hyperledger Global Forum.

The post ToIP Steering Committee Member, the Government of British Columbia,  Improves Sustainability Reporting with Digital Trust Technology appeared first on Trust Over IP.


FIDO Alliance

TechNative: Your top IT governance questions answered

Security threats are always changing and evolving causing us to shift gears into how we can better approach authentication. While there are plenty of authentication methods, the root of the […] The post TechNative: Your top IT governance questions answered appeared first on FIDO Alliance.

Security threats are always changing and evolving causing us to shift gears into how we can better approach authentication. While there are plenty of authentication methods, the root of the security problem is the password. Traditional MFA solutions have proven to provide little additional assurance and leave companies vulnerable unless they make a change. By eliminating the password, we can eliminate the most common cyber-attack vector. Passwordless MFA (PMFA) is the only way to break this cycle. PMFA is phishing resistant and is core to the Zero Trust model which is part of FIDO2. CISA has endorsed FIDO2 as the gold standard for authentication. By eliminating the weakest part of the security chain, automated attacks are virtually eliminated. 

The post TechNative: Your top IT governance questions answered appeared first on FIDO Alliance.


Intelligent CISO: Experts discuss the changing role of the CISO and its impacts on management style

The role of the Chief Information Security Officer (CISO) has notably changed since the COVID-19 pandemic. According to Dale Heath, Technology Lead at Rubrik A/NZ, “A holistic security approach – […] The post Intelligent CISO: Experts discuss the changing role of the CISO and its impacts on management style appeared first on FIDO Alliance.

The role of the Chief Information Security Officer (CISO) has notably changed since the COVID-19 pandemic. According to Dale Heath, Technology Lead at Rubrik A/NZ, “A holistic security approach – combining infrastructure, cloud and data security (or end-to-end Zero Trust security) – is required to help keep an organisation safe.”  “This means bringing together prevention, detection and investigation as well as ensuring data resilience, data observability and data recovery.”  The next plan of action is to go passwordless. The industry is on the cusp of replacing passwords and legacy Multi-Factor Authentication (MFA) methods with modern open authentication standards, like FIDO2. These standards will enable widespread adoption of phishing-resistant and usable security, and hopefully, will be able to help CISOs to eradicate an entire class of issues that have long been associated with passwords.

The post Intelligent CISO: Experts discuss the changing role of the CISO and its impacts on management style appeared first on FIDO Alliance.


Security Insider: Passwordless authentication

Two-factor authentication (2FA), Fast IDentity Online (FIDO), WebAuthn, Push-to-Approve or Token – what is future-proof and will prevail? Will passwordless authentication soon be the new standard? We explain. The post Security Insider: Passwordless authentication appeared first on FIDO Alliance.

Two-factor authentication (2FA), Fast IDentity Online (FIDO), WebAuthn, Push-to-Approve or Token – what is future-proof and will prevail? Will passwordless authentication soon be the new standard? We explain.

The post Security Insider: Passwordless authentication appeared first on FIDO Alliance.


SC Magazine: How orchestration can accelerate the end of passwords

The information industry is making a major push to improve identity and access management protocols so that users can obtain the answers they need swiftly and securely. More than 200 […] The post SC Magazine: How orchestration can accelerate the end of passwords appeared first on FIDO Alliance.

The information industry is making a major push to improve identity and access management protocols so that users can obtain the answers they need swiftly and securely. More than 200 companies have joined the Fast Identity Online Alliance, or FIDO, to consolidate resources and support for passwordless authentication. As part of this movement, identity orchestration has emerged as a viable path for companies to put their passwordless plans into action.

The post SC Magazine: How orchestration can accelerate the end of passwords appeared first on FIDO Alliance.


IT Pro: Signal confirms 1,900 of its users were hit by Twilio breach

In the last few days, the encrypted messaging platform, ‘Signal’ confirmed a variety of their customers fell victim to the phishing attack on Twilio. It is estimated that 1,900 were […] The post IT Pro: Signal confirms 1,900 of its users were hit by Twilio breach appeared first on FIDO Alliance.

In the last few days, the encrypted messaging platform, ‘Signal’ confirmed a variety of their customers fell victim to the phishing attack on Twilio. It is estimated that 1,900 were affected by the breach via phone number and SMS verification links to “reset passwords” on a phony Twilio link. By posing as Twilio’s IT dept, the hackers were able to obtain victim’s login credentials. Unfortunately, it is still unclear who was behind this attack. Cloudflare also revealed they were subjected to a phishing attack around the very same time as Twilio, but was not breached as an end result owing to the corporation-vast use of hardware-centered, FIDO2-compliant multi-factor authentication (MFA) keys.

The post IT Pro: Signal confirms 1,900 of its users were hit by Twilio breach appeared first on FIDO Alliance.


it-daily: The future of password security is passwordless

To create even more secure, easier and faster login solutions for everyone, 1Password has spent nearly two decades making logins more convenient and recently joined the FIDO Alliance to create […] The post it-daily: The future of password security is passwordless appeared first on FIDO Alliance.

To create even more secure, easier and faster login solutions for everyone, 1Password has spent nearly two decades making logins more convenient and recently joined the FIDO Alliance to create a better future for authentication. Because as technology advances, new authentication methods continue to emerge – even without a password.

The post it-daily: The future of password security is passwordless appeared first on FIDO Alliance.


Linux Foundation Public Health

LFPH tackles the next frontier in Open Source Health Technology: The rise of Digital Twins

With the Digital Twin Consortium, Academic Medical Centers and other LF projects, Linux Foundation Public Health addresses open software for next generation modeling Among the many challenges in our global healthcare delivery...

With the Digital Twin Consortium, Academic Medical Centers and other LF projects, Linux Foundation Public Health addresses open software for next generation modeling Among the many challenges in our global healthcare delivery landscape, digital health plays an increasingly important role on almost a daily basis, from personal medical devices, to wearables, to new clinical technology and data...

Source


The Engine Room

Ethical considerations for open source investigations

University of Essex is proud to publish a report, and an accompanying workbook, created with the support of The Engine Room, which outline the ethical considerations that should be taken into account when conducting open source investigations for human rights advocacy or legal accountability. The post Ethical considerations for open source investigations first appeared on The Engine Room.

Today, human rights abuses are often documented as they happen and quickly shared with others around the world: war is streamed live through digital communications technologies. Protesters carry cameras into the streets and film arrests or the misuse of teargas. Perpetrators share videos of violence in messaging groups. All of this is possible through cheap camera sensors in mobile telephones that allow their owners to film and share videos on social media platforms thanks to high-speed internet connections. The collection, analysis and publication of this information – and other digitally mediated data like satellite imagery and social media profiles – by journalists and human rights investigators has become known as open source investigations. This investigative technique has grown in prevalence over the past decade. Collecting videos and photographs of possible human rights abuses or violations of the laws of war is now part of the researcher’s methodological toolbox. Yet all too often, the collection, verification and use of open source information can happen without thinking through all the ethical considerations. 

In March, the Human Rights, Big Data and Technology Project (University of Essex) published a report, and an accompanying workbook, created with the support of The Engine Room, which outline the ethical considerations that should be taken into account when conducting open source investigations for human rights advocacy or legal accountability.

The report outlines a Human Rights-Based Approach (HRBA) to open source investigations that tries to ensure that human rights organisations do not adversely affect the enjoyment of the human rights they seek to protect. The accompanying Responsible Open Source Investigations Workbook is designed to support the human rights researcher using open source information to make the best possible judgements in the particular context they are working in. 

Read the report Read the workbook

While we have reason to appreciate the increased visibility of serious international crimes that warrant investigation, these probes come with difficult decisions and raise human rights and ethical challenges. The appeal of open source investigations in allowing investigators to map violations across time and space pull these concerns to the fore. Open source research can, for example, uncover the identity of witnesses, victims or perpetrators and the location of a crime in near real time, potentially placing these people at risk. Open source research relies on the collection and analysis of large data sets that create and expose patterns in data. Human rights investigators and their organisations not only need to be aware of the ethical challenges this form of research presents; they also must consider and integrate their responses to them as they plan, execute and make public their research.

We hope this report and workbook offer material to open source human rights investigators and other organisations applying such an approach to their research, with discussion points that ensure that this rapidly-developing field always remains focused on the victim. 

As Zara Rahman and Gabriela Ivens highlight in the book Digital Witness, “the end mission of defending human rights and revealing rights violations means that investigators should be particularly cautious about their actions and understand the responsibility they carry. In essence: human rights should not be violated during the process of a human rights investigation”.

Photo by Rohit Ranwa via Unsplash.

The post Ethical considerations for open source investigations first appeared on The Engine Room.

OpenID

Guest Blog: Frederico Schardong Participates in Identiverse 2022 as a Kim Cameron Award Recipient

Despite the fact that I only discovered Kim Cameron’s seminar article on the seven laws of identity many years after it was published, it felt as current as anything new I was reading when I first began studying identity. Going through his thought-provoking blog posts about identity and privacy also provided me with ideas and […] The post Guest Blog: Frederico Schardong Participates in Identivers

Despite the fact that I only discovered Kim Cameron’s seminar article on the seven laws of identity many years after it was published, it felt as current as anything new I was reading when I first began studying identity. Going through his thought-provoking blog posts about identity and privacy also provided me with ideas and considerations that I could not find anywhere else. As a result, I am deeply honored to be one of the first recipients of the award in his honor in recognition of my work in this field.

My journey with digital identity began as a back-end web developer who was curious about how the systems I was helping to build handled users’ passwords, as well as having to implement single sign-on using SAML. Many years later, when I began pursuing a PhD, my advisor suggested that I specialize in electronic identity at our very first meeting. After reading numerous books, papers, protocol specifications, and implementations, I am now researching quantum-safe IAM protocols and self-sovereign identity.

One of my first thoughts while attending the conference was how excited I was to meet the giants who wrote the protocols I have been studying and actively implementing in my academic research. However, Identiverse provided me with much more. The opportunity to (physically) reach out to many like-minded people outside of academia who are interested in the challenges of security and privacy in IAM is perhaps the most valuable outcome.

Furthermore, learning about the most recent developments in the OIDC working groups FAPI, eKYC & IDA, and SSE, as well as the work on the OAuth side of the force with OAuth 2.1, PKCE, and RFCs 9068, 9126, and 9207, was extremely beneficial. Furthermore, it was only through attending Identiverse that I discovered that a sizable portion of the IAM industry is focusing on multi-factor authentication, which surprised me because I assumed this was already well established.

I am grateful to the OpenID Foundation for this incredible opportunity and eager to collaborate with the identity community.

Frederico Schardong
PhD Candidate at Federal University of Santa Catarina

The post Guest Blog: Frederico Schardong Participates in Identiverse 2022 as a Kim Cameron Award Recipient first appeared on OpenID.

Saturday, 27. August 2022

OpenID

Public Review Period for Proposed Final JWT Secured Authorization Response Mode for OAuth 2.0 (JARM) Specification

The OpenID Financial-grade API (FAPI) Working Group recommends approval of the following specification as an OpenID Final Specification: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM) A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision. This note starts the 60-day public review period for […] Th

The OpenID Financial-grade API (FAPI) Working Group recommends approval of the following specification as an OpenID Final Specification:

JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)

A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision. This note starts the 60-day public review period for the specification draft in accordance with the OpenID Foundation IPR policies and procedures. Unless issues are identified during the review that the working group believes must be addressed by revising the draft, this review period will be followed by a seven-day voting period during which OpenID Foundation members will vote on whether to approve this draft as an OpenID Final Specification. For the convenience of members, voting will actually begin a week before the review period ends, for members who have completed their reviews by then.

The relevant dates are:

Final Specification public review period: Saturday, August 27, 2022 to Wednesday, October 26, 2022 (60 days) Final Specification vote announcement: Thursday, October 13, 2022 Final Specification early voting opens: Thursday, October 20, 2022 Final Specification official voting period: Thursday, October 27, 2022 to Thursday, November 3, 2022 (7 days)*

* Note: Early voting before the start of the formal voting will be allowed.

The FAPI working group page is https://openid.net/wg/fapi/. Information on joining the OpenID Foundation can be found at https://openid.net/foundation/members/registration. If you’re not a current OpenID Foundation member, please consider joining to participate in the approval vote.

You can send feedback on the specification in a way that enables the working group to act upon it by (1) signing the contribution agreement at https://openid.net/intellectual-property/ to join the working group (please specify that you are joining the “FAPI” working group on your contribution agreement), (2) joining the working group mailing list at https://lists.openid.net/mailman/listinfo/openid-specs-fapi, and (3) sending your feedback to the list.

— Michael B. Jones – OpenID Foundation Board Secretary

The post Public Review Period for Proposed Final JWT Secured Authorization Response Mode for OAuth 2.0 (JARM) Specification first appeared on OpenID.

Second Implementer’s Draft of RISC Profile Approved

The OpenID Foundation membership has approved the following Shared Signals and Events (SSE) specification as an OpenID Implementer’s Draft: OpenID RISC Profile Specification 1.0 An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. The Implementer’s Draft is available at: https://openid.net/specs/openid-risc-

The OpenID Foundation membership has approved the following Shared Signals and Events (SSE) specification as an OpenID Implementer’s Draft:

OpenID RISC Profile Specification 1.0

An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification.

The Implementer’s Draft is available at:

https://openid.net/specs/openid-risc-profile-specification-1_0-ID2.html

The voting results were:

Approve – 57 votes Object – 1 vote Abstain – 4 votes

Total votes: 62 (out of 274 members = 22.6% > 20% quorum requirement)

— Michael B. Jones – OpenID Foundation Board Secretary

The post Second Implementer’s Draft of RISC Profile Approved first appeared on OpenID.

Friday, 26. August 2022

Elastos Foundation

Elastos Bi-Weekly Update – 26 August 2022

...

Thursday, 25. August 2022

OpenID

OpenID Connect for Identity Assurance – Overview & Call to Action

Introduction At the start of 2020 a new workgroup was formed under the OpenID Foundation that was to continue on from activities that had been ongoing in the AB/Connect Working Group | OpenID for some months. That new working group came to be known as the eKYC & Identity Assurance Working Group. The initiation of that activity was […] The post OpenID Connect for Identity Assura
Introduction

At the start of 2020 a new workgroup was formed under the OpenID Foundation that was to continue on from activities that had been ongoing in the AB/Connect Working Group | OpenID for some months. That new working group came to be known as the eKYC & Identity Assurance Working Group.

The initiation of that activity was off the back of a IPR donation from yes.com of an extension to OpenID Connect that they had created.

What Is It?

OpenID Connect for Identity Assurance 1.0 (OIDC4IDA for short) is an extension to OpenID Connect Core

OpenID Connect for Identity Assurance 1.0 Current Status

Implementers Draft 4 is currently available for review – Fourth Public Review Period for OpenID Connect for Identity Assurance Specification Started.

There is a beta version of the Conformance testing suite that supports OIDC4IDA available on request that was developed through directed funding and will allow implementers to check their implementations conform to the specification, making implementation of interoperable solutions cheaper and easier.

The current spec is already being adopted in a number of places including Germany, UK, EU and being seriously considered for use in Australia.

What is OIDC4IDA Good For?

OpenID Connect for Identity Assurance is primarily focussed on addressing use-cases where the details of the assurance process used to verify and validate the end-users identity need to be explicitly communicated.

The working group believes it’s a good fit for account opening, staff on-boarding, account recovery and access to restricted services where communication of how the underlying identity was established is needed.

Who Built It?

The inspiration for OpenID Connect for Identity Assurance was from yes.com in Germany and donated to the OpenID Foundation in 2019. It has seen further development from a wide range of people from many countries and businesses of many types, including software vendors, services companies, network operators, consultancies, banks, and healthcare providers.

How Does It Work?

OpenID Connect for Identity Assurance is intended to be a lightweight extension to OpenID Connect and uses the authorization code flow of OpenID Connect Core including allowing for end user approval. It encourages the use of the claims request parameter where the relying party expresses which parts of the identity data and metadata it needs, and it defines a schema for communication of “verified claims”. The “verified claims” specification has two child elements one with information about “verification” (and validation), and the other containing the verified end-user claims themselves.

Security concerns relating to exchange of sensitive personal data via OIDC4IDA should be addressed simply through use of the output of the FAPI Working Group which you can read about in this white paper.

Implementations

OpenID Connect Identity Assurance / eKYC | Connect2id

GitHub – identityfirst/eKYC-Hub: This repository provides code for eKYC Hub application

OpenID Connect for Identity Assurance, explained by an implementer | by Takahiko Kawasaki | Medium

OpenID Connect for Identity Assurance 1.0 Roadmap

 

Call to Action Review the Implementers draft provide feedback (and vote if you have an OIDF membership) Review (and vote if you can) on the Final that is planned for Q4 2022 Tell your peers about OIDC4IDA Implement for use cases where OpenID for IDA is a good fit Use the Conformance testing tool to check your implementation for conformance and interoperability The post OpenID Connect for Identity Assurance – Overview & Call to Action first appeared on OpenID.

Wednesday, 24. August 2022

Next Level Supply Chain Podcast with GS1

Summer Supply Chain Roundup

It’s been one heck of a year in supply chain – everything from shortages to adaptation, to cutting-edge innovation and technology, to optimism for a digitized and automated future. Sit down with Reid and Liz to recap the year, what we learned, and the exciting things we are looking forward to as the supply chain evolves

It’s been one heck of a year in supply chain – everything from shortages to adaptation, to cutting-edge innovation and technology, to optimism for a digitized and automated future. Sit down with Reid and Liz to recap the year, what we learned, and the exciting things we are looking forward to as the supply chain evolves

Tuesday, 23. August 2022

Ceramic Network

Configuring a Ceramic Node Using AWS

In this guide you will learn how to configure and run a Ceramic node for development in AWS. AWS is not the only cloud provider you can use to run a Ceramic node, but we will cover the other major providers in a separate blog post. The general steps are

In this guide you will learn how to configure and run a Ceramic node for development in AWS. AWS is not the only cloud provider you can use to run a Ceramic node, but we will cover the other major providers in a separate blog post. The general steps are going to be the same regardless of cloud provider, so you could adapt what you read here for your favorite cloud.

This post will cover running a Ceramic node in bundled mode, which is suitable for development and testing purposes.

Prerequisites

Before you can run a Ceramic node on AWS you’ll need a few things.

AWS Account. Although billing information is required to create an account with AWS, this post will make use of AWS Free Tier services to minimize cost Basic understanding of the Linux Command Line Preparing AWS for Ceramic

Once you have an AWS account you will need to configure a few things in AWS so that your Ceramic node can be accessed.

You will be creating a Linux EC2 instance, which you will then connect to using SSH. The recommended way to do this through AWS is to configure and use an Amazon EC2 Key Pair.

If you already have a key pair you wish to use you can head directly to the Configuring Security Groups section.

Creating a key pair

Step 1
From the AWS Management Console use the search bar to locate the EC2 Key Pair Feature page by typing in key pairs and selecting the corresponding EC2 Feature.

Step 2
Click the Create key pair button in the top right corner of the page.

Step 3
Configure the new key pair with the following options:

Name: ceramickeypair Key pair type: RSA Private key file format: .pem If you are using a Windows machine select .ppk and make sure you have PuTTY installed Tags: you do not need to add any tags, but you can if you’d like to organize your resources

Once you have those options selected click the Create key pair button.

You should be prompted to download the newly created key pair file. Save it somewhere that you will remember.

You will need this in a future step so don’t lose it!

You should now have a key pair populated in the management console as well as downloaded to your local machine.

This will be the private key used when connecting to the EC2 instance we will create using SSH.

Configuring Security Groups

The next thing you will need is an AWS Security Group for your soon-to-be-created EC2 instance. Security groups act as a virtual firewall for EC2 instances. To reach your Ceramic node you will need to have the proper ports configured in a security group.

Step 1
From the AWS Management Console use the search bar to locate the EC2 Security Groups Feature by typing security groups.

Step 2
You will most likely see a default security group. You can ignore this security group for now.

Click the Create security group button in the top right corner of the page.

Step 3
Configure the new security group with the following parameters:

Basic details

Security group name: ceramicservers Description: allow access to Ceramic services VPC: Leave as default unless you have a more complex AWS environment

Inbound rules

Rule 1:

Type: Custom TCP Port range: 7007 Source: Anywhere-IPv4 Description: Ceramic port

Rule 2:

Type: SSH Source: Anywhere-IPv4 Description: SSH port

Outbound Rules

Leave as default

Tags

Leave as default

Once you have filled in these configuration options click the Create security group button.

You should now see the newly-created security group in the management console.

Creating a Ceramic Node

Now that all of the AWS environment setup is complete it's time to begin building a Ceramic node in the cloud.

Creating an EC2 Instance For Ceramic

Step 1
From the AWS Management Console use the search bar to locate the EC2 Service by typing EC2 and selecting the corresponding service.

You should now be able to see the associated EC2 Resources that you set up in previous steps. If you are working from a new AWS environment you will see that there is 1 key pair and 2 security groups.

If you do not see these resources, ensure that you are viewing the proper region. Sometimes the AWS Management Console will display resources from different regions and can make it appear as though resources are missing when they are in fact in a different region.

Step 2
Below the Resources box you will see a Launch instance section. Click the orange Launch instance button in this section and select Launch instance from the drop down menu that appears.

Step 3
You are now ready to begin configuring an EC2 instance for your Ceramic node. This screen can seem a little daunting with all the options, so take extra care to configure options properly before launching your instance.

Improper configuration could result in charges to your AWS account. 3Box Labs and the Ceramic Network are not responsible for any charges you incur while working with cloud resources. Please double check all your work and understand the AWS billing process before proceeding.

Configure your EC2 instance with the following options:

Name and Tags

Name: Ceramic

Application and OS Images

AMI: Amazon Linux 2 AMI (HVM) - Kernel 5.10, SSD Volume Type (Free tier eligible) Architecture: 64-bit (x86

Instance Type

Instance type: t2.micro (free tier eligible)

Key pair

Key pair name: ceramickeypair

Network Settings

Firewall: Select existing security group Common security groups: ceramicservers

Configure Storage

1x: 15gb GiB: gp2

Advanced details

default

Once you have added these configuration details, set the Number of instances to 1 and click the orange Launch instance button located at the bottom of the Summary

Step 4
The Launch an instance page should now have a button that allows you to View all instances. Click the View all instances button to continue.

You will now see a new EC2 instance named Ceramic Server running in your environment.

In the next section you will connect to this instance and configure your Ceramic node.

Connecting to The Newly Created EC2 Instance

Connecting to this newly created EC2 instance will vary based on your operating system. If you are using Windows you will need an SSH client, such as PuTTY. If you are using Linux or MacOS you will be able to use the built-in SSH client located in the Terminal.

The instructions that follow will only cover the Linux and MacOS terminal. Once connected to the instance all commands and steps will be the same regardless of which operating system you are using.

Step 1
In the AWS Management Console select the Ceramic Server EC2 instance and click on the Connect button located near the top of the screen.

After clicking the Connect button select the SSH client tab to see the connection instructions for your instance. Your details will be different from what you see in the screenshot below since AWS populates this information dynamically.

Step 2
This step will guide you through the instructions located on the SSH client tab of the Connect to instance page.

Open your terminal and locate the key pair file you downloaded in Step 3 of the Preparing AWS for Ceramic section, it should be named ceramickeypari.pem if you followed along with the earlier steps.

This file may also have a .cer extension. This is perfectly fine and can be treated as a .pem file.

In this example the ceramickeypair.cer file is located in the Home directory of the logged in user.

When you download this file from AWS it downloads with improper permissions for use. If you try to use this file with your SSH client you will see an error explaining that the file has too many permissions to be used safely. Let’s fix that now by reducing the permissions granted to this key file.

In the terminal run the following command:

chmod 400 ceramickeypair.cer

There will be no output from this command, but if you inspect the permissions you should now see that this file is only able to be read by the owner. Learn more about file permissions.

Now that your file permissions are properly restricted, use your terminal to connect to your EC2 instance. The connection information can be found in the example at the bottom of the Connect to instance page you opened above in Step 1. Your details will differ from what you see below.

ssh -i "ceramickeypair.cer" ec2-user@ec2-54-215-186-11.us-west-1.compute.amazonaws.com

When prompted to accept the fingerprint, type the word yes to continue connecting to your instance.

You should now see the terminal change to reflect that you are connected to the EC2 instance.

You are now connected to your EC2 instance using SSH. Any commands you run inside this terminal will execute on the remote instance located on AWS.

Installing Ceramic Dependencies

Step 1
When you launch a fresh AWS instance, it’s always a good practice to start by updating the package manager. This Amazon Machine Image(AMI) uses yum as its package manager. To update the packages on the system run the update command as an administrator. In this case we will add the -y flag to skip being prompted if we are sure we want to apply the updates.

sudo yum update -y

There will be an overwhelming amount of information on the screen after you enter this command. The most important piece is at the end where the result of the command says complete and you have control of your prompt once more.

Step 2
One great thing about cloud computing is that the virtual machines provided for use are slim and often do not contain unnecessary software.

One downfall about cloud computing is that the virtual machines provided for use are slim and often do not contain the necessary software for our use case!

For a Ceramic node, your server will need NodeJS version 16 installed on it. The simplest way to manage different version of NodeJS is through the use of a tool called [Node Version Manager(NVM)].

To download and install NVM on your EC2 instance run the following command in the terminal:

curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.1/install.sh | bash

It is important to note that NVM is frequently updated, you should always check the GitHub repository to ensure you are getting the most up-to-date version of NVM. This guide will NOT be updated as NVM versions change.

Once you see the information about what was added to the .bashrc file, NVM has been successfully installed.

However if you try to run NVM right now the terminal will display an error telling you the command nvm is not found.

To fix this error you need to “source” the .bashrc file to reload it into the current terminal session. Use the terminal to accomplish this. There will be no output from this command.

source .bashrc

Now if you type nvm into the terminal you should be greeted with the help text for this command.

nvm

Using NVM, install NodeJS Version 16.

nvm install 16

Your instance is now set up and ready to run Ceramic. Let’s get Ceramic running next!

Install and Run Ceramic

If you’ve made it this far then rejoice… the hard parts are over! Now you simply need to download and run Ceramic, and your AWS Ceramic Node will be fully accessible for your application.

Step 1
Use NPM to install the Ceramic daemon.

npm install -g @ceramicnetwork/cli

The amount of output from this command will be overwhelming; however, near the bottom of the output, you should see a message telling you that new packages have been added to your system.

Step 2
Run the Ceramic daemon to make this a usable Ceramic node.

ceramic daemon

Since you are running Ceramic in bundled mode, the output of this command will contain information about IPFS, to include peer discovery as well as Ceramic configuration information. When you see the message saying “Ceramic API running on 0.0.0.0:7007” you are ready to go.

Congratulations, you now have a Ceramic node running on AWS!

As you may have guessed, this is not an ideal setup. If you disconnect from this terminal session, shutdown the EC2 instance or perform many other tasks this process will terminate and your Ceramic node will be unreachable.

You may want to look into creating start-up scripts for your instance to ensure that the Ceramic daemon runs when the instance starts.

What’s next?

The only thing left is to connect to your instance using a Ceramic client.

Example using the Ceramic HTTP Client:

import CeramicClient from '@ceramicnetwork/http-client' const API_URL = 'https://yourceramicnode.com' //AWS Public IPv4 info const ceramic = new CeramicClient(API_URL)

Example using the Glaze CLI:

glaze config:set ceramic-url http://<AWS Public IPv4>:7007 Summary

You have now configured a Ceramic node in AWS that is accessible to anyone you share the IP Address or DNS address with.

It’s important to remember that Ceramic in bundled mode is intended for development purposes. Similarly to cloud providers other than AWS, future blog posts will guide you through setting up a node for production purposes.

Stay tuned for more Ceramic guides and tutorials. In the meantime, join us in the Ceramic forum for more direct help from our team and community!


OpenID

Guest Blog: Michal Kepkowski’s Experience as a Kim Cameron Award Recipient at Identiverse 2022

Being one of the first recipients of the Kim Cameron Award is a great honour and distinction. Kim’s contribution to the identity world impacted and inspired many individuals, including me. Reading his blog and studying the laws of identity helped me advance in my professional and academic career. Therefore, for me, the reward has a […] The post Guest Blog: Michal Kepkowski’s Experience as a Kim C

Being one of the first recipients of the Kim Cameron Award is a great honour and distinction. Kim’s contribution to the identity world impacted and inspired many individuals, including me. Reading his blog and studying the laws of identity helped me advance in my professional and academic career. Therefore, for me, the reward has a special personal value.

I believe that the Kim Cameron Award program is a remarkable initiative connecting academia with the industry. Being a member of both, I can say that there is a significant gap between what is being researched and what is required in the IAM space. As a result, many young and talented researchers struggle to apply their research into real-world applications. Therefore, I firmly believe that promoting academia and industry collaboration should be a key objective for both sides. Global organisations and consortia are the perfect bodies to encourage and incubate industry research projects. That is why I would like to thank the OpenID Foundation and sponsors for taking the initiative and organising this year’s edition of the award. I hope the program will continue and help other researchers to expand their horizons of knowledge, as it did for me.

Thanks to the award I was able to participate in the Identiverse 2022 conference in Denver. I must admit that feeling the spirit of innovation was worth travelling almost half the world (on an over 16-hour flight from Sydney). The conference agenda had an abundance of insightful talks from over 150 speakers. Admittedly, it was difficult to decide which presentation to attend because there were a few simultaneous tracks. I found it particularly interesting to learn the trends and future development directions from the identity leaders during the keynote and panel sessions. On the subject of trends, my takeaways from the conference are threefold. Firstly, the identity community introduced a vision of a new passwordless world. A concept called passkeys (FIDO2 enhanced with multi-device FIDO credentials) was presented and discussed in several sessions, offering a promising first step for public adoption. A second widely discussed technology, which has the potential to revolutionise how identity is implemented, was verifiable credentials. With the recently released OpenID Connect specification to support W3C Verifiable Credentials and Microsoft’s presentations of technology, I am deeply convinced that user-centric identities will shortly reach the mainstream. Finally, the GAIN (Global Assured Identity Network) project seems to gain traction. It is an incredible work of the OpenID Foundation to make identity networks interoperable, and thus allow the use of the same identity globally (just like a credit card).

Identiverse gathers innovators and leaders from the identity industry. And, in fact, I thoroughly enjoyed networking with them. Hallway talks and social events in the evening were perfect opportunities to meet new people and exchange ideas. Listening to the various points of view on the burning issues of identity gave me a perspective on how complex and wide the IAM landscape is. Personally, I am grateful for having been able to meet all the amazing people in person.

The Kim Cameron Award definitely expanded my knowledge and allowed me to smoothly enter the community of identity professionals. Meeting OpenID Foundation members and attending the workshops made me realise the full potential of the Foundation’s work, and encouraged me to participate in its initiatives.

Michal Kepkowski
PhD Student
Macquarie University, Sydney, Australia

The post Guest Blog: Michal Kepkowski’s Experience as a Kim Cameron Award Recipient at Identiverse 2022 first appeared on OpenID.

Hyperledger Aries

Investing in Verifiable Credentials, Technical Interoperability and Open Source

Our 20 Year Journey Like many provinces and territories in Canada, British Columbia (BC) has a long history of providing secure access to online government services. We started our journey... The post Investing in Verifiable Credentials, Technical Interoperability and Open Source appeared first on Hyperledger Foundation.
Our 20 Year Journey

Like many provinces and territories in Canada, British Columbia (BC) has a long history of providing secure access to online government services. We started our journey 20 years ago with the introduction of BCeID, a simple username and password solution. A lot has changed since then!

Today, we are investing in Verifiable Credentials (VCs) and a digital wallet. We see these as the cornerstones in the evolution of our digital strategy, adding a much needed layer of trust to the digital economy.  

We want to share what we are doing, why we focus on interoperability and open-source, and why we are excited about VCs being our natural next step.

Why We Care

As a public sector organization, BC has a strong interest in seeing the adoption of technologies that are secure, privacy-preserving, and convenient.  

Digital is obviously everywhere. In 2021, 94% of BC citizens said they are online, and 90% of Canadians have smartphones. Also, according to the Business Council of Canada, in the last decade Canada’s digital economy grew 40% faster than the overall world economy.  In Digital ID terms, this growth is an opportunity to make people’s online lives easier and safer.

We also know that cybersecurity threats are growing and there are no signs of it slowing down. BC sees an astonishing 496 million unauthorized access attempts per day – that’s 5,741 every second! Identity theft and fraud also continues to rise. We need digital trust solutions that counter this increasing risk.

In responding to this new reality, we recognize that people are familiar and comfortable with the many credentials that governments issue today. Things like physical copies of drivers’ licenses, health cards, passports, permits, and reports are widely accepted and trusted.  In BC, we are building on that trust and moving towards providing the same things digitally. We are also enabling confidential connections through the wallet to give people choice and confidence in their digital lives.  

BC’s Approach 

Clearly, digital trust goes far beyond just the government. Canadians expect more access, with greater security, to high-value services in both the public and private sectors. VCs and the wallet provide a highly flexible way to achieve that goal.

Collaboration is critical to achieving that goal and it’s important to us. BC’s Chief Information Officer, CJ Ritchie, strongly advocates for us working together to meet the expectations of Canadians.  She notes, “If we don’t all act together to deliver solutions that protect privacy and interact securely, trust will erode and there will be negative impacts for businesses, people’s livelihoods, and the broader digital economy.”

As our approach evolves, we also remain keen to support open source solutions that interoperate with other national and international efforts. There is no dominant design yet, no one network or technology, so we must remain nimble and flexible in our exploration. We also need to coexist with existing identity solutions that millions of British Columbians already rely upon.

Technology Interoperability

In exploring VCs, BC is contributing to solutions that allow agents to verify credentials from multiple networks. Indeed, through one of our Code With Us initiatives, DID indy, we contributed over 11,000 lines of open-source code to support and prove the viability of a “network of networks”.

We also are focused on the interoperability of Hyperledger Aries agents themselves, another key success metric.  We are leading contributors to Aries Agent Test Harness (AATH), open-source software that runs a series of Hyperledger Aries interoperability tests and delivers the results to the AATH website. Great interoperability requires that we test—and re-test!—that interoperability on a regular basis.

__

Side note: If you want to test the interoperability of any Aries agent with this ecosystem, please sign up to join the Hyperledger Aries Interoperability Event on August  31.

__

Driving Adoption

In BC we have a lot of technical skill in working with VCs and with Hyperledger Aries agents. However, for VCs to be successful, it needs to be easy for others to join in. 

On the agents side, to complement our extensive contributions to Hyperledger Aries Cloud Agent Python (ACA-Py) and other Aries and Indy projects, we also contribute to Hyperledger Aries Framework Javascript (AFJ), the agent commonly used for mobile digital wallets. 

That’s why, when thinking about mobile digital wallets, we opted to contribute to the Hyperledger Aries Bifold project, helping it also essentially become “Bifold as a framework”. Bifold uses AFJ, and BC and others can use it to easily deploy a custom-designed digital wallet. Jurisdictions within Canada and elsewhere in the world are already taking this approach for their own wallet explorations. It’s an open-source stack right the way down.

VC adoption will be helped by a thriving open-source community, and we are giving back wherever we can.

Open-Source Success

We believe the community’s success becomes our success. For years we’ve been committed to open-source, interoperable solutions in this space. Our approach is always evolving, but our contributions and commitment to various digital trust open-source projects and technologies continue.

We hope that even more organizations will join in and contribute. Our goal in BC is a new layer of trust for the internet, making it easier for people to work and play online with confidence. 

The post Investing in Verifiable Credentials, Technical Interoperability and Open Source appeared first on Hyperledger Foundation.


CU Ledger

Next generation MemberPass delivers multiple new functions and attractive user benefits

Denver, CO August 22, 2022 - Bonifii is excited to announce that its premier digital identity and fraud prevention solution, MemberPass®, has been significantly strengthened and improved. The next generation of MemberPass is released and available for credit union implementation today! MemberPass was the first completely secure form of digital identity verification. It’s owned and [...] The post

Denver, CO August 22, 2022 – Bonifii is excited to announce that its premier digital identity and fraud prevention solution, MemberPass®, has been significantly strengthened and improved. The next generation of MemberPass is released and available for credit union implementation today!

MemberPass was the first completely secure form of digital identity verification. It’s owned and controlled by members and is simple to use as personal authentication for all transactions and web commerce.

Secure identity verification is essential today. The use of digital channels for routine financial transactions has grown exponentially in the past two years. Now, it’s nearly universal. This, in turn, carries substantial risk. Per the FTC, consumers lost $5.8 billion to financial fraud in 2021. The total was up more than 70% from the losses reported in 2020. This reality is what makes MemberPass an indispensable tool for credit union members.

The original release of MemberPass helped credit unions in several important ways. They learned it enabled them to:

Prevent fraud before it happens. Complete member enrollment with minimal friction. Deliver consistent authentication experiences across all channels and transactions Eliminate passwords and challenge questions. Avoid hackable central databases of personally identifiable information. Enjoy lower expenses due to better fraud protection and less MSR time spent authenticating members.

The new next gen MemberPass adds these great benefits:

No core integration required Deploy in your CU in as few as three days. No additional app for members to download. Industry-leading security technology (W3C and FIDO2 compliant) The ability to determine identity, behavior patterns, locations, devices, and channel patterns in real time. Operates independently from your mobile banking platform. Stops online payment fraud in real time for P2P and card transactions

“We are committed to protecting our members accounts by offering best of breed technologies. Next gen MemberPass allows our members to authenticate themselves across any channel through a seamless safe, secure, and private experience in less than 10 seconds” – Tim Ferrio, Team One Credit Union.

By offering best in breed authentication technologies such as biometrics, enhanced cryptography, and AI, the next generation of MemberPass can provide our members a superior user experience by securely and privately authenticating their identity for e-commerce transactions, ITM’s, visiting a branch, contacting a call center, or logging in to online banking” – Zach Eychaner, 4Front Credit Union

An Opportunity to Learn More

Bonifii will showcase the next generation of MemberPass during the Jack Henry Connect conference from August 29 through September 1. Anyone interested to see the demo should contact Dante Terrana at dterrana@memberpass.com or visit the web site at www.memberpass.com.

About Bonifii
Bonifii, a credit union service organization, offers MemberPass, a simple, secure, and convenient form of digital identity verification. MemberPass gives credit union members easy access to their financial accounts while it proactively prevents fraud and keeps their private personal information secure. Visit www.memberpass.com to learn more.


Media Contact:
Jennifer Land
Bonifii
jland@bonifii.com

The post Next generation MemberPass delivers multiple new functions and attractive user benefits appeared first on Bonifii.

Monday, 22. August 2022

GS1

Maintenance release 2.4

Maintenance release 2.4 daniela.duarte… Mon, 08/22/2022 - 16:27 Maintenance release 2.4
Maintenance release 2.4 daniela.duarte… Mon, 08/22/2022 - 16:27 Maintenance release 2.4

GS1 GDM SMG voted to implement the 2.4 standard into production in August 2022.

Key Milestones:

See GS1 GDM Release Schedule

As content for this release is developed it will be posted to this webpage followed by an announcement to the community to ensure visibility.
GDSN Data Pools should contact the GS1 GDSN Data Pool Helpdesk to understand the plan for the update. Trading Partners should work with their Data Pools (if using GDSN) and/or Member Organisations on understanding the release and any impacts to business processes.

Updated For Maintenance Release 2.4

GDM Standard 2.4 (August 2022)

Delta GDM Standard 2.4 (August 2022)

Local Layers For Maintenance Release 2.4

Belgium - not ratified (May 2022)

China - GSMP RATIFIED (April 2022)

Colombia - not ratified (April 2021)

Czech Republic - not ratified (17 December 2021)

France - not ratified (17 December 2021)

Germany – not ratified (April 2021)

Luxemburg - not ratified (May 2022)

Netherlands - not ratified (May 2022)

Poland - not ratified (17 December 2021)

Romania - GSMP RATIFIED (17 December 2021)

Sweden - not ratified (20 January 2022)

Turkey - not ratified ( February 2022)

USA - not ratified (May 2022)

Comparison of All Local Layers (May 2022)

Release Guidance

GDM Attribute Implementation Guidance (UPDATED August 2022)

GPC Bricks To GDM (Sub-) Category Mapping (May 2022)

Attribute Definitions for Business (UPDATED August 2022)

GDM (Sub-) Categories (October 2021)

GDM Regions and Countries (17 December 2021)

GDSN Release 3.1.20 (August 2022)

Tools

GDM Interim Navigator 3.0.7 (August 2022)

GS1 GDM Attribute Analysis Tool (August 2022)

GDM Local Layer Submission Template (November 2021)

Training

E-Learning Course

Any questions?

We can help you get started using GS1 standards.

Contact your local office


EdgeSecure

Edge Aids Georgian Court University’s Successful Transition to Zoom Phone

The post Edge Aids Georgian Court University’s Successful Transition to Zoom Phone appeared first on NJEdge Inc.

NEWARK, NJ, August 22, 2022 – Edge member, Georgian Court University (GCU), successfully made the transition to Zoom Phone from a legacy PBX system. The University began exploring solutions for modernizing their phone systems and after reviewing several vendors offerings, GCU chose Zoom Phone to upgrade their communication capabilities.

GCU obtained Zoom Phone through EdgeMarket, allowing for a seamless procurement process and great pricing of a vetted phone system. Since GCU already used Zoom for meetings, the transition to the new cloud-based phone system for users was fairly straightforward. To get the campus community up to speed quickly, Zoom partnered with GCU to provide training sessions along with links to their extensive library of information on using their system.

Explains Michelle Ferraro, Member Relationship Manager, Edge “This migration is being driven by the need to move away from legacy analog technology to a digital cloud solution for several reasons.” Ferraro continues, “PBX services are primarily supported by on premise hardware and software, and we are seeing many of these solutions become obsolete due to their lack of flexibility and high support cost models. Colleges and universities that are still running on legacy PBX systems have begun to migrate and explore the advantages of cloud-based technology for their communications offerings.”

The transition is happening for several reasons. First, is the need to consolidate and manage communication requirements from a single all-in-one Unified Communications as a Service (UCaaS) solution. Second, organizations want to drive team collaboration on intelligent platforms, while supporting and managing off-site employees securely. Cloud solutions, such as Zoom Phone, can help organizations reduce IT expenditures, better manage the year-over-year forecasted budget, and effectively confront rising security concerns.

“The new Zoom Phone system has provided many new features on an easy-to-use, familiar platform,” says Matthew R. Manfra, Vice President for Institutional Advancement, GCU. “Being able to seamlessly make or take calls anywhere using mobile devices or computers has increased our ability to engage with our constituents.”

Edge and Zoom have partnered to share their combined experience and expertise with Zoom video and web conferencing solutions to offer simplified procurement through EdgeMarket.

To learn more about the benefits of Zoom Phone and how to bring your communication capabilities into the modern era, reach out to Edge’s Member Relationship Managers: Michelle Ferraro at michelle.ferraro@njedge.net or Erin Brink at erin.brink@njedge.net.

The post Edge Aids Georgian Court University’s Successful Transition to Zoom Phone appeared first on NJEdge Inc.

Friday, 19. August 2022

OpenID

Fourth Public Review Period for OpenID Connect for Identity Assurance Specification Started

The OpenID eKYC and Identity Assurance Working Group recommends approval of the following specification as an OpenID Implementer’s Draft: OpenID Connect for Identity Assurance 1.0 This would be the fourth Implementer’s Draft of this specification. An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This […]

The OpenID eKYC and Identity Assurance Working Group recommends approval of the following specification as an OpenID Implementer’s Draft:

OpenID Connect for Identity Assurance 1.0

This would be the fourth Implementer’s Draft of this specification.

An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This note starts the 45-day public review period for the specification draft in accordance with the OpenID Foundation IPR policies and procedures. Unless issues are identified during the review that the working group believes must be addressed by revising the draft, this review period will be followed by a seven-day voting period during which OpenID Foundation members will vote on whether to approve this draft as an OpenID Implementer’s Draft. For the convenience of members, voting will actually begin a week before the review period ends, for members who have completed their reviews by then.

The relevant dates are:

Implementer’s Draft public review period: Friday, August 19, 2022 to Monday, October 3, 2022 (45 days) Implementer’s Draft vote announcement: Monday, September 19, 2022 Implementer’s Draft early voting opens: Monday, September 26, 2022* Implementer’s Draft official voting period: Tuesday, October 4, 2022 to Tuesday, October 11, 2022 (7 days)*

* Note: Early voting before the start of the official voting period will be allowed.

The eKYC and Identity Assurance working group page is https://openid.net/wg/ekyc-ida/. Information on joining the OpenID Foundation can be found at https://openid.net/foundation/members/registration. If you’re not a current OpenID Foundation member, please consider joining to participate in the approval vote.

You can send feedback on the specification in a way that enables the working group to act upon it by (1) signing the contribution agreement at https://openid.net/intellectual-property/ to join the working group (please specify that you are joining the “eKYC and Identity Assurance” working group on your contribution agreement), (2) joining the working group mailing list at https://lists.openid.net/mailman/listinfo/openid-specs-ekyc-ida, and (3) sending your feedback to the list.

— Michael B. Jones – OpenID Foundation Board Secretary

The post Fourth Public Review Period for OpenID Connect for Identity Assurance Specification Started first appeared on OpenID.

Energy Web

How staking EWT increases cybersecurity for energy grids and enterprises

By Michal Bacia According to security analysts, nearly 80% of cyberattacks are identity-based. In these attacks, bad actors steal administrators’ usernames and passwords or issue fake credentials to themselves. With credentials in hand, unauthorized parties can infiltrate enterprise information technology systems and go undetected for long periods of time. Many of these attacks can be
By Michal Bacia

According to security analysts, nearly 80% of cyberattacks are identity-based. In these attacks, bad actors steal administrators’ usernames and passwords or issue fake credentials to themselves. With credentials in hand, unauthorized parties can infiltrate enterprise information technology systems and go undetected for long periods of time.

Many of these attacks can be prevented via security architectures that embrace decentralized authentication and authorization of users and assets. These architectures, based on decentralized identifiers (DIDs) and verifiable credentials (VCs), can unlock value across many segments of the global economy. But the energy sector, in particular, stands to benefit greatly. The number of energy sector assets (e.g., electric vehicles, smart inverters, batteries) and actors interacting with them is growing exponentially. A centralized, “Web 2” approach to digitizing these assets and their users (creating a centralized data silo and a super administrator of the silo) is expensive, fragile, and creates lucrative honeypots for malicious actors to attack. At Energy Web, we believe a more effective solution is to embrace a decentralized architecture for user and asset authentication and authorization.

The role of verifiable credentials

A critical component of any security architecture is the process by which users’ credentials are verified in order to be assigned specific roles. As shown below, when a user with a verifiable credential presents it to a verification service, the service validates the VC and issues an access token. As shown in figure 1, this token can be used to unlock access to smart contracts on a blockchain or to perform certain roles using legacy information technology infrastructure.

Figure 1 | Security architecture process to verify credentials to specific roles

Conducting this verification process is not computationally intensive and has a binary outcome: whether the VC is valid (cryptographically signed by the authorized issuer) or not. There are several ways to conduct the verification process. It can be performed internally by an organization or via a third-party service provider. These traditional, centralized options create a single point of vulnerability since the verification service itself can be compromised, approve false VCs, and (inadvertently or not) whitelist attackers.

A decentralized verification service is a far better solution

As shown in figure 2, a decentralized verification service uses a diversity of nodes to perform the verification task independently and then reach a consensus about the outcome with other nodes on the same system. In this setting, validator nodes vote on whether or not a VC is valid. If consensus is reached, the user presenting the VC will be whitelisted or receive an access token.

Figure 2 |Decentralized verification service With a decentralized verification service, each node is required to stake economic value in order to verify VC presentations and earn rewards

Only honest nodes receive rewards. Misbehaving nodes that vote against consensus are penalized by having their stake reduced or removed entirely (for an overview of staking and “slashing” mechanisms on different blockchain-based networks, check out this explainer). The most practical way to implement this mechanism is to use public blockchains, paired with cryptocurrency, for staking and distributing awards to nodes performing the verification work. By doing so, the execution of the verification mechanism is completely automated, immediate, and impartial. This is a far better solution than relying on an opaque, centralized entity and/or process to perform the same verification service.

Under the decentralized architecture described here, honest nodes can sound an alarm if they don’t agree with the consensus. They receive the stake from misbehaving nodes in case they can prove wrongdoing. Attackers in this setting need to either a) hack each node individually or b) bribe all nodes needed to reach the consensus. The cost of bribing the nodes is equal to N*S+N*N*S, where N= number of nodes and S = stake of one node. Bottom line = more economic value staked across more nodes, more security.

Figure 3 | Decentralized verification service

Furthermore, consensus requirements can change based on the value of the VC itself. For high-value transactions or important access rights, consensus may require several rounds of voting. For VCs with relatively lower values, only 10% of nodes, for example, may need to approve the VC.

In summary, decentralized VC authentication powered by public blockchain and cryptocurrency shown in figure 3 can produce significant business benefits for enterprises in comparison to Web 2-based approaches to authentication and authorization. Don’t take our word for it: multiple Energy Web member companies have recently confirmed that public blockchains present a superior way to securing energy infrastructure and internet-connected devices alongside the findings of many research papers on the subject such as:

Blockchain: A game changer for securing IoT data Secure IoT Communication using Blockchain Technology Can Blockchain Strengthen the Internet of Things? Cloud-Based Secure Service Providing for IoTs Using Blockchain Securing Smart Cities Using Blockchain Technology Cybersecurity through staking on Energy Web

Currently, Energy Web is working in partnership with Parity Technologies (the company behind Polkadot, Kusama, and Substrate) to design, build and launch the Energy Web Consortia Relay Chain, a public blockchain tailored to enterprises. The new blockchain is designed explicitly around the VC verification process described in this post. Our aim is to enable decentralized authentication and authorization for any energy company in any regulatory environment in a way that integrates with existing enterprise information technology systems.

Since identity management is a foundational component of this new blockchain, Validators on the new network who perform the decentralized VC verification service will be required to stake Energy Web Tokens (EWT) in order to secure the service and the network. In this way, all identity-related processes, together with other blockchain transactions, will be secured by the combined economic value of all EWT staked by Validators and their Patrons.

With this staking mechanism in hand, the Consortia Relay Chain will unlock security solutions that are impossible to achieve using a centralized, Web 2 paradigm. It will provide unparalleled cybersecurity alongside a robust, flexible DID infrastructure for identity and access management.

About Energy Web
Energy Web is a global non-profit accelerating the clean energy transition by developing open-source technology solutions for energy systems. Our enterprise-grade solutions improve coordination across complex energy markets, unlocking the full potential of clean, distributed energy resources for businesses, grid operators, and customers.

Our solutions for enterprise asset management, data exchange, and Green Proofs, our tool for registering and tracking low-carbon products, are underpinned by the Energy Web Chain, the world’s first public blockchain tailored to the energy sector. The Energy Web ecosystem comprises leading utilities, renewable energy developers, grid operators, corporate energy buyers, automotive, IoT, telecommunications leaders, and more.

How staking EWT increases cybersecurity for energy grids and enterprises was originally published in Energy Web on Medium, where people are continuing the conversation by highlighting and responding to this story.


Elastos Foundation

Thank You Tuum Technologies

...

Thursday, 18. August 2022

We Are Open co-op

Summing up Badge Summit

More system convening, community recognition and a dose of whimsy and weirdness Thanks to Participate, we were able to take part at Badge Summit 2022 in Boulder, Colorado earlier this month. The Keep Badges Weird community was well represented! We had so much fun seeing KBW community members and having the opportunity to bond. There were great conversations, new ideas and connections and some tab
More system convening, community recognition and a dose of whimsy and weirdness

Thanks to Participate, we were able to take part at Badge Summit 2022 in Boulder, Colorado earlier this month. The Keep Badges Weird community was well represented! We had so much fun seeing KBW community members and having the opportunity to bond. There were great conversations, new ideas and connections and some table tennis tournaments.

In the lead up to Badge Summit, we had three goals for our participation.

1) Make sure people in the Keep Badges Weird community felt respected and recognised

A healthy community is one in which people feel like they belong. Belonging comes from connection. Finding ways to help people connect and share is what community building is all about.

We wanted to do something special for people who have been working to legitimise badges and recognition for a long time. We have a stealth badge (that isn’t so stealthy anymore) called “the O.G.”. It is a badge issued to people who have been involved in open badges since before January 2017. We invited people who earned the O.G. badge to a rooftop party on the Sunday evening before Badge Summit. Then in the most meta-badge fashion ever, we gifted these O.Gs a hat with a badge with a badge on a hat.

All the swag

We also gave out iron-on patches of the other stealth badges, Keep Badges Weird stickers and a “I kept badges weird at Badge Summit” badge.

A community shouldn’t only recognise members through badges and swag, though. At the party and throughout the few days we were together in Boulder, we spent time together! Swag doesn’t substitute the recognition we can give one another through our conversations and attention.

We’re so excited to hear what people in this community are working on and to find ways to collaborate. We were reminded at how important in real life events are when you’re trying to change the world ;)

2) Help potential community members join and be able to interact with the community

A community needs to have low barriers to entry. It should also help people see themselves as part of something bigger. In KBW, we want to help members find meaningful contribution or reliable resources or whatever else they’re looking for.

We hosted two sessions designed to demystify some of what this community is working on. In the first, Wikis for Community Defined Skill Frameworks, we collaborated with KBW community members Don and Justin. The session helped people understand the need for Rich Skill Descriptors. It got attendees writing RSDs through a collaborative exercise that helped participants connect.

Drawing of the session from KBW member Cate Tolnai

Our second session, Keep Badges Weird: helping people understand the badges landscape, felt like a big success. Our idea to explain Badge Pathways with the help of a pizza metaphor went well. At Badge Summit there were lots of interesting questions and a discussion around Open Recognition. We had lots of fun.

our very awesome title slide

At the end, participants were invited to join the community. Everyone went away with some beautiful KBW stickers. To make it extra easy for new people to get involved with the community, Mark made the world’s most beautiful QR code.

The most beautiful QR code 3) Raise awareness of Open Recognition (i.e. non-credential use of badges)

Our third goal is the hardest to assess. Did we have an impact on people we interacted with and their understanding of Open Recognition? Did people at Badge Summit begin to understand that badging isn’t about supporting the old system of credentialing? That it should to be a new system for a different world? Time will tell.

We’re pleased to be members of a community that cares not only about “knowledge, skills and competencies”, but also things like talents, behaviours, aspirations, connections and more. Open Recognition is for every type of learning and this Community of Practice knows all about it. We were happy that we weren’t alone at Badge Summit. KBW community members had recognition friendly narratives on stage and in their sessions. Surely, the people who attended Badge Summit 2022 went away with a few ideas on how to integrate recognition into their badging programmes.

In the coming months, we’re looking forward to reconnecting with people we met at the Badge Summit. We will continue to explore how we can support people in finding ways to integrate Open Recognition. Do you have ideas on what the Keep Badges Weird community could do to help you? Start a conversation about it!

Summing up Badge Summit was originally published in We Are Open Co-op on Medium, where people are continuing the conversation by highlighting and responding to this story.

Tuesday, 16. August 2022

Digital Identity NZ

Be part of shaping DINZ’s mahi

It has been three weeks since the Digital Trust Hui Taumata at Te Papa Tongarewa and yet it still resonates with many delegates, judging by feedback I continue to receive. It’s a clear indicator of a great event that Digital Identity NZ and NZTech worked hard to bring to the community, overcoming the significant challenges of the time.  The post Be part of shaping DINZ’s mahi appeared first

Kia ora e te whānau

It has been three weeks since the Digital Trust Hui Taumata at Te Papa Tongarewa and yet it still resonates with many delegates, judging by feedback I continue to receive. It’s a clear indicator of a great event that Digital Identity NZ and NZTech worked hard to bring to the community, overcoming the significant challenges of the time. 

Digital Identity NZ’s Executive Council (EC) remained in Wellington the next day for its annual strategy workshop. It developed a co-creation framework and questions to put to DINZ members – shown further down – regarding what activities our community want to undertake that returns overall value to our members, to DINZ and to Aotearoa’s digital economy in the next 12 months and beyond.  

Let’s refresh our memory of the mahi undertaken in the past 12 months – still some ‘work-in-progress’ – but nonetheless impressive for a group comprising of volunteers and minimal staff:

Creating the Digital Identity Services Trust Framework working group to review the draft Bill and prepare submissions and reports, which have been received positively; Creating the Te Kahui te Tiriti o DINZ working group to develop and recommend an action plan for DINZ. The plan will help us to deliver on our Te Tiriti obligations SOI and support & promote Māori representation and participation in Digital Identity, though still formative, looks promising; Creating the Inclusive & Equitable Uses of Digital Identity working group to develop guidance for industry and the Government to help give all New Zealanders equal access to the potential benefits of digital identity – again formative but active engagement underway with civil society organisations; Completing benchmark consumer and business research in a challenging Covid environment. The results to be made public in a few weeks; Delivering three in-person member Connect events, again, in a challenging Covid environment; Delivering the much praised all-day Digital Trust Hui Taumata both in-person and online together with 23 online-only events to the community worldwide   

The 2022 EC reviewed last year’s annual member survey feedback and took the opportunity to review DINZ’s purpose, vision and mission to ensure it remains incredibly relevant to the opportunities in Aotearoa’s digital economy. 

The 2022 EC then proceeded to draft a ‘Pillars and Roles’ framework whose purpose is to give better definition and structure to the mahi and associated activities that this communication calls upon members to contribute to;   

Four Pillars under which the mahi and associated activities can be categorised – Ecosystem Enablement, Sustainability, Privacy and Trust, Inclusion & Diversity – to be positioned under; Five Roles that DINZ would play (one or more) applicable to any given mahi and activity – Connect, Communicate, Guide, Develop, Promote;

DINZ’s Executive Council of 2022 seeks your feedback* on its proposal by August 31st 2022, using this Survey Monkey link here.

The EC’s proposals will be tested against your compiled member feedback and modified where necessary for confirmation through the annual member survey later in the year.

*Feedback is primarily sought from individual and organisation members of DINZ but feedback from non members is also welcomed.

Ngā mihi nui,

Colin and the DINZ Executive Council

The post Be part of shaping DINZ’s mahi appeared first on Digital Identity New Zealand.


Human Colossus Foundation

DDE Presented to Technology Consortium in India

Helsinki, August 16th 2022. As part of the Human Colossus Foundation's rollout of Dynamic Data Economy (DDE) in July, the HCF founders delivered Data Governance and Semantics, a three-part series of talks to the Indian tech community as part of Hasgeek's Privacy Mode initiative, a forum of discussion for understanding the privacy and security needs of the Indian tech ecosystem through guides,

As part of the Human Colossus Foundation's rollout of Dynamic Data Economy (DDE) in July, the HCF founders delivered Data Governance and Semantics, a three-part series of talks to the Indian tech community as part of Hasgeek's Privacy Mode initiative, a forum of discussion for understanding the privacy and security needs of the Indian tech ecosystem through guides, research, collaboration, events, and conferences.

This Hasgeek initiative aims to help its audience become acquainted with the most efficient approaches and practices to data management, reducing operational risk to businesses. As a forum for experts across multiple sectors, blending in tools, frameworks, principles and design sensibilities, the project encourages organisational teams to address blind spots and treat data governance as a shared responsibility instead of a siloed approach to policy-making, processes and requirements.

The "Data Governance and Semantics" project featured three webinars introducing DDE as a decentralised trust infrastructure acutely aligned with the current movement toward data exchange models in the Economic domain where actors regain transactional sovereignty to share accurate information bilaterally.

The European Data Strategy, Canadian Data Strategy, and new Swiss e-ID initiatives demonstrate governmental support for a new paradigm shift in national data management schemes. Moreover, this particular Hasgeek project aligns with the revision of India's current data protection regulation.

The DDE conceptual infrastructure gives an equal weight of importance to the three core data domains of decentralised semantics, decentralised authentication, and distributed data governance. The HCF founders presented the core DDE concepts in three webinar sessions which interested parties can access via the Hasgeek platform or the Human Colossus Foundation video platform. 

By incorporating first-principle design methodology into the foundational modelling of the core data domains, a network-agnostic system is possible, offering the cryptographic assurance of verifiable digital interactions and the human accountability of socio-economic governance frameworks.

Part 1: Decentralised semantics

Presented by: Paul Knowles, Head of the Advisory Council

Date: Tuesday, July 5th, 2022 

This talk focused on decentralised semantics and how the segregation of task-oriented objects within a standard layered architecture can provide a long-term solution for unifying a data language within distributed data ecosystems. From that lens, decentralised semantics is ontology-agnostic, offering a harmonisation solution between data models and data representation formats while providing a roadmap to resolve privacy-compliant data sharing between servers, networks, and across sectoral or jurisdictional boundaries. 

What is “Decentralised semantics”?

Data semantics is the study of the meaning and use of data in any digital environment. In data semantics, the focus is on how a data object represents a concept or object in the real world.


Decentralised semantics describes a data modelling methodology of layering and cryptographically binding task-specific objects (overlays) to a standard capture base, which, when combined, defines a complex digital object. The segregation of task-specific overlays enables dynamic semantic interoperability in the construction process of any digital object without compromising the objectual integrity of the semantic structure, its modular components, or the relationship between those objects.

Decentralised semantics provides a powerful solution for semantic interoperability, data harmonisation, internationalisation, and dynamic presentation.

Watch the video

External link

Part 2: Decentralised authentication

Presented by: Robert Mitwicki, Head of the Technology Council

Date: Tuesday, July 12th, 2022 

The second talk focused on decentralised authentication and how a decentralised key management infrastructure, providing self-certifying identifier (SCID) issuance underpinned by one-way cryptographic functions, can offer information uniqueness from captured entropy. Furthermore, a decentralised authentication system must be ledger-agnostic, with its identifiers interoperable across ecosystems, platforms, and networks.

What is “Decentralised authentication”?

Data provenance refers to the tracing and recording of the origin of data and its movement between locations. If digital data is tamper-proof (i.e. provable to have not been corrupted after its creation), it can be assumed to be authentic. Data authentication focuses on timestamping data inputs at index time, determining each event as factual.

Decentralised authentication describes a key management methodology of cryptographically binding SCIDs to an associated log that compiles the history of all uses or changes to the public/private key pair, ensuring verifiable identifier provenance throughout any ambient infrastructure. Immutable ordering guarantees the factual authenticity of the recorded event underpinning any systematic data input. Furthermore, all system identifiers must remain network-agnostic, enabling identifier interoperability within and across any distributed data ecosystem.

Decentralised authentication provides a powerful solution for identifier interoperability, data provenance, data-intensive event streaming, and event sourcing applications.

Watch the video

External link

Part 3: Distributed data governance

Presented by: Dr Philippe Page, Head of the Knowledge Council

Date: Tuesday, July 19th

The final talk focused on distributed governance and how a multi-stakeholder Data Governance Administration (DGA) provides the legal provision to assume responsibility for the consensual veracity of data transactions under its administrative control on behalf of the citizens and legal entities it serves. The role of a DGA aligns closely with that of a “data intermediary” as described in the European Parliament’s recently proposed Data Governance Act, serving as a mediator between those who wish to make their data available and those who seek to leverage that data.

What is “Distributed data governance”?

Data governance is a system of decision rights and accountabilities for information-related processes, executed according to agreed-upon models, which describe who can take what actions with what information and when, under what circumstances, and using what methods.

Distributed data governance describes an operational framework for the provision of rules, common standards and practices, infrastructures and a distributed governance framework to empower individuals through increased digital access to (and control of) their electronic personal data, nationally and across borders, fostering a genuine single market for electronic record systems, relevant components and high-risk artificial intelligence (AI) systems. Multi-stakeholder participation within DGAs guarantees the consensual veracity of purpose-driven ecosystem policy while providing a consistent, trustworthy and efficient set-up for personal data use for research, innovation, and regulatory activities.

Distributed data governance provides a powerful solution for multi-stakeholder collaboration of rules and regulations for safe and secure data sharing within and across distributed data ecosystems.

Watch the video

External link

We wish to express our gratitude to Hasgeek for providing a forum to share our knowledge of the DDE data domains with some of the pioneers of the Indian tech community. Hasgeek is a Bangalore-based consortium of practitioners who share learnings on pressing privacy concerns in the digital space.

For more information about the “Data Governance and Semantics” presentations, part of Hasgeek’s Privacy Mode initiative, check out their newsletter here.

To receive updates about the Human Colossus Foundation and DDE v1.0

subscribe to our mailing list

Blockchain Commons

Private Key Disclosure: A Needless Threat to Rights and Assets

ABSTRACT: Digital assets are only as safe as their private keys. Securing private keys through responsible key management has thus been a major focus at Blockchain Commons, under our #SmartCustody initiative. Unfortunately, securing keys ultimately isn’t just a logistical problem or a technical problem. It’s also a legal problem because US courts have inserted themselves into the process by demandi

ABSTRACT: Digital assets are only as safe as their private keys. Securing private keys through responsible key management has thus been a major focus at Blockchain Commons, under our #SmartCustody initiative. Unfortunately, securing keys ultimately isn’t just a logistical problem or a technical problem. It’s also a legal problem because US courts have inserted themselves into the process by demanding keys, often as a part of discovery.

Turning over keys to courts not only introduces major threats to the digital assets controlled by the keys, but it also fundamentally misunderstands the purpose and use of private keys. There are better tools for court-based discovery, public keys prime among them. There are better, more traditional ways to enforce the turn over of assets. Requiring the disclosure of private keys instead is a needless threat not just to digital assets, but to our rights as well.

Increasingly, attorneys in the United States are asking courts to force the disclosure of private keys as part of discovery or other pre-trial motions, and increasingly courts are acceding to those demands. Though this is a relatively recent phenomenon, it’s part of a larger problem of law enforcement seeking back doors to cryptography that goes back at least to the U.S. government’s failed introduction of the Clipper Chip in 1993.

Unfortunately, today’s attacks on private keys in the courtroom have been more successful, creating an existential threat to digital assets, data, and other information protected by digital keys. That danger arises from a fundamental disconnect between this practice and the realities of technologies that leverage public-key cryptography for security: private-key disclosure can cause irreparable harm, including the loss of funds and the distortion of digital identities.

As a result, we need to support legislation that will protect digital keys while allowing courts to access information and assets in a way that better recognizes those realities. The private-key disclosure law currently being considered in Wyoming is an excellent example of the sort of legislation that we could put forth and advocate for in order to maintain the proper protection for our digital assets and identities.

Read More

Wyoming Senate Filing 2021-0105:

No person shall be compelled to produce a private key or make a private key known to any other person in any civil, administrative, legislative or other proceeding in this state that relates to a digital asset, other interest or right to which the private key provides access unless a public key is unavailable or unable to disclose the requisite information with respect to the digital asset, other interest or right. This paragraph shall not be interpreted to prohibit any lawful proceeding that compels a person to produce or disclose a digital asset, other interest or right to which a private key provides access, or to disclose information about the digital asset, other interest or right, provided that the proceeding does not require production or disclosure of the private key.
The Realities of Private Keys

The forced disclosure of private keys is deeply harmful because it fundamentally runs at odds with how private keys work. Attorneys (and courts) are usually trying to force the disclosure of information or (later) the relinquishment of assets, but they’re treating private keys just like they’re physical keys that they could demand, use, and give back.

Private keys do not match any of these realities. As Wyoming State Legislature Senate Minority Leader Chris Rothfuss says:

“There is no perfect analog for a modern cryptographic private key in existing statute or case law; it is unique in its form and function. As we build a policy framework around digital assets, it is essential that we appropriately recognize and reflect the characteristics of the underlying public / private key and cryptographic technologies. Without clear, unambiguous legal protection for the sanctity of the private key, it is impossible to ensure the integrity of the associated digital assets, information, smart contracts and identities.”

That appropriation recognition and reflection requires us to understand that:

1. Private keys are not assets.

Private keys are fundamentally the way we exert authority in the digital space, an interface between our physical reality and the digital reality. They may give us the ability to control a digital asset: to store it, to send it, or to use it. Similarly, they may give us the ability to decrypt protected data or to verify a digital identity. However, they are not the assets, the data, nor the identity themselves.

It’s the obvious difference between your car and your electronic key fob. The one is an asset, while the other lets you control that asset.

As Jon Callas, Director of Technology Projects at the EFF, says:

“They don’t even want the key, they want the data; asking for the key is like asking for the filing cabinet rather than the file.”

2. Private keys are not the proper tool for discovery.

Treating private keys as a tool to ensure the discovery of information fundamentally misunderstands their purpose. Private keys are not how we see something in digital space, but instead how we exert authority in digital space!

Turning back to comparisons, it’s the difference between a ledger and a pen. If you wanted accounting information, you’d ask for the ledger; you wouldn’t ask for the pen, especially not if it was a pen that allowed you to write undetectably in the handwriting of the accountant!

Former Federal Prosecutor Mary Beth Buchanan, when offering testimony in favor of Wyoming’s private-key disclosure law, said:

“the court could order a disclosure or an accounting of all the digital assets that are held, and then those assets could be disclosed and the location of whether they are held across different platforms or even different wallets. But giving the key is actually giving access to those assets. That is the difference.”

Fortunately, there is an electronic tool that meets the needs of discovery: public keys. Wyoming has recognized that in their legislation, saying that a private key should never be required if a public key would do the job (and they parenthetically noting at hearings that their current understanding is that a public key will always do the job). If our concern is revealing information that will help to catch and prosecute criminals, then public keys are the answer.

3. Private keys are not physical.

Electronic private keys and physical keys are very different. A physical key could pass through many hands and there could be the expectation that it was very likely not duplicated (especially if it were a special key, such as a safety-deposit-box key), and that when the key was returned to the original holder, they would once again have control of all of the linked assets. The same is not true for a private key, which could be easily duplicated by any of the many hands it passed through, with no way to ascertain that had happened.

Returning to the example of a car’s key fob, it would not be appropriate to force the disclosure of the unique serial number stored within a car fob for the same reason it’s not appropriate to force the disclosure of a private key. Doing so, would give anyone who gets that serial number the ability to create a new fob and steal your car!

4. Private keys serve many purposes.

Finally, private keys are likely to have a lot more purposes than physical keys, especially if a court decides to go after not just a specific private key, but the root key from an HD wallet or a seed phrase. Root keys (and seeds) might be used to protect a wide variety of assets as well as private data. They may also be used to control identities and to offer irrefutable proof that the owner agreed to something through digital signatures.

The authoritative uses of private keys are so wide and all-encompassing that it’s hard to come up with a physical equivalent. The closest analogy, which was brought up by Blockchain Commons’ Christopher Allen at one of the Wyoming hearings, would be if a court demanded access to a hotel room by requiring the hotel’s master key, which can provide access to all rooms. But, a private key is more than that, so it would be as if the court also required that someone with signatory powers at the hotel sign a bunch of blank contracts and blank checks. The potential for harm with the disclosure of a private key is just that high for someone who is using it for a variety of purposes — and there will be more and more people doing so as the importance of the digital world continues to increase.

The Realities of Courts

Going beyond the fact that a private key is the wrong tool for courts and that it’s often being used in the wrong way, there are a number of other problematic realities related to the courts themselves and how and when they’re trying to access private keys.

5. Courts are not prepared to protect private keys.

To start with, courts don’t have the experience needed to protect private keys. This danger is made worse by the fact that a single private key is likely to pass through the hands of many different court staff over time.

But, this isn’t just about courts. The problem of creating safe ways to transfer public keys is far bigger. It’s something that the cryptographic field as a whole does not have good answers for. Blockchain Commons’ Christopher Allen attested in his testimony in Wyoming that the “immense difficulties of transferring a private key are a risk that allows bearing of false witness.” Putting courts, without crypto-expertise, in the middle of the problem could be catastrophic.

Perhaps cryptographers will resolve these issues in time, and perhaps someday courts will be able to share in that expertise if they decide doing so is a good use of their time and resources, but we need to consider keys whose disclosures are being forced now.

6. Courts are requiring premature disclosure.

The current situation with key disclosure is even more problematic because it’s occurring as part of discovery or other pre-trial motions. Discovery rulings are almost impossible to appeal, which means that in today’s environment key holders have almost no recourse for protecting the token of their own authority in digital space.

7. Courts are more demanding of digital assets than physical assets.

We recognize that courts should be able to require the usage of a key. Compelling usage is nothing new, but the private key is not required for that, simply a court order.

If someone refuses to use their private key in a way compelled by a court, that’s nothing new either. The physical world already has plenty of examples of people refusing such orders, such as by hiding assets or just refusing to pay judgements. They are handled with sanctions such as contempt of court.

Asking for more from the electronic world is an overreach of traditional judgements that also creates much greater repercussions.

The Repercussions of Disclosure

Using the wrong tool for the wrong reasons and putting it in hands not ready to deal with it will have calamitous results. Here are some of the most obvious repercussions.

1. Asset Theft

Obviously, there is a danger of the assets being stolen, as a private key gives total control over those assets. These assets could go far beyond the specifics of what a court is interested in, because of the multitude of uses for keys.

2. Asset Loss

Beyond the problem of purposeful theft, keys could be lost, and with them digital assets. Former federal prosecutor Mary Beth Buchanan raised this concern in her testimony, saying:

“Evidence is lost all the time.” If that evidence was a private key, which might hold a variety of assets, information, and proofs of identity, the loss could be tremendous.

Wyoming State Legislature Majority Whip Jared Olsen agreed with this concern at a recent Wyoming hearing, noting that a judicial assistant could delete a key and cause a loss of $8 billion dollars in Bitcoin when there was only a judgment for $100,000. He said he was “concerned about just simply handling it”.

3. Collateral Damage

Thefts or losses resulting from the disclosure of a private key could also go far beyond an individual before the court. Increasingly, assets are being held in multisignatures, which may grant multiple people control over the same assets. By requiring the disclosure of a key, a court could negatively impact people entirely unrelated to the proceedings.

4. Identity Theft.

Because private keys might also protect the identifier for digital identity, their loss, theft, or misuse could put someone’s entire digital life at risk. If a key was copied, someone else could pretend to be the holder and even make digital signatures that are legally binding for them.

Support This Legislation

Protecting private keys is one of the most important things that Blockchain Commons has ever worked on. As Blockchain Commons’ founder Christopher Allen said:

“I find the protections of this Private Key Disclosure bill crucial for the future of digital rights.”

Wyoming State Legislature Senate Minority Leader Chris Rothfuss affirmed this, adding:

” Christopher Allen has been an invaluable member of our blockchain policy community, bringing a lifetime of technical expertise to advise our committee work and inform our legislative drafting. Mr. Allen has emphasized the particular importance of protecting private keys from any form of compulsory disclosure.”

We need your help to make it a reality.

If you’re an experienced member of the cryptocurrency or digital asset field or a human-rights activist, please submit your own testimony in support to the Wyoming Select Committee on Blockchain, Financial Technology and Digital Innovation Technology. The bill will be coming up for further discussion on September 19-20 in Laramie, Wyoming.

But, Wyoming is just the start. They are doing an excellent job of leading the way, but we need other states and countries to follow. If you have connections to another legislature, please suggest they introduce similar language to Wyoming’s bill.

Even if you don’t feel comfortable talking with a legislature, you can help by advocating for the protection of private keys as something different than assets.

Ultimately, our new world of digital assets and digital information will succeed or fail based upon how we lay its foundations today. It could become a safe space for us or a dangerous wild west.

Properly protecting private keys (and using public keys and other tools for legitimate judicial needs) is a keystone that will help us to build a sturdy edifice.

Monday, 15. August 2022

IDunion

IDunion announces successful establishment of European cooperative

IDunion, the consortium created as part of the "Secure Digital Identities Showcase" funding project, has reached the next stage in building a productive, cross-border ecosystem by founding a European cooperative with limited liability (Sociedad Cooperativa Europea, or SCE for short). Picture: Founding meeting of the IDunion SCE on 20.07.2022

Frankfurt, 16th of August 2022

IDunion, the consortium created as part of the “Secure Digital Identities Showcase” funding project, has reached the next stage in building a productive, cross-border ecosystem by founding a European cooperative with limited liability (Sociedad Cooperativa Europea, or SCE for short).

Founding meeting of the IDunion SCE on 20.07.2022 (from left to right: Mirko Mollik/TrustCerts GmbH, Markus Sabadello/ Danube Tech GmbH, Dr. Carsten Stöcker/ Spherity GmbH)

With the spin-off into the SCE, the infrastructure for verifiable credentials, which was researched and developed in the research project can now go live into production. The European cooperative will be deploying and operating the necessary technical network to provide the operations. This will allow citizens, private-sector organisations and government institutions to augment the digital identifications (eID) provided by governments with use of secure digital credentials for identity attributes required across a wide range of use cases. The legal form of the SCE was chosen as it offers a legally secure basis for the operations of an independent infrastructure for digital credentials. While the IDunion research project was initiated with funding from the Federal Ministry of Economics and Climate Action (BMWK), the European cooperative aims to secure private sector funding to provide a stable, non-profit business operation. The decision to use the legal form of a Sociedad Cooperativa Europea was driven by IDunion’s core principles of neutrality and openness. It allows all legal entities that adhere to the community values to apply for membership to the SCE. Furthermore a future takeover or control by a single entity is prohibited by this legal form. The guiding principle of the cooperative is the joint establishment of the ecosystem – a task that no individual member can achieve on its own.

On 20.07.2022, the founding members Spherity, Danube Tech and TrustCerts signed the articles of association of the SCE in Essen. “We are very pleased to have achieved this milestone for the IDunion project,” says Helge Michael, consortium Leader of the IDunion research project. “With the IDunion SCE, we have created the ideal basis for building a future-proof identity ecosystem for Europe in which all members can work together as equals. Special thanks goes to the BMWK for providing the funding support as part of the research project ‘Showcase Secure Digital Identities’, which was an essential prerequisite to this next stage,” Michael continues. Dr. Carsten Stöcker, Managing Director of Spherity GmbH, adds: “IDunion SCE provides the legal basis for a cooperative governance structure, which strengthens the interests of individual participants in the interplay of decentralisation and cooperation without allowing a central platform operator to exploit its users economically.”

IDunion: The IDunion research project is a European network that brings together public institutions, government agencies, private organisations, associations, educational institutions and other stakeholders from various fields. Its aim is to develop a fundamentally new, secure digital infrastructure for the verification of identity information.

IDunion SCE: IDunion SCE is a cooperative (European Cooperative Europea) with limited liability that will operate the production network for credential verification, based on the findings of the research project. The SCE and the network are subject to the community governance of its members. Initial founding members of the SCE are:

TrustCerts GmbH: The cyber security start-up TrustCerts from Gelsenkirchen focuses on verifiable credentials and digital identities. TrustCerts’ solution is based on a specially developed blockchain that is compliant with German data protection and security requirements.

Danube Tech GmbH: One of the first companies supporting the Self-Sovereign Identity (SSI) concept, the Vienna-based Danube Tech specialises in interoperability between different SSI networks across national borders. Among the products developed by Danube Tech are the Universal Resolver and godiddy.com.

Spherity GmbH: The German software provider Spherity provides secure and decentralised identity management solutions for companies, machines, products, data and algorithms. Spherity provides the enabling technology to digitise and automate compliance processes in highly regulated sectors. Spherity’s products strengthen cybersecurity and create efficiency and data interoperability between digital value chains.


Oasis Open Projects

PKCS #11 Specification v3.1 from PKCS 11 TC approved as a Committee Specification

PKCS #11 Specification Version 3.1 defines a platform-independent API for cryptographic tokens. The post PKCS #11 Specification v3.1 from PKCS 11 TC approved as a Committee Specification appeared first on OASIS Open.

Public key cryptographic token API ready for testing and implementation

OASIS is pleased to announce that PKCS #11 Specification Version 3.1 from the OASIS PKCS 11 TC [1] has been approved as an OASIS Committee Specification.

The Public Key Cryptography Standards (PKCS) are a group of public-key cryptography standards devised and published by RSA Security LLC, starting in the early 1990s. The OASIS PKCS 11 Technical Committee addresses the ongoing enhancement and maintenance of the PKCS #11 standard.

PKCS #11 Specification Version 3.1 defines a platform-independent API to cryptographic tokens, such as hardware security modules and smart cards. The API itself is named “Cryptoki” (from “cryptographic token interface” and pronounced as “crypto-key”). This specification defines data types, functions and other basic components of the PKCS #11 Cryptoki interface for devices that may hold cryptographic information and may perform cryptographic functions. It also defines mechanisms that are anticipated for use with the current version of PKCS #11.

This Committee Specification is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.

The prose specifications and related files are available here:

PKCS #11 Specification Version 3.1
Committee Specification 01
11 August 2022

PDF (Authoritative):
https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/pkcs11-spec-v3.1-cs01.pdf
HTML:
https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/pkcs11-spec-v3.1-cs01.html
Editable source:
https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/pkcs11-spec-v3.1-cs01.docx
PKCS #11 header files:
https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/include/pkcs11-v3.1/

The changes since the previous publication are marked in:
https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/pkcs11-spec-v3.1-cs01-DIFF.pdf

Distribution ZIP file

For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:
https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/pkcs11-spec-v3.1-cs01.zip

Members of the PKCS 11 TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

Additional references:

[1] OASIS PKCS 11 TC
https://www.oasis-open.org/committees/pkcs11/

[2] Public review timeline:
Details of the public reviews are listed in:
https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/csd01/pkcs11-spec-v3.1-csd01-public-review-metadata.html
Comment resolution log for most recent public review:
https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/csd01/pkcs11-spec-v3.1-csd01-comment-resolution-log.pdf

[3] Approval ballots:
https://www.oasis-open.org/committees/ballot.php?id=3716
https://www.oasis-open.org/committees/ballot.php?id=3723

The post PKCS #11 Specification v3.1 from PKCS 11 TC approved as a Committee Specification appeared first on OASIS Open.


FIDO Alliance

TechTarget: Passkey vs. password: What is the difference?

Passwords may be a thing of the past as tech giants are moving to new passkey technology — a passwordless login that is more secure and convenient. Passkeys were created […] The post TechTarget: Passkey vs. password: What is the difference? appeared first on FIDO Alliance.

Passwords may be a thing of the past as tech giants are moving to new passkey technology — a passwordless login that is more secure and convenient. Passkeys were created with the Web Authentication API security standard that uses public key cryptography for access. Each key is unique and created with encrypted data for added security. Apple, Google and Microsoft are working with the FIDO Alliance and the World Wide Web Consortium (W3C) to ensure passkeys are implemented in ways that work across multiple platforms.

The post TechTarget: Passkey vs. password: What is the difference? appeared first on FIDO Alliance.


SC Magazine: How passkeys pave the way for passwordless authentication

Fast Identity Online (FIDO) outlines secure authentication protocols that are available to all. Their goal is to normalize passwordless authentication and eliminate passwords from the user authentication equation. It may […] The post SC Magazine: How passkeys pave the way for passwordless authentication appeared first on FIDO Alliance.

Fast Identity Online (FIDO) outlines secure authentication protocols that are available to all. Their goal is to normalize passwordless authentication and eliminate passwords from the user authentication equation. It may be a while before passwords disappear entirely, but more companies are beginning to see passwordless authentication as the secure, sustainable alternative. And passkey technology is helping pave the way.

The post SC Magazine: How passkeys pave the way for passwordless authentication appeared first on FIDO Alliance.


DataBreach Today: Hardware MFA Stops Attack on Cloudflare

Internet infrastructure company Cloudflare says the same attackers that went after Twilio also sent Cloudflare employees malicious SMS messages with links to phishing sites dressed up as an official company […] The post DataBreach Today: Hardware MFA Stops Attack on Cloudflare appeared first on FIDO Alliance.

Internet infrastructure company Cloudflare says the same attackers that went after Twilio also sent Cloudflare employees malicious SMS messages with links to phishing sites dressed up as an official company website. Despite employees at both companies taking the bait, Cloudflare said attackers were unable to snatch the full logon credentials of its workers because the company’s second layer of authentication isn’t time-limited one-time codes. Instead, every employee at the company is issued a FIDO2-compliant security key from a vendor like YubiKey. Although the attackers siphoned the credentials, the hard key authentication requirement stopped them from snatching a soft token that fooled employees otherwise would have entered into the phishing site.

The post DataBreach Today: Hardware MFA Stops Attack on Cloudflare appeared first on FIDO Alliance.


MarketWatch: Are passwords a thing of the past? 

MarketWatch’s Best New Ideas in Money podcast explores innovations in economics, policy, and finance technology. This episode features insights from Andrew Shikiar, executive director & CMO of the FIDO Alliance, as he […] The post MarketWatch: Are passwords a thing of the past?  appeared first on FIDO Alliance.

MarketWatch’s Best New Ideas in Money podcast explores innovations in economics, policy, and finance technology. This episode features insights from Andrew Shikiar, executive director & CMO of the FIDO Alliance, as he discusses the broad industry push to passwordless authentication and the technology working to kill the password. 

The post MarketWatch: Are passwords a thing of the past?  appeared first on FIDO Alliance.


Centre Consortium

David Puth Steps Down as Chief Executive Officer, Joins Circle as Senior Advisor

 

 


Digital ID for Canadians

DIACC Women in Identity: Marie Jordan

DIACC is hosting a series of spotlights showcasing our amazing female DIACC members in the digital identity space, noting the importance of diversity. These spotlights…

DIACC is hosting a series of spotlights showcasing our amazing female DIACC members in the digital identity space, noting the importance of diversity. These spotlights will be regularly socialized through DIACC’s LinkedIn and Twitter channels as well as our monthly member newsletters.

If you’re a DIACC member and would like us to feature your spotlight, contact us today to learn more!

What has your career journey looked like?
I have been in payments and technology industry for over 20 years. My career has ran the gamut from developing innovative products and solutions, engaging with customers through executive account management to being highly engaged in standards and trade organizations around the globe. The last few years I’ve had a keen interest in focusing on developing inclusive, fit for purpose, privacy preserving and user centric digital identity. Social impact solutions to bridge the digital divide is a part of that as well.

When you were 20 years old, what was your dream job and why?
My dream job was to practice law, as I wanted to play a role in assisting underserved communities in navigating legal matters. I grew up in a very rural area where I witnessed certain segments of the population not being able to obtain legal representation on a variety of things simply because they could not afford to do so.


❝I truly believe that women being engaged in the digital ID space is critically important because solutions need to be inclusive for everyone.❝



As a female leader, what has been the most significant barrier in your career?
When I started in the tech industry, there were not many women with a “seat” at the table. Even those women that were involved were typically not given the same voice as male counterparts and had to work extra hard to prove their value in any conversations and in creating products, services and solutions. Quite literally, it always felt like a “boys club” and I never felt comfortable speaking up in the beginning of my career for fear that my voice would not be heard. Often I would carefully tailor questions and responses as not to seem to be a dissenting or diverse voice. As my career grew, I began to embrace my authentic self and the unique viewpoints that I have and started speaking up and realizing my own influence. Today, I encourage women to embrace their authentic self and voice. Also, helping elevate and empower others to their full potential is a key focus area that brings me great satisfaction, as I embrace the concepts of servant leadership to those around me.

How do you balance work and life responsibilities?
I really think of this as just “life balance”. My work self is as much a part of me as everything else. So first and foremost, I have learned that I need to take care of myself. If I am feeling burnout in my work responsibilities, that easily spills over into my personal life (and vice versa). Therefore, I have to stay focused on making sure I am doing things that I enjoy, spending time with family and friends (even if only virtually), exercising, etc. If I am not taking care of myself, I cannot be 100% present in anything. Also, I have learned that I have to unplug. I know personally, in the past, I have felt the need to be the best at everything. But it is an impossible goal. I’ve learned that it is absolutely ok to not overachieve at everything in my life. Some things, I will. Some things, I won’t. That’s perfectly fine

❝When I started in the tech industry, there were not many women with a “seat” at the table. Even those women that were involved were typically not given the same voice as male counterparts and had to work extra hard to prove their value (…). I began to embrace my authentic self and the unique viewpoints that I have and started speaking up and realizing my own influence. ❞

Marie Jordan

How can more women be encouraged to pursue careers in the digital ID/tech space?
I truly believe that women being engaged in the digital ID space is critically important because solutions need to be inclusive for everyone. As someone extremely passionate about uplifting economies, women are an integral part of that and if more women became aware of the important role that they play in all parts of ensuring identity is fit for purpose and inclusive, I feel strongly they would understand the need for more diverse thoughts and opinions in this space. Educating women on the importance of identity becoming digital and the need for women’s unique perspectives will go a long way towards achieving that goal. Also, encouraging men as well to be supporters of bringing women into the space is equally as important.

What are some strategies you have learned to help women achieve a more prominent role in their organizations?
Be a team player, who collaborates with everyone, but also understand your value add to the culture of an organization. A lot of times I believe women try and fit in whereas they should recognize that they can be extremely successful by being themselves. I have personally had some of the greatest successes in my career by being genuine and authentic. This creates trust with those around you, which in turn can lead to great achievements. I’ve also learned the importance of networking and getting to know those around you. By having a supportive, diverse network, you will always have a sounding board and mutually beneficial relationships. A network isn’t transactional. It’s about building meaningful relationships.

What will be the biggest challenge for the generation of women behind you?
I believe the biggest challenge will be women continuing to bridge the gender gaps that exist, particularly with women taking prominent roles at the executive levels within tech organizations. This starts with education that focuses on women in technology, which I still feel is not where it should be. It has slowly shifted over the years but there is still a lot more that can be done.

What advice would you give to young women entering the field?
Be bold. Take chances. Get involved. Understand your value. Do not let fear of failing hold you back. Network and uplift others. Be the one who always empowers others to succeed.

Marie Jordan is the Senior Director, Global Standards Management at Visa
Follow Marie Jordan on LinkedIn


Trust over IP

ToIP Steering Committee Members to speak at two conferences in Dublin, Ireland September 12th-16th

Join us for an exciting week of engagement with leaders in the area of digital-trust transformation. The post ToIP Steering Committee Members to speak at two conferences in Dublin, Ireland September 12th-16th appeared first on Trust Over IP.

Dublin, Ireland is the place to be this September.

The Hyperledger Foundation, a multi-project open source collaborative effort hosted by the Linux Foundation, is holding their annual Hyperledger Global Forum (HGF) September 12th -13th at Convention Centre Dublin with workshops to follow on the 14th at the Gibson Hotel.  The Trust Over IP Foundation (ToIP) will be present in the exhibition hall as a community partner at HGF.  Please stop by and visit to learn more about the foundation.

ToIP Steering Committee member, Scott Perry, Principal of Crypto and Digital Trust Services at Schellman, will be speaking at HGF on Monday, September 12th on the topic of Governance and Audit of Blockchain Networks.

While blockchain technology creates strong cryptographic controls securing the integrity of data, successful, cooperative blockchain networks must establish trust between a variety of independent entities to create overall trust.  In this presentation, Scott Perry will discuss how trust is created when using blockchain technologies in the utility layer of the Trust Over IP stack. Scott will discuss how blockchain networks can add accountability within stakeholder roles to ensure that blockchain-based trust ecosystems are trustworthy above the embedded cryptographic trust assertions.  Come learn which role systems auditors, cybersecurity professionals, and risk management experts play in ensuring how trust is built within the ToIP stack focusing on how blockchain-based trust ecosystems are maintained when adopting such cutting-edge technologies. 

Co-located at the Conventions Center Dublin the same week is the Linux Foundation Open Source Summit Europe September 13th to 16th.  ToIP will be having a co-located Trust Over IP Summit 2022, during the OSS.  So when you register for OSS, don’t forget to add on the free registration for ToIP Summit 2022.

Agenda for the ToIP Summit 2022:

Session 1: Introduction to ToIP

Session 2: Demo of wallets/credentials including examples from:

 BC Government’s Mines Project  North Dakota Educational Systems And, credentials issued to participants that will be good for something special for the attendees.

Session 3: ToIP Technology Architecture Specification, first public review

Session 4: Panel Discussion with selected ToIP Steering Committee members representing industry, government, vendors, and technical experts.

ToIP Steering Committee Members present to talk with at these three in-person events in Dublin, Ireland include:

Andre Kudra, CIO esatus AG Drummond Reed, Director of Trust Services at Avast Marie Wallace, IBM Distinguished Engineer Mike Vesey, CEO, IdRamp Nancy Norris, Senior Director, ESG & Digital Trust, Gov. of British Columbia Canada Scott Perry, Principal, Crypto and Digital Trust Services, Schellman Wenjing Chu, Senior Director, Technology Strategy, Futurewei Technologies And others who are waiting upon travel approval.

Join us for an exciting week of engagement with leaders in the area of digital-trust transformation.

The post ToIP Steering Committee Members to speak at two conferences in Dublin, Ireland September 12th-16th appeared first on Trust Over IP.


Human Colossus Foundation

HCF speaks @ Jönköping Joint Ontology Workshop

Paul Knowles from the Human Colossus Foundation will present its Decentralised Semantics concept at the Joint Ontology Workshop (JOWO) in Jönköping, Sweden.

Paul Knowles from the Human Colossus Foundation will present its Decentralised Semantics concept at the Joint Ontology Workshop (JOWO) in Jönköping, Sweden.

“JOWO is a venue of workshops that, together, address a wide spectrum of topics related to ontology research, ranging from Cognitive Science to Knowledge Representation, Natural Language Processing, Artificial Intelligence, Logic, Philosophy, and Linguistics.”
— JOWO 2022

We present decentralised semantics to an audience of researchers focused on ontology.

Our purpose is to provide a status of the existing technology as an alternative view of how semantics can support the growing need for peer-to-peer exchanges over global networks.

By diving into the implications of the layered approach with a diverse group of experts, we look forward to opening new avenues of exploration where our method could be applied.

Subscribe to our mailing list

For those who can’t attend, we provide an opportunity to catch up in our HCF Community calls.

Friday August 26th @ 12h00 CET: Post JOWO Conference feedback by Paul Knowles Friday September 2nd @12h CET: OCA & Dynamic Data Economy by Paul Knowles Thursday September 6th @21h00 CET: OCA tooling by Robert Mitwicki

The Human Colossus Foundation (HCF) is a Swiss-based independent non-profit organisation. It envisions a new paradigm in digital interaction underpinned by a data-agile economy that aims to empower people, businesses and organisations to make better decisions based on insights from harmonised, accurate data. HCF’s mission is to facilitate the creation and subsequent development of such a data-agile economy, focusing on building open source core public utility technologies.

DDE "Dynamic Data Economy" refers to a data-agile economy composed of three foundational pillars - semantics, inputs and governance. The DDE is essentially a decentralised trust infrastructure aligned with the European data strategy where actors have the transactional sovereignty to share accurate information bilaterally. HCF facilitates DDE development by promoting standards that guarantee digital objects' structural and contextual integrity, the factual authenticity of events, and the consensual veracity of purpose-driven data agreements.

Friday, 12. August 2022

Elastos Foundation

Elastos Bi-Weekly Update – 12 August 2022

...

FIDO Alliance

American Banker: What banks can learn from phishing attacks on Cloudflare, Twilio

Threat actors targeted two major tech firms with nearly identical phishing schemes last week. In one case, attackers gained access to data for approximately 125 customers. In the other, they […] The post American Banker: What banks can learn from phishing attacks on Cloudflare, Twilio appeared first on FIDO Alliance.

Threat actors targeted two major tech firms with nearly identical phishing schemes last week. In one case, attackers gained access to data for approximately 125 customers. In the other, they tricked three employees but did not gain any system access to their systems. FIDO2-compliant security keys are cited as a “linchpin mechanism” in Cloudflare’s defense.

The post American Banker: What banks can learn from phishing attacks on Cloudflare, Twilio appeared first on FIDO Alliance.


Microsoft News: Passwordless is here and at scale

Microsoft’s blog post explores Accenture’s journey as they adopted passwordless authentication. With cyber-attacks on the rise, phishing has become the primary method used by attackers to compromise user data. Now, even […] The post Microsoft News: Passwordless is here and at scale appeared first on FIDO Alliance.

Microsoft’s blog post explores Accenture’s journey as they adopted passwordless authentication.

With cyber-attacks on the rise, phishing has become the primary method used by attackers to compromise user data. Now, even though multifactor authentication (MFA) defeats over 90% of password breaches, it isn’t immune to phishing. Microsoft’s vision for a passwordless world emphasizes FIDO 2.0-powered inherently phish-resistant credentials like Windows Hello for Business and FIDO 2.0 External Security Keys. Accenture’s implantation includes over 500,000 users primarily using Windows Hello For Business, 200,000 Phone Sign in users, over 10,000 FIDO2 key users, and an 80% drop in day-to-day usage of passwords across the enterprise. 

The post Microsoft News: Passwordless is here and at scale appeared first on FIDO Alliance.


Associations Now: Tech Talk: 30 Technology Terms Everyone Should Know

Passkey – A new type of security technology being introduced by major vendors such as Apple, Microsoft, and Google in fall 2022 that aims to limit the need for passwords […] The post Associations Now: Tech Talk: 30 Technology Terms Everyone Should Know appeared first on FIDO Alliance.

Passkey –

A new type of security technology being introduced by major vendors such as Apple, Microsoft, and Google in fall 2022 that aims to limit the need for passwords when signing into different applications. This technology, developed by the FIDO Alliance, uses tokenization rather than passwords during the login process and is meant to help prevent phishing and spoofing.

The post Associations Now: Tech Talk: 30 Technology Terms Everyone Should Know appeared first on FIDO Alliance.


Security Boulevard: What is a Zero Trust Environment? | HYPR

An effective Zero Trust environment requires an authentication system that can be relied upon to form a strong, solid foundation. With passwords and other shared credentials, the weakest links in […] The post Security Boulevard: What is a Zero Trust Environment? | HYPR appeared first on FIDO Alliance.

An effective Zero Trust environment requires an authentication system that can be relied upon to form a strong, solid foundation. With passwords and other shared credentials, the weakest links in any authentication system, Zero Trust MFA must fully eliminate these from the authentication process. The government has recognized this, with the Cybersecurity and Infrastructure Security Agency calling Fast Identity Online (FIDO) protocols the “gold standard” of MFA.

The post Security Boulevard: What is a Zero Trust Environment? | HYPR appeared first on FIDO Alliance.


Tech Target: Why 2023 is the year of passwordless authentication

Passwords are a form of knowledge-based authentication. For a user to prove they are who they claim to be, they need a secret — the password — that has been […] The post Tech Target: Why 2023 is the year of passwordless authentication appeared first on FIDO Alliance.

Passwords are a form of knowledge-based authentication. For a user to prove they are who they claim to be, they need a secret — the password — that has been previously stored by the service. Multifactor authentication (MFA) is a technique designed to strengthen the authentication process by adding possession-based authentication to knowledge-based authentication. A service can only authenticate a user when they prove they have knowledge of the shared secret in addition to something they have or are. Eliminating shared secrets removes the intrinsic weakness of password-based authentication and MFA. A secure form of possession-based authentication is the best alternative. Passwordless authentication based on FIDO standards is considered the archetype. FIDO passwordless authentication is based on public-key cryptography.

The post Tech Target: Why 2023 is the year of passwordless authentication appeared first on FIDO Alliance.


Forbes: Why MFA Falls Short And What Can Be Done About It

Stu Sjouwerman, founder, and CEO of KnowBe4 Inc shares his thoughts on how MFAs fell short in data security. A Verizon research report says that 82% of all cyberattacks fall […] The post Forbes: Why MFA Falls Short And What Can Be Done About It appeared first on FIDO Alliance.

Stu Sjouwerman, founder, and CEO of KnowBe4 Inc shares his thoughts on how MFAs fell short in data security. A Verizon research report says that 82% of all cyberattacks fall on human error (stolen credentials, phishing, misuse). For a hacker to successfully gain access to credentials they need some level of human involvement to get around MFA defences. Some common phishing techniques include, MiTM attacks, SIM-swapping attacks, “Pass-the-cookie” attacks, and MFA fatigue. The strongest forms of MFAs are based on FIDO2 standards that enables users to access resources through biometrics. The deployment of FIDO2 eliminates the risk of phishing attacks but ensuring users are well trained to identify cyberthreats is just as important if not more.

The post Forbes: Why MFA Falls Short And What Can Be Done About It appeared first on FIDO Alliance.


ars Technica: Phishers who breached Twilio and targeted Cloudflare could easily get you, too

At least two security-sensitive companies—Twilio and Cloudflare—were targeted in a phishing attack by an advanced threat actor who had possession of home phone numbers of not just employees but employees’ […] The post ars Technica: Phishers who breached Twilio and targeted Cloudflare could easily get you, too appeared first on FIDO Alliance.

At least two security-sensitive companies—Twilio and Cloudflare—were targeted in a phishing attack by an advanced threat actor who had possession of home phone numbers of not just employees but employees’ family members as well.

The post ars Technica: Phishers who breached Twilio and targeted Cloudflare could easily get you, too appeared first on FIDO Alliance.


TechRadar.pro: Cloudflare says it was almost fooled by a phishing attack

Cloudflare employees were recently targeted by a “sophisticated” cyberattack, and even though some fell for the scheme, the DDoS protection company managed to successfully defend itself.  In a blog post(opens in new tab), […] The post TechRadar.pro: Cloudflare says it was almost fooled by a phishing attack appeared first on FIDO Alliance.

Cloudflare employees were recently targeted by a “sophisticated” cyberattack, and even though some fell for the scheme, the DDoS protection company managed to successfully defend itself. 

In a blog post(opens in new tab), Cloudflare co-founder Matthew Prince, together with team members Daniel Stinson-Diess and Sourov Zaman, explained how the attack happened and what made the difference between success and failure.

The threat actor made a couple of key preparations ahead of the attack: they registered a domain that looked legitimate and would fool many victims: cloudflare-okta.com. Okta is Cloudflare’s identity provider. They also managed to somehow obtain the phone numbers of almost 80 Cloudflare employees, as well as family members for some.

The post TechRadar.pro: Cloudflare says it was almost fooled by a phishing attack appeared first on FIDO Alliance.


Cloudflare: The mechanics of a sophisticated phishing scam and how we stopped it

Yesterday, August 8, 2022, Twilio shared that they’d been compromised by a targeted phishing attack. Around the same time as Twilio was attacked, we saw an attack with very similar characteristics […] The post Cloudflare: The mechanics of a sophisticated phishing scam and how we stopped it appeared first on FIDO Alliance.

Yesterday, August 8, 2022, Twilio shared that they’d been compromised by a targeted phishing attack. Around the same time as Twilio was attacked, we saw an attack with very similar characteristics also targeting Cloudflare’s employees. While individual employees did fall for the phishing messages, we were able to thwart the attack through our own use of Cloudflare One products, and physical security keys issued to every employee that are required to access all our applications.

We have confirmed that no Cloudflare systems were compromised. Our Cloudforce One threat intelligence team was able to perform additional analysis to further dissect the mechanism of the attack and gather critical evidence to assist in tracking down the attacker.

This was a sophisticated attack targeting employees and systems in such a way that we believe most organizations would be likely to be breached. Given that the attacker is targeting multiple organizations, we wanted to share here a rundown of exactly what we saw in order to help other companies recognize and mitigate this attack.

The post Cloudflare: The mechanics of a sophisticated phishing scam and how we stopped it appeared first on FIDO Alliance.


CFPB: Insufficient data protection or security for sensitive consumer information

Consumer Financial Protection Circular 2022-04 Insufficient data protection or security for sensitive consumer information Question presented Can entities violate the prohibition on unfair acts or practices in the Consumer Financial […] The post CFPB: Insufficient data protection or security for sensitive consumer information appeared first on FIDO Alliance.
Consumer Financial Protection Circular 2022-04 Insufficient data protection or security for sensitive consumer information Question presented

Can entities violate the prohibition on unfair acts or practices in the Consumer Financial Protection Act (CFPA) when they have insufficient data protection or information security?

Summary answer

Yes. In addition to other federal laws governing data security for financial institutions, including the Safeguards Rules issued under the Gramm-Leach-Bliley Act (GLBA), “covered persons” and “service providers” must comply with the prohibition on unfair acts or practices in the CFPA. Inadequate security for the sensitive consumer information collected, processed, maintained, or stored by the company can constitute an unfair practice in violation of 12 U.S.C. 5536(a)(1)(B). While these requirements often overlap, they are not coextensive.

Acts or practices are unfair when they cause or are likely to cause substantial injury that is not reasonably avoidable or outweighed by countervailing benefits to consumers or competition. Inadequate authentication, password management, or software update policies or practices are likely to cause substantial injury to consumers that is not reasonably avoidable by consumers, and financial institutions are unlikely to successfully justify weak data security practices based on countervailing benefits to consumers or competition. Inadequate data security can be an unfair practice in the absence of a breach or intrusion.

The post CFPB: Insufficient data protection or security for sensitive consumer information appeared first on FIDO Alliance.


Tech Target: Why 2023 is the year of passwordless authentication

Passwords are a form of knowledge-based authentication. For a user to prove they are who they claim to be, they need a secret — the password — that has been […] The post Tech Target: Why 2023 is the year of passwordless authentication appeared first on FIDO Alliance.

Passwords are a form of knowledge-based authentication. For a user to prove they are who they claim to be, they need a secret — the password — that has been previously stored by the service. Multifactor authentication (MFA) is a technique designed to strengthen the authentication process by adding possession-based authentication to knowledge-based authentication. A service can only authenticate a user when they prove they have knowledge of the shared secret in addition to something they have or are. Eliminating shared secrets removes the intrinsic weakness of password-based authentication and MFA. A secure form of possession-based authentication is the best alternative. Passwordless authentication based on FIDO standards is considered the archetype. FIDO passwordless authentication is based on public-key cryptography.

The post Tech Target: Why 2023 is the year of passwordless authentication appeared first on FIDO Alliance.


IT PRO: Cisco Talos confirms data breach after ransomware gang ‘forces’ incident disclosure

The effectiveness of hardware-based MFA keys was brought to light as both Twilio and Cloudflare were targeted with sophisticated phishing attacks, but only the latter prevented a full attack thanks […] The post IT PRO: Cisco Talos confirms data breach after ransomware gang ‘forces’ incident disclosure appeared first on FIDO Alliance.

The effectiveness of hardware-based MFA keys was brought to light as both Twilio and Cloudflare were targeted with sophisticated phishing attacks, but only the latter prevented a full attack thanks to the company-wide use of FIDO keys in addition to MFA security prompts.

The post IT PRO: Cisco Talos confirms data breach after ransomware gang ‘forces’ incident disclosure appeared first on FIDO Alliance.


Mittelstand heute: Passwordless – No password is more secure!

Fast Identity Online (FIDO) is another method for Passwordless Authentication. FIDO2 stands for the second version of the open standard. Here, the password is replaced by a hardware token. The […] The post Mittelstand heute: Passwordless – No password is more secure! appeared first on FIDO Alliance.

Fast Identity Online (FIDO) is another method for Passwordless Authentication. FIDO2 stands for the second version of the open standard. Here, the password is replaced by a hardware token. The authentication mechanisms of the FIDO standard are stored on this token.

The post Mittelstand heute: Passwordless – No password is more secure! appeared first on FIDO Alliance.


Sicherheit.info: Apple abolishes the password – what companies must do now

Apple is putting a groundbreaking security upgrade into practice, for the introduction of which it joined forces with other Internet giants such as Meta (formerly Facebook) and Google, as well […] The post Sicherheit.info: Apple abolishes the password – what companies must do now appeared first on FIDO Alliance.

Apple is putting a groundbreaking security upgrade into practice, for the introduction of which it joined forces with other Internet giants such as Meta (formerly Facebook) and Google, as well as hardware manufacturers from Intel to Qualcomm, to form the “Fido Alliance” back in 2012.

The post Sicherheit.info: Apple abolishes the password – what companies must do now appeared first on FIDO Alliance.


Energy Web

Energy Web Token (EWT) Consortia Relay Staking Snapshots Insights

This update provides a brief overview and technical analysis of the results of the “snapshot” mechanism currently being used to track the consistency of staked Energy Web Tokens (EWT) in the Consortia staking pool. Patrons staking EWT can use the tools provided at https://consortia-stake-ewt.io/ to check the status of their wallets and snapshots if applicable. Snapshots and Variable EWT rewa

This update provides a brief overview and technical analysis of the results of the “snapshot” mechanism currently being used to track the consistency of staked Energy Web Tokens (EWT) in the Consortia staking pool. Patrons staking EWT can use the tools provided at https://consortia-stake-ewt.io/ to check the status of their wallets and snapshots if applicable.

Snapshots and Variable EWT rewards

A series of Snapshots are being taken of wallets that have staked Energy Web Tokens (EWT) in the Energy Web Consortia staking pool. The purpose of the snapshots is to measure the consistency of staking. Specifically, snapshots track how much EWT is deposited into a staking contract by a given wallet and how long that stake is maintained throughout the life of the Consortia staking pool. Since staking will be a major contributor to the cybersecurity of Energy Web solutions tied to the upcoming Consortia blockchain, having a consistent, high stake of EWT is crucial. Therefore, EWT staking pools reward consistent stakers with higher rewards compared to stakers who withdraw EWT before the staking pool ends.

In the case of the current Consortia staking pool, there will be an additional, variable reward distributed to all Patrons (individuals who have staked EWT into the pool) with at least 1 snapshot. This reward comes from redistributing all unallocated rewards from the Consortia staking smart contract. The staking contract was deployed with the maximum possible reward balance in order to provide rewards for Patrons staking a total of 7.5 million EWT for the entire 9 month duration of the staking pool.

Because the staking pool has yet to reach its capacity, not all fixed rewards will be distributed. This is where snapshots come in: the reward balance that is left unallocated will be distributed to Patrons who have snapshots. Rewards vary depending on the number of snapshots and the amount of EWT staked. For each wallet, the reward will be determined by an exponential formula taking into account the number of snapshots and average EWT stake. The exponential formula will incentivise Patrons to collect all snapshots, since a wallet with all snapshots will earn much higher rewards than wallets with 5 and less snapshots and the same EWT balance.

Similar to the timing of the snapshots, variable rewards are impossible to predict as they depend on the timing of snapshots and actions of other staking patrons. Therefore, the only rational behavior that maximizes variable APY is to stake as much EWT into a single wallet as possible and leave it staked consistently until the end of the Consortia staking pool. To be clear, the variable rewards will be distributed in addition to the fixed award already awarded by the Consortia staking pool.

Snapshot 1 Balance Analysis

In total, 6,408 wallets were included in the first snapshot. These wallets staked 5,540,589 EWT. The individual balances vary from 1 EWT (the lower limit for snapshots) to 3,000 EWT (the upper staking limit for a single wallet). The chart below shows the balances of all snapshot wallets: wallets on the horizontal axis, balances on the vertical axis.

The next chart shows the stake balance distribution with balance bounds on the horizontal axis and the number of wallets in each section on the vertical axis:

Almost 2/3rd of all wallets have balances under 500 EWT (out of which 334 are staking just 1 EWT), and 17% of wallets have balances higher than 2,500 EWT. This is surprising, as normally such distributions follow a power-law distribution (the higher the balance, the lower the number of wallets). In the case of Consortia staking, the relatively large number of wallets can be explained by Patrons holding many EWT (more than the upper limit of 3,000 EWT) staking with multiple wallets. Out of 1,110 wallets staking over 2,500 EWT, 970 are staking the maximum allowed 3,000 EWT.

Snapshot 2 Balance Analysis

Snapshot 2 was taken on block #18648235 generated on June 27th, 2022 at 9:16 PM UTC+1. This time, there were 6,641 wallets staking (up 233 from the first snapshot), staking a total of 5,730,962 EWT, so (up 190,373 EWF from snapshot 1).

Here are the balances of snapshot 2 (in orange) compared to snapshot 1 balances (in blue). Wallets on the bottom, balances on the vertical axis:

The orange spikes are wallets adding more EWT between snapshot 1 and 2. The orange dips are wallets withdrawing EWT. On the far right of the chart there is the orange line and no blue line: these are the completely new wallets that didn’t participate in snapshot 1.

In total, 880 wallets increased their EWT stake and 350 of were completely new (not staked during snapshot 1). 180 wallets decreased their stake, 117 of them withdrawing all their EWT and not qualifying for snapshot 2.

Here’s the balance distribution comparison between stake 1 and 2 balances. Bounds on the bottom, number of wallets in each category in the vertical scale:

We can see a slight increase in each category, even in the highest balances section: 41 new wallets staked between 2,500 and 3,000 ETW, out of which 40 staked the 3,000 EWT maximum. For comparison, there are now 150 additional wallets staking under 500 EWT.

Snapshot insights and what to expect next

So far, staking in the Consortia pool has been consistent in line with the design of the snapshot mechanism. This is evidenced by the balance distribution of snapshot 1 and 2 and EWT balances in the staking contract:

Such consistent staking will provide a high degree of economic cybersecurity to all enterprise-grade Energy Web solutions (for more information on the connection between consistent staking, cybersecurity, and Energy Web solutions, please review our announcement on the upcoming Consortia chain).

As mentioned above, the next 4 snapshots will be taken randomly between now and the end of the Consortia staking pool in December 2022. Patrons who receive at least 1 snapshot will qualify for additional rewards. The rewards will be calculated and distributed after the Consortia staking pool ends. Again, since variable rewards are impossible to predict, the best strategy for all patrons is to stake as high a balance as possible and do so consistently.

Also read: https://medium.com/energy-web-insights/energy-web-community-staking-pool-snapshots-explained-3a9c3eebf28b

About Energy Web
Energy Web is a global non-profit accelerating the clean energy transition by developing open-source technology solutions for energy systems. Our enterprise-grade solutions improve coordination across complex energy markets, unlocking the full potential of clean, distributed energy resources for businesses, grid operators, and customers.

Our solutions for enterprise asset management, data exchange, and Green Proofs, our tool for registering and tracking low-carbon products, are underpinned by the Energy Web Chain, the world’s first public blockchain tailored to the energy sector. The Energy Web ecosystem comprises leading utilities, renewable energy developers, grid operators, corporate energy buyers, automotive, IoT, telecommunications leaders, and more.

Energy Web Token (EWT) Consortia Relay Staking Snapshots Insights was originally published in Energy Web on Medium, where people are continuing the conversation by highlighting and responding to this story.

Thursday, 11. August 2022

FIDO Alliance

Momentum in APAC:  FIDO Tech Seminar in Korea and Passwordless Roundtable in Vietnam Recaps

By Andrew Shikiar, Executive Director and CMO, FIDO Alliance July 2022 was a busy month for FIDO members in APAC, particularly with the events that took place in Korea and […] The post Momentum in APAC:  FIDO Tech Seminar in Korea and Passwordless Roundtable in Vietnam Recaps appeared first on FIDO Alliance.

By Andrew Shikiar, Executive Director and CMO, FIDO Alliance

July 2022 was a busy month for FIDO members in APAC, particularly with the events that took place in Korea and Vietnam:

FIDO Tech Seminar in Korea

On July 13th, the FIDO Korea Working Group held a half-day virtual tech seminar with 250+ attendees.  The sessions included updates on the state of the FIDO Alliance and its certification programs, an introduction to FIDO Device Onboard (FDO), a FIDO Authentication 101, an introduction to multi-device FIDO credentials (also known as “passkeys”), and a presentation on understanding Korean  laws mandating the use of passwords.

[Pic 1: Snapshot of FIDO Tech Seminar Platform][Pic 2: Samples of Virtual Sessions]

This tech seminar covered topics such as FDO and passkey, and provided a forum for industry experts to learn about phishing-resistant online authentication. 

Based on the post-event survey, over 30% of attendees reported they were victims of credential thefts, though they are online security industry experts or studying in the related fields.  Mr. Hyeong Won Pyo at Chosun Media thoughtfully summarized what he learned from the seminar while sharing with his colleagues and friends: “Our journalists are under attack by online phishing campaigns, and it was great to learn how to protect them with FIDO Authentication.”

Those who missed the live streaming sessions can watch the recordings here.

Vietnam Goes Passwordless Roundtable

On the same afternoon, FIDO Alliance participated in another hybrid event, the Vietnam Goes Passwordless Roundtable, organized by VinCSS and Vietnamese Ministry of Information and Communication.

It was the first forum on passwordless authentication in Vietnam, and the cyber security industry leaders in the region gathered representatives from the state banks, and local journalists.

[Pic 3: FIDO Update by Andrew Shikiar][Pic 4: Panel Discussion Session]

During the event local cyber security leaders discussed and shared best practices on digital authentication, disruptive technologies, and mega trends of passwordless authentication.  The experts recognized the recent increase of cyber-attacks in Vietnam as a risk factor for further developing digital applications, which is one of the top strategic activities of Vietnamese National Digital Transformation Program.

Mr. Do Ngoc Duy Tranc, CEO of VinCSS said, “VinCSS is ready to sponsor and support the nation by integrating strong FIDO-based passwordless authentication technology by building broader cooperation mechanisms with multi-sectors.”

To learn more about the event and exciting passwordless activities in Vietnam, please visit the event platform.

The post Momentum in APAC:  FIDO Tech Seminar in Korea and Passwordless Roundtable in Vietnam Recaps appeared first on FIDO Alliance.


Elastos Foundation

ELA Buyback Program To Support DPoS 2.0 Monthly Update – July

...

Wednesday, 10. August 2022

Origin Trail

OT-RFC-12 V2: Teleporting TRAC to the OriginTrail Parachain on Polkadot

This blog post outlines the revised version of the initial RFC detailing the TRAC bridging approach from Ethereum to the OriginTrail Parachain based on the feedback received on the initial version from the OriginTrail community. Teleporting TRAC to the OriginTrail Parachain on Polkadot The previous version of this RFC proposed the initial TRAC bridge for near-term utilisation be implemented

This blog post outlines the revised version of the initial RFC detailing the TRAC bridging approach from Ethereum to the OriginTrail Parachain based on the feedback received on the initial version from the OriginTrail community.

Teleporting TRAC to the OriginTrail Parachain on Polkadot

The previous version of this RFC proposed the initial TRAC bridge for near-term utilisation be implemented via the Chainbridge system, while enabling emergent bridging infrastructure (such as the Snowfork bridge) as potential long term bridging solutions.
Due to the concerns expressed by the TRAC community regarding the inherent risks associated with such a bridge implementation (details below and in RFC comments), and demonstrated vulnerabilities of similar bridges seen recently within the crypto space (even while writing this update of the RFC), an alternative approach will be implemented — “one way teleports”.

A one way teleport is an already proven approach within the OriginTrail community as it was successfully executed during the Starfleet stage of the OriginTrail Parachain development. Via a “one-time” TRAC bridge from Ethereum to the OriginTrail Parachain the OriginTrail community has successfully staked 100MM TRAC tokens to be transferred to the (then stand-alone) OriginTrail tailored blockchain.

The exact approach and details of the smart contract implementation are specified in OT-RFC-10, however for practicality an outline is presented here:

A special smart contract is deployed on Ethereum blockchain designed to lock a specific amount of TRAC tokens, to be teleported to the OriginTrail Parachain. The contract is permissionless and anybody can deposit (lock) TRAC into it. The equivalent amount of TRAC tokens gets minted on the OriginTrail Parachain to the same address as the one that locked tokens on the Ethereum side (so tokens can be utilised by the same wallet). Special care is taken to ensure security of the smart contract — a thorough smart contract audit has been conducted, together with functionality minimization (to lower complexity and thus risk surface) as well as coding and testing best practices.

The near-term TRAC bridging proposal therefore is to:

Perform one way TRAC teleports from Ethereum to the OriginTrail Parachain by reutilizing the same smart contract already proven in the previous 100MM TRAC Starfleet staking procedure. This contract implementation has been security audited by Quantstamp and proven functional and secure in a production environment. Additionally, the smart contract is built in such a way that the locked funds can be used to integrate with the future bridges. Execute teleports in a total of 15 batches in two week intervals. This approach removes third-party code (non-OriginTrail ecosystem) from the bridging infrastructure, additionally minimising the risk surface until a more trust-minimising solution is available. The approach enables continued exploration of bridging solutions within the Polkadot ecosystem for the mid- and long-term viability of a two-way TRAC bridge. It is expected that multiple options will be available, such as common-good parachain bridges, Snowfork and others, developed by the wider Polkadot community. Once a suitable bridge is available, all teleported tokens will be migrated (subject to the same RFC process as with this implementation). Teleporting details

Teleporting will occur in 15 batches, each of which will be performed with a process similar to the previously executed Starfleet staking. Due to the nature of the smart contracts and them being audited and tested, only parametric changes can be implemented and no changes in smart contract code will be performed.

Each of the 15 teleportation batches will deploy a separate Teleport contract on Ethereum, managed by a multisig wallet. The illustration below shows the lifecycle of each Teleport contract and its phases as per smart contract design (specified in OT-RFC-10). There are 5 distinct periods defined in the life cycle:

Preparation period: used for contract preparation and deployment on Ethereum mainnet. Boarding period: the period during which TRAC can be deposited in the smart contract for teleportation. The boarding period will last 2 weeks for each batch (except for the first batch lasting 3 weeks). Lock period: the period during which tokens are immobile (locked) in the teleportation smart contract on Ethereum. TRAC tokens are teleported to the OriginTrail Parachain and available for use with the same address as used for locking. Each lock period will be set to expire on March 31st 2023. Bridge period: the period during which locked tokens can be transferred from the teleportation smart contract on Ethereum to a fully fledged bridge implementation (which is expected to be available in the bridge period). The bridge period lasts for 12 months (latest until March 31st 2024). Fallback period: period used in the fallback scenario of a fully fledged bridge not becoming available, after all previous periods have expired. In this period it will be possible to teleport TRAC tokens back to Ethereum, using the accounting feature as described in the contract spec (OT-RFC-10).

To incentivize the teleportation process and utility of the OriginTrail Parachain and the (then deployed) OriginTrail DKG v6, a designated amount of OTP bounty tokens will be made available for the users (to be announced).

The teleport timeline is as follows:

August 18th (tentative): first Teleportation contract deployment and Batch #1 teleporting start, the first boarding period lasting 3 weeks September: first minting of TRAC on OT Parachain, added OTP bounty to enable the use of the OriginTrail Parchain (bonus size TBD) Mid-September: Once TRAC is available, execute OriginTrail DKG v6 launch Batch #2 and further teleportation batches continue immediately after the first teleportation is completed and validated as successful.

The detailed timeline will be shared in the following documents as soon as this RFC is approved.

The complete and updated OT-RFC-12 v2 document can be found here.

👇 More about OriginTrail 👇

Web | OriginTrail Twitter | OriginTrail Parachain Twitter | Facebook | Telegram | LinkedIn | GitHubDiscord

OT-RFC-12 V2: Teleporting TRAC to the OriginTrail Parachain on Polkadot was originally published in OriginTrail on Medium, where people are continuing the conversation by highlighting and responding to this story.


Next Level Supply Chain Podcast with GS1

Visibility 2.0: Creating Digital Consistency in an International Supply Chain

Innovation tends to move more quickly than we can update our processes and infrastructure. So how can something as complicated as the international supply chain take fundamental trade practices and marry them with innovation so we can move at the speed of digitization? Join us for a mind-blowing discussion with Karyl Fowler, CEO at Transmute, and hear about the work being done to digitize trade do

Innovation tends to move more quickly than we can update our processes and infrastructure. So how can something as complicated as the international supply chain take fundamental trade practices and marry them with innovation so we can move at the speed of digitization? Join us for a mind-blowing discussion with Karyl Fowler, CEO at Transmute, and hear about the work being done to digitize trade documentation in a way that is cryptographically verifiable and traceable across the entire logistics ecosystem.

 


Ceramic Network

Ceramic Launches Community Forum

Your place to ask technical questions and receive Core Team & community responses.

We’re excited to share that we launched the Ceramic Community Forum! The forum is the place to ask technical questions and receive support from your fellow community members and Ceramic’s core team.

Why did we launch the forum?

If you have been a part of Ceramic’s developer community for a while, you probably know that we've been exchanging knowledge and receiving updates from the Ceramic core team on a Ceramic Discord Server. One piece of feedback we received from multiple members of the community is that, over time, the RSS feed-like nature of Discord made it difficult to get answers to technical questions and search for information. It became clear that we need a better platform for facilitating technical support and empowering our developer community to share technical knowledge about Ceramic.

What do I use the forum for?

The forum is dedicated to asking and answering technical questions about Ceramic. It consists of a few main categories dedicated to specific aspects of Ceramic tech. If you have a question to ask, simply open it under the most relevant category. The questions asked on the forum will be answered between the Ceramic community and Ceramic’s core team.

The forum includes a few additional features that should improve the technical-information sharing and question answering across the Ceramic developer community:

Better search—you can use the forum’s built-in search tool to discover questions that might be similar to yours Sign-in with Ethereum—to begin using the forum, you can sign up using your Ethereum wallet. And what about the Ceramic Discord server?

The Ceramic Discord Server is not going anywhere. Going forward, the server will be focused on facilitating more high-level discussions around Ceramic—e.g. talking about community projects, sharing ideas and feedback about specific aspects of the Ceramic Network. Over the next month, expect to see some architectural changes in the Discord server as we transition technical support to the Ceramic Forum.

Try out the Ceramic Forum and let us know what you think!

Tuesday, 09. August 2022

Digital ID for Canadians

The Power of a Trustmark

By David Tubbs, Director of Marketing Communications at ApplyBoard. Additional contributions made by members of DIACC’s Outreach Expert Committee. Relationships are built on one thing:…

By David Tubbs, Director of Marketing Communications at ApplyBoard. Additional contributions made by members of DIACC’s Outreach Expert Committee.

Relationships are built on one thing: trust. It is the basis to which we form opinions and develop long lasting associations with who and how we make decisions in our everyday lives. Trust is typically established through one of three ways: 1) personal experience, 2) opinions from others we trust, and 3) third party verification in the form of reviews or trustmarks.

Let’s explore this third avenue and find out exactly what a trustmark is, how they come about, and most importantly, why they matter. In the digital era with an increase of online and accessible services, trustmarks matter more than ever before trustmarks matter more than ever before.

What is a trustmark?

Trustmarks are all around us every single day. They are woven into the fabric of our daily lives in the community, but more importantly in our digital lives.

When you login to a website and see the lock icon on your browser to denote a secure connection, when you walk into a bank in Canada and see the purple Canada Deposit Insurance Corporation (CDIC) logo right at the entrance, or when you go to a hotel website and see their Trip Advisor rating posted. These are all trustmarks and they exist to establish consumer confidence.

Trustmarks are less about what it stands for and more about how it makes the user feel. Do they feel a familiarity and understanding as to what the trustmark means? Do they feel like a third party actually verified something? And, does the user feel safe? These are questions a trustmark needs to answer to both communicate what it stands for and serve a wider purpose. Both of these factors can only come from a shared understanding of the trust to be built.

Creating a shared understanding

Crafting a universal and shared understanding for what a trustmark stands for is not easy. A trustmark must cross cultural, age, socioeconomic, and educational boundaries to make its ubiquity and utility impactful. It must also be supported by enough parties to gain critical mass so that adoption begins crossing traditional boundaries.

This often begins with an organization or group of entities to establish the need for a trustmark, its use, and also its limitations. It is vital that this organization remains unbiased. From there it is expanded through a virtuous cycle of education and adoption by more organizations until that critical mass of adoption is met. No matter what, the establishment of a solid foundation of a shared understanding is essential if widespread adoption of the trustmark is to be found. Without it, the trustmark will simply be a niche symbol for something only a small group will understand and recognize.

Creating mass adoption of a trustmark

The start of this shared understanding is happening right now as previously covered by Julianne Trotman in her article on the development and adoption of trust frameworks and the Pan-Canadian Trust Framework (PCTF). The PCTF is the set of established needs and expectations around what validates that trust. The development of the iconography for a digital trustmark, in this context, is an important part of the process, but not as important as the actual adoption.

Adoption of a trustmark must be done across all our digital platforms. It should be shared on partner websites, on platforms, social media, traditional materials, and more. Ubiquity is not a bad thing, but should be embraced.

To continue with the example of the PCTF, because DIACC was the central source of its development and articulation, any trustmark would begin with its collaborative members. Its members would act as evangelists to start creating a distribution network for the trustmark. The key after this is repetition and growth. There is no set timeline for a trustmarks societal adoption, only that it is a journey that is wholly dependent on ongoing adoption by other organizations, companies, and if applicable, government.

Trustmarks take time. That being said, they start with a collective of people looking to reassure and build trust in our society. The more we talk about and show off a trustmark, subtly or overtly, the better adoption will be. It is a journey, but a journey worth starting.


Kantara Initiative

Leading identity experts to join Kantara Initiative UK Advisory Board

London, 8 August 2022 Kantara Initiative Ltd announced today that it has established a UK Advisory Board and appointed 3 of the UK identity sector’s leading experts to join it. They are: Emma Lindley MBE, Co-Founder of Women in Identity Alison McDowell, Co-Founder of Beruku and Andrew Hindle, Content Chair for Identiverse and Founding Board Member at IDPro These widely recognised identity experts

London, 8 August 2022

Kantara Initiative Ltd announced today that it has established a UK Advisory Board and appointed 3 of the UK identity sector’s leading experts to join it. They are:

Emma Lindley MBE, Co-Founder of Women in Identity Alison McDowell, Co-Founder of Beruku and Andrew Hindle, Content Chair for Identiverse and Founding Board Member at IDPro

These widely recognised identity experts will provide independent voices on our Board to ensure we keep innovating around our UK business proposition

All 3 advisors are internationally recognised experts in the identity domain with experience and profiles valued not just within, but beyond, the sector. The Advisory Board will support the Kantara UK leadership team to develop strategies that will enable the organisation to serve the UK market more effectively. The advisors will also provide input into how Kantara’s work for the DCMS DIATF program can grow to better align public interest with greater adoption around the standardisation and interoperability of ID verification solutions.

UK Advisors – Emma Lindley MBE, Alison McDowell and Andrew Hindle

Commenting on the announcement, Kantara Initiative Executive Director, Kay Chopard said: “We are thrilled to announce that Emma, Alison and Andrew are joining our UK Advisory Board. They bring with them an unrivalled wealth of experience as contributors to the UK identity market and the global identity ecosystem. And they are all widely recognised as leading thinkers on the topic of digital identity. So having them as independent voices on our Board will ensure we keep innovating around our UK business proposition. As the global leader in identity assurance, we are tremendously excited about the future for the UK DIATF in particular. Our UK Advisory Board will ensure that we remain at the forefront of developments in this market.”     

For more information, visit www.kantarainitiative.co.uk/about-us or contact us directly at info@kantarainitiative.co.uk

The post Leading identity experts to join Kantara Initiative UK Advisory Board appeared first on Kantara Initiative.


Digital Scotland

Shops.scot – Like Ebay Stores, but Scottish

Shops.scot will provide a Scottish 'Multi-Vendor Marketplace', a platform for many micro-businesses to create their own e-commerce store. The post Shops.scot – Like Ebay Stores, but Scottish appeared first on digitalscot.net.

Shops.scot is a new venture under development. Join the Venture Builder group discussion to participate.

Co-founders, dev partners, reseller agents, early adopter customers – All welcome.

Multi-vendor Marketplace

As the title suggests, this will operate a ‘Multi-vendor Marketplace’ – A site where multiple sellers can each create their own e-store, and visitors can browse and buy from any of them.

This will accelerate our Digital Nation Action Plan, specifically the digital enablement and support of micro and small businesses. It’s still the case that many don’t even have a web site.

So this will provide them an ultra simple way of achieving that, with the key distinction from other options like EBay or Amazon obviously being that it’s entirely Scotland focused. This means a much more local, hands on technical support, and a concentrated market focus.

Features

Key features will include:

A powerful set of digital marketing tools – As well as loading up your products, you’ll be able to send e-vouchers, email marketing etc. Cryptocurrency – Accept Bitcoin payments et al. This is another key technology field where SMEs know they should be doing more but it is simply beyond them.

In short it will leverage the SaaS (Software as a Service) model to make easily accessible the powerful e-commerce and digital marketing technologies that most small businesses would greatly benefit from but don’t have the resource or expertise to deploy themselves.

There is also great potential to team up with other Scottish innovators, such as Miconex. They offer a gift card system that could tie in with #1, with a particular focus on local towns, such as Perth.

Shops.scot will be able to provide the core e-commerce tools for selling their products, and organized into similarly local sections, like Shops.scot/Perth. This will provide a powerful combined solution to achieve key Scottish Government goals like boosting local commerce for local merchants.

The post Shops.scot – Like Ebay Stores, but Scottish appeared first on digitalscot.net.

Friday, 05. August 2022

Oasis Open Projects

Common Security Advisory Framework v2.0 from CSAF TC approved as revised Committee Specification

The Common Security Advisory Framework (CSAF) is a language to exchange Security Advisories. The post Common Security Advisory Framework v2.0 from CSAF TC approved as revised Committee Specification appeared first on OASIS Open.

Committee Specification 03 is ready for testing and implementation.

OASIS is pleased to announce that Common Security Advisory Framework Version 2.0 from the OASIS Common Security Advisory Framework (CSAF) TC [1] has been approved as an OASIS Committee Specification. This is the third publication of CSAF v2.0 as a Committee Specification.

The Common Security Advisory Framework (CSAF) is a language to exchange Security Advisories formulated in JSON. CSAF v2.0 is the definitive reference for the language which supports creation, update, and interoperable exchange of security advisories as structured information on products, vulnerabilities and the status of impact and remediation among interested parties.

This Committee Specification is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.

The documents and related files are available here:

Common Security Advisory Framework Version 2.0
Committee Specification 03
01 August 2022

Editable source (Authoritative):
https://docs.oasis-open.org/csaf/csaf/v2.0/cs03/csaf-v2.0-cs03.md
HTML:
https://docs.oasis-open.org/csaf/csaf/v2.0/cs03/csaf-v2.0-cs03.html
PDF:
https://docs.oasis-open.org/csaf/csaf/v2.0/cs03/csaf-v2.0-cs03.pdf
JSON schemas:
– Aggregator: https://docs.oasis-open.org/csaf/csaf/v2.0/cs03/schemas/aggregator_json_schema.json
– CSAF: https://docs.oasis-open.org/csaf/csaf/v2.0/cs03/schemas/csaf_json_schema.json
– Provider: https://docs.oasis-open.org/csaf/csaf/v2.0/cs03/schemas/provider_json_schema.json
The changes since the previous publication are marked in:
https://docs.oasis-open.org/csaf/csaf/v2.0/cs03/csaf-v2.0-cs03-DIFF.pdf
Issues resolved after previous publication (CS02) are individually tracked in:
https://docs.oasis-open.org/csaf/csaf/v2.0/cs02/csaf-v2.0-cs02-comment-resolution-log.pdf

Distribution ZIP file
For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:
https://docs.oasis-open.org/csaf/csaf/v2.0/cs03/csaf-v2.0-cs03.zip

Members of the CSAF TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

========== Additional references:

[1] OASIS Common Security Advisory Framework (CSAF) TC
https://www.oasis-open.org/committees/csaf/

[2] Public reviews:
Details of the previous public reviews are listed in:
https://docs.oasis-open.org/csaf/csaf/v2.0/csd02/csaf-v2.0-csd02-public-review-metadata.html

[3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3721

The post Common Security Advisory Framework v2.0 from CSAF TC approved as revised Committee Specification appeared first on OASIS Open.


FIDO Alliance

SC Magazine: How passkeys pave the way for passwordless authentication

Fast Identity Online (FIDO) outlines secure authentication protocols that are available to all. Now, Microsoft, Google and Apple are doubling down on passkeys to support FIDO Alliance. Their goal is […] The post SC Magazine: How passkeys pave the way for passwordless authentication appeared first on FIDO Alliance.

Fast Identity Online (FIDO) outlines secure authentication protocols that are available to all. Now, Microsoft, Google and Apple are doubling down on passkeys to support FIDO Alliance. Their goal is to normalize passwordless authentication and eliminate passwords from the user authentication equation. FIDO Alliance seeks to bring the idea of the “password” into modern times with stronger security — by developing the FIDO protocols and setting a new standard.

The post SC Magazine: How passkeys pave the way for passwordless authentication appeared first on FIDO Alliance.


Mac4ever: Apple starts promoting Passkeys

At WWDC 2022, Apple briefly mentioned the Passkeys feature, which will allow passwords to be replaced using the machines’ biometric sensors. To do this, Apple will rely on the standard […] The post Mac4ever: Apple starts promoting Passkeys appeared first on FIDO Alliance.

At WWDC 2022, Apple briefly mentioned the Passkeys feature, which will allow passwords to be replaced using the machines’ biometric sensors. To do this, Apple will rely on the standard set up by the FIDO (Fast Identity Online) alliance in partnership with Google and Microsoft.

The post Mac4ever: Apple starts promoting Passkeys appeared first on FIDO Alliance.


Frandroid: Apple is preparing the future of the password and it will work even on Windows

At WWDC 2022, Apple introduced us to the Passkeys feature, which will eliminate the need for traditional passwords. This addition, which we already had a glimpse of last year, is […] The post Frandroid: Apple is preparing the future of the password and it will work even on Windows appeared first on FIDO Alliance.

At WWDC 2022, Apple introduced us to the Passkeys feature, which will eliminate the need for traditional passwords. This addition, which we already had a glimpse of last year, is now revealed a little more.

The post Frandroid: Apple is preparing the future of the password and it will work even on Windows appeared first on FIDO Alliance.


PYMNTS: Data Point: 68% of Consumers Want to Keep Passwords Off Their Apps

Time to leave the passwords behind. Consumers are leaning that way — and would be happy to abandon that age-old, friction-filled relic that traces its genesis to the dawn of […] The post PYMNTS: Data Point: 68% of Consumers Want to Keep Passwords Off Their Apps appeared first on FIDO Alliance.

Time to leave the passwords behind. Consumers are leaning that way — and would be happy to abandon that age-old, friction-filled relic that traces its genesis to the dawn of the Internet. The door is opening for authentication to increasingly be done by behavioral analytics. Advanced technologies parse how individuals wield their devices, how they type and enter data and leverage geolocation to help prove that people are who they say they are. The Fast Identity Online (FIDO) Alliance also promotes the processes where the devices themselves authenticate identities as the devices are unlocked.

The post PYMNTS: Data Point: 68% of Consumers Want to Keep Passwords Off Their Apps appeared first on FIDO Alliance.


Tech Radar: Apple outlines its plans to get rid of passwords for good

Apple has revealed more details on its plans to try and remove passwords with its new ‘passkey’ tool in an effort to increase online security, in collaboration with the FIDO […] The post Tech Radar: Apple outlines its plans to get rid of passwords for good appeared first on FIDO Alliance.

Apple has revealed more details on its plans to try and remove passwords with its new ‘passkey’ tool in an effort to increase online security, in collaboration with the FIDO Alliance. Passkeys are based on public key cryptography, which involves storing a private security key on your device. Because there’s no password to type, phishing and other scams will become far less frequent.

The post Tech Radar: Apple outlines its plans to get rid of passwords for good appeared first on FIDO Alliance.


MacWorld: 5 Mac OS Ventura Features You’ll Actually Use

Apple are on the brink of a breakthrough with the new password feature in Mac OS Ventura’s Safari. Keys replaces typed passwords with Touch ID on a Mac. On the […] The post MacWorld: 5 Mac OS Ventura Features You’ll Actually Use appeared first on FIDO Alliance.

Apple are on the brink of a breakthrough with the new password feature in Mac OS Ventura’s Safari. Keys replaces typed passwords with Touch ID on a Mac. On the iPhone or iPad, you can use Face ID. No more searching for the unique password you create for each internet account. Apple works with the FIDO Alliance so passwords also work on non-Apple devices.

The post MacWorld: 5 Mac OS Ventura Features You’ll Actually Use appeared first on FIDO Alliance.

Thursday, 04. August 2022

Velocity Network

NYC Assembly ’22: Making Sense of Credential Data – Linked Open Data and Credential Engine

Deborah Everhart, Chief Strategy Officer at Credential Engine, on how to make sense of Credentials data. The post NYC Assembly ’22: Making Sense of Credential Data – Linked Open Data and Credential Engine appeared first on Velocity.

NYC Assembly ’22: Global Data Interoperability – Making the Future of Work, Work

Dror Gurevich, Founder and CEO, Velocity Network Foundation, on global interoperability across Velocity Network. The post NYC Assembly ’22: Global Data Interoperability – Making the Future of Work, Work appeared first on Velocity.

NYC Assembly ’22: Types of Credentials Portable via Velocity Network™

Rick Barfoot, Chief Operating Officer at Joynd; Standards Committee Chair, Velocity Network Foundation. The post NYC Assembly ’22: Types of Credentials Portable via Velocity Network™ appeared first on Velocity.

NYC Assembly ’22: De-mystify Verifications – Product design decisions and considerations

Etan Bernstein, Head of Ecosystem, Velocity Network Foundation®. The post NYC Assembly ’22: De-mystify Verifications – Product design decisions and considerations appeared first on Velocity.

NYC Assembly ’22: Understanding Compliance (Privacy, FCRA)

Dror Gurevich, Founder and CEO, Velocity Network Foundation®. The post NYC Assembly ’22: Understanding Compliance (Privacy, FCRA) appeared first on Velocity.

NYC Assembly ’22: Building a Wallet? Start Here

Wallet developers presenting their work on top of Velocity Network™. Trailblazers Stage, hosted by Dror Gurevich, Founder and CEO, Velocity Network Foundation. The post NYC Assembly ’22: Building a Wallet? Start Here appeared first on Velocity.

NYC Assembly ’22: Becoming a Node Operator on Mainnet

Andres Olave, Head of Tech, Velocity Network Foundation The post NYC Assembly ’22: Becoming a Node Operator on Mainnet appeared first on Velocity.

NYC Assembly ’22: Network Integrity – Can We Trust Verifiable Career Credentials?

Thought leaders panel hosted by Dror Gurevich, Founder and CEO, Velocity Network Foundation. The post NYC Assembly ’22: Network Integrity – Can We Trust Verifiable Career Credentials? appeared first on Velocity.

NYC Assembly ’22: Trailblazers Stage – Members Showcasing (Part 2)

Trailblazers Stage, hosted by Etan Bernstein, Head of Ecosystem, Velocity Network Foundation. Vendors presenting: YOTI, SAP, Greenlight Credentials, Domain-U, Cisive. The post NYC Assembly ’22: Trailblazers Stage – Members Showcasing (Part 2) appeared first on Velocity.

NYC Assembly ’22: Monetizing on Velocity Network

James Owens, CEO and President, Cisive; Payment and Rewards Committee Chair, Velocity Network Foundation. The post NYC Assembly ’22: Monetizing on Velocity Network appeared first on Velocity.

Wednesday, 03. August 2022

Digital Scotland

Learn.scot – A Virtual School for Scotland

A new venture under development to launch 'Scotland's Digital Learning Centre', and transform Scottish Education for the 21st Century. The post Learn.scot – A Virtual School for Scotland appeared first on digitalscot.net.

The Venture Builders Group is a community group for entrepreneurs seeking to launch new global-scale tech ventures.

The group provides a forum to brainstorm your venture idea, discuss business models, recruit co-founders and fast-track to launch, and we’ll showcase new ventures here on this site.

Learn.scot – A Virtual School for Scotland

Learn.scot is a new venture under development, intended to deliver ‘Scotland’s Digital Learning Centre’, a community marketplace platform where members can be both learners and tutors, accessing and also creating e-learning courseware. A summary of the business model:

Learning Community – Enable members to be both student and teacher, creating as well as accessing courses, with site forums and other features enabling a collaborative, supportive online community. Blockchain Certifications – Utilize the Blockchain to digitize course credentials, improving engagement through ‘gamified’ curriculum and awarding of digital badges. Industry Engagement – Work with employers and industry groups to develop ‘Course to Career’ pathways, with a focus on practical courseware that is directly relevant to required workplace skills. Join in the discussion about this venture here. Transforming Education

It is intended to play a pivotal role in Transforming Scottish Education for the 21st Century.

While you would assume e-learning would now be a mature component within the education sector, the reality is that it’s adoption is still quite immature – 62% of parents said their school had not provided any online learning for their children and teachers were struggling with how to deliver it effectively.

Writing for Reform Scotland Jenifer Johnston offers this simple but very compelling ideal for what is needed – A ‘virtual school’ for Scotland:

“My ask of the Scottish Government is that there is a national online curriculum developed and delivered digitally in really simple, open-access websites, no passwords, no gatekeeping, just lessons broadcast daily on a website, join in if you can. Scotland has many superstar teachers who could deliver classes to the nation’s kids in a virtual school – we could get to know them as well as our own fantastic class teachers. Lessons could be live and recorded to watch later if children can’t get to them right away.”

Our national opportunity is to harness this collective pool of innovation and define how various combinations of each can be applied to meet the various education needs of Scotland.

“Scotland has many superstar teachers who could deliver classes to the nation’s kids in a virtual school – we could get to know them as well as our own fantastic class teachers. Lessons could be live and recorded to watch later if children can’t get to them right away.”

Conclusion

Harnessing modern digital learning platforms can address Scotland’s challenge, and overall presents the country with the opportunity to modernize not only what we learn, but how we learn, and transform our entire approach to education.

The primary purpose of Digital Scotland is to drive the initiatives that will see us emulate the digital nation success of countries like Estonia, and with this program ask and answer the question how might Scotland achieve this same level of digital capability and the same high performance academic achievement it enables.

The post Learn.scot – A Virtual School for Scotland appeared first on digitalscot.net.

Tuesday, 02. August 2022

Oasis Open Projects

Value Stream Management Leaders Come Together to Develop Interoperability Standards at OASIS Open

2 August 2022 — Members of OASIS Open, the international open source and standards consortium, are working together to define interoperability standards for value stream management (VSM). The new VSM Interoperability Technical Committee’s goal is to bring increased interoperability to existing value stream standards, tools, and best practices, enabling a more secure approach to sharing […] The p

Accenture, Broadcom, Copado, IBM, Security Compass, US Department of Defense, and Others to Enable VSM Data Sharing Across Platforms

2 August 2022 — Members of OASIS Open, the international open source and standards consortium, are working together to define interoperability standards for value stream management (VSM). The new VSM Interoperability Technical Committee’s goal is to bring increased interoperability to existing value stream standards, tools, and best practices, enabling a more secure approach to sharing data across platforms in the software supply chain and systems ecosystem. 

“For VSM journeys, sharing of data across enterprise platforms to get holistic, valuable data in the form of forensics, observability and auditability, for example, is critical. But it requires data standards and secure interoperability,” said Eveline Oehrlich, Research Director at Research In Action and Chief Research Officer at DevOps Institute. “Having such interoperability allows for teams to look at events that are relevant to an organization with additional context for the forensic processes of post incident and future incident management work, as an example use case.”

The TC’s work will focus on defining key component parts of value stream data, enabling interoperability of value streams among users and platforms, establishing good practice for value stream data architecture, and creating open standards for value stream management metrics. 

“The formation of the OASIS VSM Interoperability Technical Committee is an important next step in the advancement of VSM, with the potential to provide an accelerated path to VSM adoption. We look forward to leading this talented group of organizations as we work towards our common goal of aiding VSM capabilities,” said VSMI TC co-chairs Helen Beal of Value Stream Management Consortium and Kelly Cullinane of Copado.

Organizations typically use different tools to measure the performance of their software delivery processes. Using VSM tools, an organization can utilize data and metrics to maximize innovation, drive growth, and add greater value. This TC sets out to create a VSM standard for interoperability and tool integration, allowing for broader adoption in the long term. 

Participation in the OASIS VSMI TC is open to all through membership in OASIS. Digital product leaders; product value stream organizations; cybersecurity, public sector security, and quality management professionals; and others are invited to join the group.

Support for Value Stream Management Interoperability Technical Committee

Broadcom
“As a leader in introducing and implementing VSM solutions Broadcom Software is thrilled to support this initiative. VSM has emerged as a critical success factor in digital transformation and uniting to support interoperability standards is the next logical step, especially as we see more businesses adopting VSM. Data lives at the core of ValueOps VSM and we are committed to continually innovating in this space.”
-Jean-Louis Vignaud, Head of ValueOps, Broadcom Software

Copado
“Standards are critical for the proper interoperability of internet infrastructure and software. That interoperability drives innovation and capabilities that help create a more resilient ecosystem. That’s why it’s so exciting to launch VSMI; this will help companies normalize value stream management data for better measurement, auditability and terminology between large scale ecosystems.”
-Daniel Riedel, SVP Strategic Services, Copado 

IBM
“Often times, enterprises are constrained from realizing maximum value from their workflows because of disparate systems that may not seamlessly integrate. This situation is further challenged when there are mergers and acquisitions, and new tooling is invariably brought into the value stream. VSMI can play a key role in bridging this void. We support the VSMI initiative and feel like this will be the logical next step towards creating Next-Gen DevSecOps organizations.”
-Sunil Joshi, Vice President & CTO, Hybrid Cloud Services, Americas, IBM

Security Compass
“Value streams are a critical part of integrating our disparate security activities and aligning them to produce business value. Including multiple stakeholders, from business leaders to developers, to derive requirements and deliver insights in security activities is the next evolution in securing our applications and infrastructure. Security Compass is honored to participate in this OASIS working group to help create an open standard around value streams so that we can collectively build a world where organizations build secure systems at the pace of business demand.”
-Altaz Valani, Director of Insights Research, Security Compass

Additional Information
OASIS VSMI TC: https://www.oasis-open.org/committees/vsmi

Media inquiries
communications@oasis-open.org

The post Value Stream Management Leaders Come Together to Develop Interoperability Standards at OASIS Open appeared first on OASIS Open.


FIDO Alliance

CISA Director Jen Easterly to Deliver Signature Keynote at FIDO Alliance’s Authenticate 2022 Conference 

FIDO Alliance announces agenda for its flagship event on the future of user authentication    Seattle, Washington, August 2, 2022 – The FIDO Alliance announced its keynote speakers and full […] The post CISA Director Jen Easterly to Deliver Signature Keynote at FIDO Alliance’s Authenticate 2022 Conference  appeared first on FIDO Alliance.

FIDO Alliance announces agenda for its flagship event on the future of user authentication   

Seattle, Washington, August 2, 2022 – The FIDO Alliance announced its keynote speakers and full agenda for Authenticate 2022, the only industry conference dedicated to the who, what, and where of user authentication. 

This year’s featured keynote will be presented by Cybersecurity and Infrastructure Security Agency (CISA’s) Director, Jen Easterly, and Senior Technical Advisor, Bob Lord. Additional speakers including Jonathan Bellack, Senior Director, Identity & Counter-Abuse Technology at Google; Pamela Dingle, Director of Identity Standards, Microsoft; Luis G. DaSilva, Head of Digital Identity Products at Visa; and Christopher Harrell, Chief Technology Officer at Yubico will deliver keynote presentations exploring the theme of “taking modern authentication to the next level” from a variety of diverse, global perspectives. 

Authenticate 2022 is a hybrid event, held at the Sheraton Grand in Seattle, Washington and virtually on October 17-19, 2022. Now in its third year, the event is focused on providing education, tools, and best practices for modern authentication across web, enterprise, and government applications. CISOs, security strategists, enterprise architects, and product and business leaders are invited to register at https://authenticatecon.com/event/authenticate-2022-conference/

In response to its rising popularity, the conference now features a third content track and offers more than 80 sessions. Speakers from ADP, Amazon, Citi, CVS Health, Salesforce, Target, USAA and others will deliver a diverse set of sessions, detailed case studies, technical tutorials, and expert panels. Attendees will also benefit from a dynamic expo hall and networking opportunities whether attending in-person or virtually. 

Sponsorship Opportunities at Authenticate 2022 

Authenticate 2022 is also accepting applications for sponsorship, offering opportunities for companies to put their brand and products front and center with brand exposure, lead-generation capabilities, and a variety of other benefits for both on-site and remote attendees. To learn more about sponsorship opportunities, please visit https://authenticatecon.com/event/authenticate-2022-conference/

There are a limited number of opportunities remaining. Requests for sponsorship should be sent to authenticate@fidoalliance.org. 

About Authenticate 

Authenticate is the first conference dedicated to the who, what, why and how of user authentication – with a focus on the FIDO standards-based approach. Authenticate is the place for CISOs, security strategists, enterprise architects, product and business leaders to get all the education, tools and best practices to embrace modern authentication across enterprise, web and government applications.

Authenticate is hosted by the FIDO Alliance, the cross-industry consortium providing standards, certifications and market adoption programs to accelerate utilization of simpler, stronger authentication. 

In 2022, Authenticate will be held October 17-19 at the Sheraton Grand in Seattle, Washington and virtually. Early-bird registration discounts are available through September 2, 2022. Visit www.authenticatecon.com for more information and follow @AuthenticateCon on Twitter. 

Signature sponsors for Authenticate 2022 are Google, Microsoft, Visa, and Yubico.

Authenticate Contact 
authenticate@fidoalliance.org  

PR Contact 
press@fidoalliance.org  
SOURCE FIDO Alliance, Inc.

The post CISA Director Jen Easterly to Deliver Signature Keynote at FIDO Alliance’s Authenticate 2022 Conference  appeared first on FIDO Alliance.


Digital Scotland

RFP Alert: Changeworks – Web Site Transformation

Web site modernization project to move away from Drupal and increase adoption of Microsoft Azure and Power Platform. The post RFP Alert: Changeworks – Web Site Transformation appeared first on digitalscot.net.

Our Solutions Partner Group provides a collaboration space for Scottish tech vendors to grow sales through industry team work.

This includes a group for sharing client opportunities where partners are required to provide a complete solution, including a regular analysis of procurement RFPs.

Changeworks: Web Site Transformation Project Organization: Changeworks. Tender: Public Contracts. Deadline: 8th Aug. Budget: £70k. RFP Summary Business Case

We recognise that our current website is not serving us well and will be developing an organisational digital strategy. We require an agency to partner with on this transformation journey that can help establish a new improved website and a new standard for how we develop digital information and services linking with our established organisational systems.

A digital strategy is in development, alongside a digital framework. Improving our user journeys and website is integral to achieving our strategic aims and to maximise reach, efficiency and engagement. As an organisation, we are in the process of pivoting to be userled and insight-driven to develop intuitive and supportive journeys to support decarbonisation of homes. An organisation-wide customer journey is being planned, which will need to be developed in tandem with our website transformation.

Tech Platform

Changeworks’ staff and teams range from those that are highly digitally capable, to people who have few or limited skills. We are in the process of moving to SharePoint and embedding usage of Power Platform capabilities such as our CRM across Changeworks, and we are still in process of adoption and learning. There is an ICT team responsible for Power Platform, CRM and support relating to information technology.

The Digital, Marketing and Communications team is responsible for the website and have a content lead, but only limited SEO capabilities, and no developer or UX resources.

We are currently using Drupal 7 but it is not fit for purpose. While we can make minor updates to our website, bigger changes to webpages need to be done through an agency, which is time-consuming and not cost-effective. Our website is not optimised towards user needs and user journeys are poorly mapped out. Though we have a wealth of quality content, it is difficult to find and surface to users, and our service proposition is unclear.

Project Scope Develop a digital roadmap for our website transformation project incl. project timeline, milestones and quality assurance. Develop user personas and journeys for our B2B and B2C audiences, engaging with Changeworks teams through a Discovery phase to determine which services or aspects of services are equipped with online self-servicing and/or lead generation in a phased approach. Includes providing support with:
a. Content audit and content migration
b. User personas and journeys development and testing
c. Plan for lead generation
d. SEO and content development Re-platform the Changeworks website to a more user-friendly CMS (and develop a Minimum Viable Product version as necessary before full website launch alongside new brand). Ensure the website, CMS, tech stack and other necessary components can integrate with current and future requirements, and are able to support Changeworks’ ambitious aims of scaling up reach through digital including digital service design over the 22-25 strategic period and beyond. Changeworks is invested in Microsoft (including use of Power Platform for e-marketing and as our CRM). The long-term aim is to use Microsoft Azure Cloud. Sharepoint migration began in May ’22. Dynamics 365 / Power Platform can integrate with the majority of systems as long as they accept HTTP requests, which most modern CMS and websites should be able to handle. Ongoing (min. 3 years) contract for hosting and maintenance incl. options for annual extensions and break-out clauses. Proposal

Identify and map out costings for the above as well as phased project management cycles as may be required.

a. Proposed costings for website transformation project
b. Proposed costings including fixed budget for maintenance and hosting
c. Estimate costings for future development work (for example for new online services or further integrations)

The post RFP Alert: Changeworks – Web Site Transformation appeared first on digitalscot.net.

Saturday, 30. July 2022

Linux Foundation Public Health

Public-private partnerships in health: The journey ahead for open source

The past three years have redefined the practice and management of public health on a global scale. What will we need in order to support innovation over the next three years? In...

The past three years have redefined the practice and management of public health on a global scale. What will we need in order to support innovation over the next three years? In May 2022, ASTHO (Association of State and Territorial Health Officials) held a forward-looking panel at their TechXPO on public health innovation, with a specific focus on public-private partnerships. Jim St. Clair...

Source

Friday, 29. July 2022

Elastos Foundation

Elastos Bi-Weekly Update – 29 July 2022

...

DIF Blog

DIF Monthly #28

Our July round of updates from DIF in 2022: Stay on top of developments at our Working Groups, news from our members, events and much more.

Website | Mailing list | Meeting recordings

Table of contents Foundation News; 2. Group Updates; 3. Member Updates; 4. Digital Identity Community; .5. Funding; 6. Events; 7. Hackathons; 8. Jobs; 9. Metrics; 10. Get involved! Join DIF 🚀 Foundation News W3C DIDCore spec approved as an open web standard The World Wide Web Consortium (W3C) have approved the Decentralized Identifiers (DID) V1.0 specification as an official W3C Recommendation. This is a significant milestone in the digital identity sector. Announcing the Decentralized Identifiers (DID) v1.0 specification as an open web standard signals that it is technically sound, mature, and ready for widespread adoption. Having an established v1.0 specification allows work to continue with renewed energy and focus, not only at the many groups meeting at DIF, but across the digital identity community.
Read about this decision on the DIF blog here, and the official W3C Press release here. DIDComm v2 reached DIF approved spec status DIF is delighted to announce the approval of the DIDComm v2 specification from the DIDComm working group. This, along with the W3C decision on DIDs, represents a major step forward in the acceptance of decentralized identity, one that opens the path to widespread adoption and further development especially with regard to the types of peer-to-peer communication now possible. Check out the DIF blog here for more on the path to this milestone, what's new in v2, and where work goes from here! The Verifier Universal Interface (VUI), an international self-sovereign identity interoperability initiative has been donated to DIF Together, 12 SSI organizations have led the definition of the minimum set of standard APIs necessary to implement or interoperate with the Verifier component. After months of hard work and collaboration, the VUI work has been successfully donated to DIF with the goal of furthering its evolution and reach to the international community. DIF Feedback Call. These open calls are a space to gather feedback from the community and optimize our strategy. Held every Wednesday in two alternating timeslots, there's definitely one that fits your timezone! Check our DIF calendar here DIF New Member Orientation Call These open calls are for anyone new to DIF. How to get started, overview of our work and groups, and how to get the most from your DIF membership. Held every Wednesday in two alternating timeslots Check our DIF calendar here Newsletter RSS Did you know the DIF monthly newsletter (this one!) has an RSS feed?! Find it here - DIF Newsletter RSS DIF All-Hands Don't forget to join us on our monthly all-hands meeting, where we review updates from the community and connect with our membership. We hope to see you there! Next is Wednesday 17th August 2022 at 8am PT / 11am ET / 5pm CET Check our DIF calendar here for meeting details DIF Steering Committee election results Announced 22nd June 2022 - see this piece on the DIF blog for more detail. The six elected candidates are Sam Curren (Indicio Tech), Daniel Buchner (Block), Karyl Fowler (Transmute), Rouven Heck (Consensys Mesh, Executive Director at DIF), Markus Sabadello (DanubeTech) & Kaliya Young (Identity Woman). You can read more about the SC candidates' background and vision for DIF here. 🛠️ Group Updates ☂️ InterOp WG (cross-community) Interop is on a summer break until end of August. Andrew Hughes join the group twice to continue a conversation begun at IIW around the ISO Mobile Driving License (mDL) standard. a "wish list" for the next generation of mDL-associated specifications - how they might be more compatible/aligned with the work at DIF and elsewhere. Discussions around an SSI Roadmap and routes to adoption Validated ID presented what it means to be EBSI conformant and how this is aiding interoperability. EBSI Wallet Conformance list and testing profile 💡 Identifiers & Discovery W3C news - Universal Resolver
Discussion about EU Digital Identity Wallet, EBSI/ESSIF, eIDAS 2.0, VCs, ISO mDL, etc. Christoph Fabianek of MyData presented on Displaying / rendering the content of a DID document. Recording of session here Presentation of Semantic Overlay Architecture (SOyA), work done together with IDunion Definition of a data model using a .yml file, then transformation to different representations Demo of command line tool, and automatically rendered UI Discussion about JSON-LD, RDF, content-addressing Use of overlays, SHACL Discussion about DID document data model, and how it could be modeled/transformed with Semantic Overlay Architecture (SOyA) 💡 DID Authentication WG This ongoing collaborative work is co-hosted with DIF by the Open Identity Foundation (OIDF) as a work item of the OpenID Connect WG Latest OpenID for Verifiable presentations Self-Issued OpenID Provider v2 (21 June 2022) 🛡️ Claims & Credentials Timing Update: Main WG meeting bi-weekly, Tuesdays at 10am PST / 1pm ET / 7pm CET New Work Item - DIF C&C WG - Trust Establishment Meets weekly on Mondays at 10am PT / 1pm ET / 7pm CET Github repo here Background context on DID Trust Establishment here
Timing Update: Main WG meeting bi-weekly, Tuesdays at 10am PST / 1pm ET / 7pm CET Work Item Proposal: Schema Directory Find more contributors: get in touch! Prior Art: https://w3c-ccg.github.io/traceability-vocab/ https://github.com/decentralized-identity/template-for-registry-workitems Work Item Accepted: Trust Establishment specs and protocols New Work Item: JWT-VC Interop Profile Kickoff Meeting Cadence: Once a Month, on 3rd Wednesday (see DIF public calendar here) Cloned "Profile" template and migrated to DIF. Timing update: VC-JWT & Friends Work Item call: Thursdays 2pm EST Work Item Proposal: reactivate the Credential Taxonomy item under the name Schema Directory Lots of interest to get this restarted Request from companies to have a resource to point to "existing" schema or a single resource for schemas Have active contributors who want to make additions Does DIF need a process for registries or living documents?
Work Item Status: PE (2.0) + Credential Manifest (1pm ET Thu) Registry issue - also example JSON Schema should include more examples v2 coming soon!
Work Item Status (Monthly): JWT-VC Interoperability Profile next meeting: processing 15 fresh issues against strawman --> v1.0 📻 DID Comm

DIDComm v2 has now reached DIF Approved Status! Check out the DIF blog here for more on the path to this milestone, or read what's new in v2 here!

Ongoing work & discussions

Errata Process Transport Extensions

Group Messaging?

Prior work Gossyp Advanced Sequencing Extension ThreadState ThreadParticipant Application to Enhanced Chat What's next? Refinement Flow example of combined protocols Clear + Detail of the ThreadState Hash

DIDComm Open User Group: GitHub Link

Meets on Discord: Invite is here Using UnSync format, described here to engage asynchronously in a set time period (typically 4-12 hours) at regular intervals to keep conversation & work moving. Discussion of the group writing a DIDComm Guidebook - feedback and contributions welcome! Potentially covering: What is DIDComm and why would I use it? (super high level) Why developing a protocol on top of DIDComm is a great idea. Protocol Design Basics Protocol Design Best Practices 🌱 Wallet Security WG Group is on a summer break until Tuesday August 30th 2022 Device Binding work item call is being rolled back into the main WG call Discussions Usage of hardware binding in W3C/Anoncreds Credentials with examples Hardware-binding flow drafts for OpenID Connect for Verifiable Credentials Issuance (OIDC4CI) https://bitbucket.org/openid/connect/src/master/openid-connect-4-verifiable-credential-issuance/diagrams/ app initiated issuer initiated
- verification flows match DIDComm flows Alternative Device Binding ideas without device binding attachments revocation of the wallet authentication credential alternative linkage solutions enables the certifying entity to revoke the wallet authentication credentials based on upcoming security flaws of hardware mechanisms e.g. TEE of a specific vendor/version is vulnerable certifying entity revokes wallet authetncation credential and the issuers crednetials is not usable anymore some open questions if the certifying entity is not the wallet issuer Questions on FIDO Authenticator for wallet security coming out of IIW34 session Updates on Challenge-response Aries RFC Draft Trusted Verifier concepts in lissi wallet (presented by Sebastian Bickerle) 📦 Secure Data Storage Discussion User Controlled Authorization Network (UCAN) model and how it contrasts with decentralized approaches Value of JWTs? CACAOs (Containers for a chain-agnostic Object Capability (OCAP)) 🌱 Applied Crypto WG PR review Update KeyGen procedure to use hash_to_scalar Editorial updates Add the revealed messages to the challenge encode for hash operation Minor update to terminology Consistency updates Merged PRs: #177 #187, #188, #191, editorial updates #195 , encode for hash operation #190 Issue Review Defintions of P1 and P2 in Ciphersuites Integer endianness expand_message domain separation #194 Handling subgroup checks #179 H2C using SHA256 #143 Will leave Issue #143 open until we decide if we will define a sha256-based suite. Discussed Issue #179. The agreed direction is for the spec to assume that octet_to_point_g* will return VALID. Will keep open until this assumption is made explicit. Closed Issues Update security considerations #196 Consider splitting operations into Core and Higher level definitions #131 Add an IsValidPoint operation #126 Consider making "messages" and therefore "message generators" optional to all operation APIs #117 API Update #159 Elements to be hashed update #185 ✈️ Hospitality & Travel Nicholas Giurietto (ConnectID) presented a frictionless hotel customer journey. Recording of the session here. added an SSI Activity Tracker section to the H&T SIG site. Two trackers listed, additions welcome! 🏦 Finance & Banking Members of the Ethereum Foundation joined the SIG to review Ethereum's Decentralized Identity discussion in general, and ideas around a 'portable KYC' system in particular. You can find the discussion on the Ethereum website here, and a problem statement draft on GitHub here Invited speaker Anessa Allen Santos. Anessa's legal practice is largely dedicated to blockchain and fintech by helping innovative corporate clients navigate the evolving regulatory landscape for securities, commodities, and financial services. John Popeo, a Partner at The Gallatin Group, joins the group. Before entering private practice, John spent a decade in various roles at the Federal Deposit Insurance Corporation (FDIC) and the Federal Reserve Bank of Boston. Having been on both sides of the regulatory divide, John brings a unique perspective to our discussion towards untangling the externalities of current AML and KYC regimes. 🌏 APAC/ASEAN Open Call Our APAC/ASEAN Community Call is a collaborative initative between DIF and the Trust over IP Foundation (ToIP). We invite to you to attend the next meeting Aug 25th at 9am CET / 3pm SGT. See DIF Calendar here for details Recent discussions India's Personal Data Protection Bill (PDPB) Privacy law similar to GDPR, stricter in some areas than the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Protection Act (CCPA). VPNs to provide proof of users Thailand PDPA - Personal Data Protection Act finally came into effect June 2022 after many delays Impact on SMEs specifically with Consent Management Apple Passkey Passkeys are based on the Web Authentication API (WebAuthn), a standard that uses public-key cryptography Digital password replacement uses Touch ID or Face ID for biometric verification Portability - Moving across Ecosystems (Apple to Google for example) FIDO alliance bit is interesting in terms of how adoption could grow. the potential is immense - Sankarshan Impacts on Custodial wallet business - opportunities Web 5 The Decentralized Web Platform: Decentralized Web Architecture (DWA) Decentralized Identifiers (DIDs) Decentralized Web Nodes (DWNs) Other players working on DWNs Spruce - Kepler Wallet Ceramic Microsoft Identity Hub - limited preview Verida - Sharded decentralized storage system Takeaways from the marketing perspective for the SSI industry Working group within DIF on the topic of DWNs : Secure Data Storage working group : W3C CCG & DIF CC - IPR 🌍 Africa Open Call ID4Africa has released videos of their June workshops, with contributors from the UNICEF and World Bank BiometricUpdate has some key takeaways here from June's ID4Africa in-person event; lots of government and policy-maker interest and pilot SSI projects. The Inflection Point, a report from the entrepreneur incubator Endeavor Nigeria, offers a broad examination of the size of the African digital opportunity. It forecasts that the size of Africa’s digital economy will grow sixfold, to $712 billion by 2050, and insists that the continent “has barely scratched the surface of its potential relative to other regions.” 🦄 Member Updates

Affinidi

Affinidi Financial Services is soon launching CEAL, a digital wallet to securely store and selectively share your personal, work and education related credentials. Join the waitlist for early access to wallet & fast-track the journey to your next dream job!

Gataca

Gataca review the buzz of activity and interest in DIDs post W3C DIDCore spec approval, with a focus on the EBSI DID method v2 and the GDPR implications.

IdRamp

Cybernews interviewed IdRamp CEO Mike Vesey to discuss traditional identity models and the challenges they face. Give it a read here

Indicio

Indicio Review a variety of Identity Market Signals over on their blog

NEST

NEST® launches a Self-Sovereign Distributed Identity (SSDID) protocol to offer an individual encryption capacity to address the problems of digital asset provenance, authentication & fraud. This protocol enables the KYC/ AML processes in a confidential and decentralized manner. Join the waitlist here The Lite version of the NEST® app is available for interested members. Email for more info!

Nuggets

Collab.Land taps Nuggets for portability of web3 verified reputations. Collab.Land — with over 3.5 million users across communities , and over 100 communities joining every day — will utilise Nuggets to give users more control and portability of their online reputation in web3. "

Onespan

Onespan discuss some key highlights from Money20/20 Europe Major themes include Banking as a Service (BaaS), Digital Payments and Digital Identity. 🌎 Digital Identity Community

The European Commission welcomes political agreement on the Digital Decade policy programme, aimed at driving a successful digital transformation in Europe.

initial list of areas for investment for multi-country projects include; common data infrastructure deployment of 5G corridors connected public administration high-performance computing European Blockchain Services Infrastructure low-power processors The policy programme creates a new legal instrument, the European Digital Infrastructure Consortium (EDIC). The EDIC will help in the implementation of multi-country projects and make it easier for Member States to join efforts when they invest in digital infrastructures.

Google Vice President of Privacy Sandbox Anthony Chavez announced the company is expanding the sandbox testing window and pushing the full deprecation of third-party cookies to "the second half of 2024."

He added current API trials will expand to millions globally in August

The International Association for Trusted Blockchain Applications (INATBA) organised a panel discussion on the topic of Industry views on solutions for eID in Europe as part of a hybrid event Blockchain: A key enabler to innovation in Europe and the world organized in Brussels by the EU Blockchain Observatory and Forum and hosted by DG CNECT.

Read their writeup of the event, which included a presentation on eIDAS regulation from DIF Steering committee member Jolocom

ID.me Announces New Major Security Acknowledgements, SOC 2 Type II and ISO 27001 Certification

Trust Over IP Foundation (ToIP) have some key takeaways from Identiverse 2022, including much discussion of Verifiable Credentials.

ToIP also joined a panel at London's Identity Week on Smart Digital ID Wallets and the Future of Identity. Read their recap here.

ToIP has recently launched a new taskforce on Artifical Intelligence and Metaverse Technology, which aims address opportunities and challenges brought on by advances in AI, Metaverse and related technologies in relation to ToIP’s mission of creating interoperable trust over the Internet. Check out their launch announcement here!

💰 Funding

European Blockchain Services Infrastructure (EBSI) grant application deadline extended to August 17th 2022 - more info and how to apply here

The NGI initiative, launched by the European Commission aims to bridge EU-US research on Next Generation Internet (NGI), has three open calls to allocate funding and consulting support:

NGI ASSURE (NGI GO2S) apply before 1 August 2022, 12:00 PM CET TETRA continuous applications 🎈 Events & Promotions Internet Identity Workshop IIW35 - November 15 - 17, 2022 in-person at the Computer History Museum, Mountain View, California. Click here to get a 20% DIF discount on your ticket! IIW34 April 2022 book of proceedings is online and publicly available here Virtual IIW ½ day Special Topic Events IIW organizers are also running several special virtual events DIF Newsletter readers get a 10% discount! Thu, August 4: The Business of Self-Sovereign Identity (SSI): Exploring the Commercial Readiness and Application of SSI August 9 in Asia: Digital Identity Across Asia (Anchored in Daytime Asia Time Zones!) See the growing list of topics proposed by those already registered here

Exploring Digital Identity for Decentralized Societies — a RadicalxChange Open Space unConference

16 & 18th AUgust, 2022 | Virtual* participant-led sessions, discussions, and workshops for anyone interested in exploring digital identity, no matter where they are in the world or what their level of experience or expertise is.

Gartner Identity & Access Management Summit

August 22 – 24, 2022 | Las Vegas, NV

Decentralized Web Camp

24-28 August, 2022 | Northern California "a five-day retreat for builders and dreamers, to gather in nature to tackle the real world challenges facing the web and to co-create the decentralized technologies of the future"

Identity Week Asia.

6 - 7 September 2022, Singapore. IDENTITY WEEK is a conference and exhibition bringing together the brightest minds in the identity sector to promote innovation, new thinking, and more effective identity solutions. Key areas of focus include secure physical credentials, digital identity, and advanced authentication technologies, including biometrics. DIF Newsletter readers get a 50% discount off ticket prices! Use code DIF50 when booking!

Workday Rising

September 12–15, 2022 | Orlando, Florida

Open Source Summit Europe
13-16 September 2022 | Dublin, Ireland

Join open source developers, technologists, and community leaders to collaborate, share information, solve problems, and gain knowledge, furthering open source innovation and ensuring a sustainable open source ecosystem at the Open Source Summit Europe, organized by the Linux Foundation.

Hyperledger Global Forum

13-16 September, 2022 | Dublin, Ireland The global Hyperledger community meets in Dublin to align, plan and hack together.

Global Cyber Conference - #GCC22

22 - 23 September 2022 | Zurich, Switzerland The Global Cyber Conference (GCC) is aspiring to be the leading International Cyber Security and privacy event with two days of in-depth panel discussions, presentations on the current state and future of cyber security, and data protection.

Rebooting the Web of Trust Returns

26-30 September, 2022 | The Hague, Netherlands The eleventh Rebooting the Web of Trust (#RWOT) design workshop on decentralized identity technologies

Identity Week America

04 - 05 October 2022 | Washington DC IDENTITY WEEK is a conference and exhibition bringing together the brightest minds in the identity sector to promote innovation, new thinking, and more effective identity solutions. Key areas of focus include secure physical credentials, digital identity, and advanced authentication technologies, including biometrics. DIF Newsletter readers get a 50% discount off ticket prices! Use code DIF50 when booking!

European Comission: Towards a legislative framework enabling a digital euro for citizens and businesses

7 November, 2022

IAPP Privacy. Security. Risk. 2022

Training Oct 11-12 Workshops Oct 12 | General Session Oct 12 Conference Oct 13-14 |Austin, Texas

IAPP Data Protection Intensive: Deutschland 2022

11-12 October | Munich, Germany Two days of in-depth learning and networking for the DACH data protection community.

Benelux Cyber Summit

11th – 12th October 2022 | Amsterdam, Netherlands Call for Papers closes 4th August

SIBOS

10-13 October 2022 | Amsterdam, Netherlands in-person & virtual SIBOS 2022 will explore progressive finance for a changing world; Sustainability will form a central pillar of this year’s conference, including how the industry moves from theory to action on combatting climate change, ESG standardisation and financial inclusion.

I.D.E.A.S. 2022 by CoinDesk

October 18-19, 2022 New York What crypto, blockchain, Web3 and digital assets technologies will attract the biggest investment allocations in the years ahead?

IdentityNORTH Fall Symposium 2022

October 26, 2022 | Ottawa, Ontario An exclusive view of the Future of Pan-Canadian Digital Governments.

Authenticate 2022 - The FIDO conference
October 17-19, 2022 | Seattle, WA and Virtual
Authenticate events provide expert insights into the who, what, how and why of user authentication – with a focus on the FIDO standards-based approach

Future Identity Festival
14th & 15th November 2022 |London, UK

IAPP Europe Data Protection Congress 2022
Training 14-15 November
Workshops 15 November
Conference 16-17 November
BRUSSELS
discussions on strategic developments in regional and international data privacy. Topics will include policy and governance, ePrivacy implementation, artificial intelligence, GDPR enforcement, mergers and acquisitions and privacy in technology

Workday Rising Europe
15–17 November 2022 | Stockholm, Sweden

Open Source Summit Japan
5-6 December, 2022 | Japan + Virtual
Call for papers!
CFP Closes: Sunday, September 18 at 11:59pm PDT

Open Source in Finance Forum - Linux Foundation
8 December , 2022 | New York, USA
Call for papers closes 12th September, 2022

💻 Hackathons

TRON Grand Hackathon 2022

Aug 1 – 11, 2022 "The future is not far from widespread decentralized storage, decentralized applications, digital assets, and cryptocurrency wallets. TRON DAO is thrilled to launch the 2022 Grand Hackathon!"

XDC dApp Summer Hackathon

Aug 19, 2022 If you can imagine it, you can Build it on XDC. Build a dApp (decentralized App) this summer on XDC Network

Build or update a fintech or payments solution utilizing Ripple's CBDC Private Ledger.

Deadline: Aug 25, 2022 @ 2:00pm PDT Winners of Phase 1 will be invited to a Winners Only Phase II with a $150K in prize pool!

Polygon BUIDL IT : Summer 2022

Deadline: Aug 22, 2022 @ 5:00pm EDT Polygon is committed to fostering the growth of Web3 applications by providing the infrastructure and combining the best of Ethereum and sovereign blockchains into a full-fledged multi-chain system 💼 Jobs

Members of the Decentralized Identity Foundation are looking for:

Trinsic

Marketing Director - Location: remote Backend Engineer - Location: remote Mobile Software Engineer - Location: remote Senior Product Manager - Platform - Location: remote

Center

Senior Counsel - Tech Transactions - Location: remote

Check out the available positions here.

🔢 Metrics

Newsletter: 5,770 subscribers | 34% opening rate
Twitter: 5,956 followers | 8.5k impressions | 4.9k profile visits
Website: 25.5k unique visitors
Youtube: 2.2k impressions

In the last 30 days.

🆔 Join DIF!

If you would like to get involved with DIF's work, please join us and start contributing.

Can't get enough of DIF?
| follow us on Twitter and LinkedIn
| join us on GitHub
| subscribe on YouTube
| read our DIF blog
| read the archives

Got any feedback regarding the newsletter?
Please let us know - we are eager to improve


FIDO Alliance

Silicon: GoTrust Idem Key is the first FIDO Security Key able to access MojeID’s Czech government and high assurance EU eIDAS services 

Today, GoTrustID Inc. (GoTrust) announced that their Idem Keys with FIDO2 Security Level 2 certification are being used in the Czech Republic by CZ.NIC’s MojeID service to provide the highest […] The post Silicon: GoTrust Idem Key is the first FIDO Security Key able to access MojeID’s Czech government and high assurance EU eIDAS services  appeared first on FIDO Alliance.

Today, GoTrustID Inc. (GoTrust) announced that their Idem Keys with FIDO2 Security Level 2 certification are being used in the Czech Republic by CZ.NIC’s MojeID service to provide the highest level of eIDAS assurance for digital transactions throughout the entire EU. MojeID became the first eIDAS approved eID service that leverages the FIDO standards and certification program. This is a remarkable milestone that benefits Czech citizens by letting them utilize phishing resistant technology.

The post Silicon: GoTrust Idem Key is the first FIDO Security Key able to access MojeID’s Czech government and high assurance EU eIDAS services  appeared first on FIDO Alliance.


The Stack: With FIDO2, is a passwordless future on the horizon?

Most breaches involve a stolen password or credential, but ironically enough, passwords are still a popular way to protect your online identity. A study conducted by Google revealed that 52% […] The post The Stack: With FIDO2, is a passwordless future on the horizon? appeared first on FIDO Alliance.

Most breaches involve a stolen password or credential, but ironically enough, passwords are still a popular way to protect your online identity. A study conducted by Google revealed that 52% of people reuse the same password for multiple accounts, making it easy for hackers to guess your passwords. Thankfully, there has been a major shift towards a passwordless future with the development of FIDO2 by the FIDO Alliance and the World Wide Web Consortium (W3C). 

By using FIDO2, your smartphone will serve as your identity authenticator and store a passkey with the help of public and private key cryptography.

The post The Stack: With FIDO2, is a passwordless future on the horizon? appeared first on FIDO Alliance.


borse.de: GoTrust Idem Key is the first FIDO security key that enables access to MojeID’s Czech government and high-security EU eIDAS services

GoTrustID Inc (GoTrust) today announced that Idem Keys with FIDO2 Security Level 2 certification will be used in the Czech Republic by CZ.NIC’s MojeID service to provide the highest level […] The post borse.de: GoTrust Idem Key is the first FIDO security key that enables access to MojeID’s Czech government and high-security EU eIDAS services appeared first on FIDO Alliance.

GoTrustID Inc (GoTrust) today announced that Idem Keys with FIDO2 Security Level 2 certification will be used in the Czech Republic by CZ.NIC’s MojeID service to provide the highest level of eIDAS security for digital transactions across the EU.

The post borse.de: GoTrust Idem Key is the first FIDO security key that enables access to MojeID’s Czech government and high-security EU eIDAS services appeared first on FIDO Alliance.


GIGA: Google Chrome: This important feature is years overdue

Google, Apple and Microsoft want to say goodbye to the principle of passwords altogether. Instead, a method jointly developed by the FIDO Alliance and the World Wide Web Consortium (W3C) […] The post GIGA: Google Chrome: This important feature is years overdue appeared first on FIDO Alliance.

Google, Apple and Microsoft want to say goodbye to the principle of passwords altogether. Instead, a method jointly developed by the FIDO Alliance and the World Wide Web Consortium (W3C) is to be used. The FIDO method generates a key pair on devices that is linked to a fingerprint or other biometric factors. Logging on to a cell phone is then sufficient to access accounts on a computer.

The post GIGA: Google Chrome: This important feature is years overdue appeared first on FIDO Alliance.


Ceramic Network

Community Call - July 2022

We presented our first community-facing roadmap, you can access it here. Website | Twitter | Discord | GitHub | Documentation | Blog | IDX Identity

We presented our first community-facing roadmap, you can access it here.

Website | Twitter | Discord | GitHub | Documentation | Blog | IDX Identity


Human Colossus Foundation

Project Portfolio: From EU prototypes to Canadian implementation

Supported by public funding, DDE concepts, technologies, and methodologies have been honed and road-tested through several Proof-of-Concept prototype projects. Here is a brief synopsis of three EU prototypes:

Supported by public funding, DDE concepts, technologies, and methodologies have been honed and road-tested through several Proof-of-Concept prototype projects. Here is a brief synopsis of three EU prototypes:

Digital Immunization Passport project with NGI DAPSI

Co-developed with OwnYourData, Digital Immunization Passport (DIP) is a state-of-the-art solution for digital vaccination certificates, built to demonstrate safe and secure bilateral information exchange between actors within a distributed data ecosystem.

Funded through an NGI DAPSI grant, the initial Proof-of-Concept (PoC) use case successfully demonstrated a digital version of the International Certificate of Vaccination or Prophylaxis (ICVP), also known as the Carte Jaune or Yellow Card.

Digital Immunisation Passport

This project has received European Funding from the Horizon 2020 research and innovation programme under grant agreement No:871498

Project Summary

The project is perfectly poised for partnership with interested Healthcare providers and sponsors to accelerate development plans for scalable deployment. 

The project team would like to thank NGI DAPSI for their continued support of the project and for empowering internet innovators to develop technology solutions and services in the "Data Portability" field.

  Dynamic Data Sharing Hub project with NGI eSSIF-Lab

Dynamic Search Engine (DSE) (formally known as Dynamic Data Sharing Hub (DSH)) is a component that facilitates structured criteria searches on harmonised data within a distributed data ecosystem. Escrow lockers temporarily store the self-certifying identifiers of any matched targets, along with a related notice for intended data usage.

Dynamic Data Sharing Hub & DKMS-4-SSI

The projects have received funding from the European Unions’s Horizon 2020 research and innovation programme within the framework of the ESSIF-Lab under the agreement No: 871932

Under the recipient's authorised permission, a Data Governance Administration (DGA) can then act as an agent to facilitate authorised access to permissioned data to enable insights-driven service providers to generate accurate insights for the benefit of the ecosystem.

NGI eSSIF-Lab funded the initial Proof-of-Concept (PoC) use cases for Criteria search and Patient recruitment. A successful demonstration of the component has led to a partnership with the University of Guelph to develop a Semantic Engine for scalable deployment.

The project team would like to thank NGI eSSIF-Lab for their continued support of the project and for advancing the broad uptake of Self-Sovereign Identities (SSI) as a next-generation, open and trusted digital identity solution for faster and safer electronic transactions via the Internet and in real life.

  Decentralised Key Management System for SSI project with NGI eSSIF-Lab

Decentralised Key Management System (DKMS) is a library that developers can use to build an ambient cryptographic infrastructure to underpin a distributed data ecosystem, allowing the exchange of authentication keys between self-sovereign actors. 

Funded through an NGI eSSIF-Lab grant, the initial Proof-of-Concept (PoC) use case successfully demonstrated the bilateral exchange of information between an Issuer of a credential and the Holder of self-attested claims about a Subject across a light DKMS infrastructure.

The project has provided a strong foundation for standing up a lightweight ambient infrastructure and is now perfectly poised for partnership with interested Cybersecurity providers and sponsors to accelerate development plans for scalable production-ready deployment.

The project team would like to thank NGI eSSIF-Lab for their continued support of the project and for advancing the broad uptake of Self-Sovereign Identities (SSI) as a next-generation, open and trusted digital identity solution for faster and safer electronic transactions via the Internet and in real life.

 Check out the blog post "Celebrating closing of EU project DKMS-4-SSI" [click here Add link to Blog post 3—] for more information about this project.

The success of the EU prototypes has provided vindication of the DDE v1.0 architecture and has led to a longer-term collaborative project with an academic institution in Canada. Here is a brief synopsis of that Canadian-based project:

Semantic Engine project with Agri-food Data Canada at the University of Guelph 

In partnership with Agri-food Data Canada at the University of Guelph, the Human Colossus Foundation is co-developing a Semantic Engine for researchers to create, use and export schemas using the flexible and extensible Overlays Capture Architecture (OCA) as a preferred solution for data harmonisation. The semantic engine will help researchers write better data schemas with less effort to generate meaningful data.

Agri-food Data Canada is extremely excited about working with the Human Colossus Foundation to increase the FAIRness of agri-food data.

Michelle Edwards -Director, Agri-Food Data Strategy, University of Guelph

The summer of 2024 marks the earmarked completion of the project's next development phase. More projects on the way…

New Project Proposals

All project development at The Human Colossus Foundation is a collaborative engagement with like-minded contributors who resonate with DDE concepts, technologies, and methodologies, facilitating the development of distributed data ecosystems and harnessing the transformative power of technological and socio-economic innovation through earmarked funding. We strive to engage with collaborators in a spirit of trust, candid communication, and transparency. Our collective efforts also depend on the support and resources of governments, the private sector, communities, and individuals.

To receive updates about the Foundation’s projects, subscribe to the Foundation’s mailing list here. If you are interested in collaborating on a new project with The Human Colossus Foundation, please send us a brief project proposal for consideration at contact@humancolossus.org.


Celebrating two years of experimentation

Sometimes solving two complex problems together from an alternative perspective is more manageable than tackling them separately. So, slowly but surely, we are bringing our contribution toward more robust cybersecurity and seamless interoperability through our Dynamic Data Economy vision.

Two years ago, we launched an atypical foundation with a societal mission to create synergies, exposing the formidable challenges of inclusiveness and privacy in digital transformation. Nevertheless, the core design of the Human Colossus Foundation is about experimentation, progressive development, and testing.

We want to thank our early supporters in the private and public sectors for providing nearly CHF 0.5 Mio of seed funding for prototyping core components to support data harmonisation, digital event authentication and distributed ecosystem governance

Our focus now shifts from experimentation to progressive development. Funded by the EU Horizon 2020 eSSIF-Lab initiative, the closing of our DKMS-4-SSIproject marks that transition as we hit the road of no return in our journey. Here we present our path to inclusiveness and privacy in digital transformation.

0. Today

Every day more private and public services are available online. Users receive the digital benefits of increased availability and mobility. Digital services are available everywhere all the time. But the advantages come at a price: accessibility to the platform delivering the services. Moreover, with the current economic incentive that values data over the purpose of usage, platforms collect more data than they need for the intended purposes of the service. Furthermore, data are kept behind a walled garden, forcing users to share too much data with too many institutions.

Therefore services are restricted to users with the technological capacity to access the platform. Unfortunately, the same platforms too often force a form of consent, allowing them a secondary usage of user's information outside the initial purpose.

As a result, we evolve towards a two-tier society, excluding individuals that can not access the platform or are not willing to open their private sphere for an unclear rationale.

1. Inclusiveness Needs Interoperability

Early in the 20th century, Georges Orwell introduced the "Big Brother" concept in his novel "1984". Although, at the time caricatural, it recognised early that no single over-centralised system could cope with the diversity and complexity of society.

When it comes to digital transformation, there is a direct technological corollary: digital platforms can not scale beyond a specific limit. If they grow outside their intended purpose, societal friction appears as they can not cope with the complexity of society as a whole. The diversity of our daily activities as individuals, of our customers as businesses or citizen's needs as a government requires digital services to focus on a clear purpose. Interoperability between services tailored to their user base is the natural solution to include every specific case in our digitalised society. Interoperability should be to services what cooperation is to humans; a natural core capacity enabling growth as a group.

This interoperability of services requires first machines to talk together (the unfortunately too narrow technological definition of interoperability) while the ultimate exchange of information remains under the user's control. Thus we started with the essential element: the tooling for a decentralised cryptographic key management infrastructure (DKMS). Then, within the creativity nest provided by the eSSIF-Lab, we started building libraries allowing developers to begin their journey into the most advanced decentralised authentication architecture: KERI, the brainchild of the prolific veteran of network security, Samuel Smith. Designed for secure authentication, KERI provides the grounds for an alternative form of interoperability. The user and platform authentication does not rely on an administrative intermediary. Instead, an ambient infrastructure under the separate control of each party lets them choose an adequate level of security according to the context. Security is distributed, and interoperability can follow.

Michal, a core team member of the DKMS-4-SSI project states:

"Distribute the responsibility and decision making for authentication and authorisation among network participants and let them decide. No more castles with giant walls but a synergistic approach where network participants interact and make decisions based upon other participants' reputations. The foundations for our alternative are very similar to what the US National Institute of Standards (NIST) proposes with the "Zero-trust concept" -- distribute".

Michal Pietrus -Senior Developer & Co-Founder of ArgonAUTHs

2. Privacy Needs Cybersecurity + Information Security = Human Governance

Interoperability requires more than secure authentication; it requires trust between participants. The user naturally becomes the central point of overall control of his digital experience. And trust requires meaning, not faith in technology providers.

The Human Colossus Foundation sees privacy as a fundamental factor enabling human cooperation at all levels. If cybersecurity protects data, privacy protection is at a higher level where data acquires meaning. A text string becomes a name only when the data model unambiguously links it to an attribute. Our equation is simple, Data plus Meaning equals Information. It is information usage that must be governed to protect privacy.

Like authentication, to be effective at the complexity scale of the Internet, a peer-to-peer mechanism to define the meaning of data has to supplement available standards. This requirement is the motivation behind the decentralised semantics domain. As a result, we elevate privacy protection to the governance of information. In other words, securing privacy requires more than data protection regulation. It requires adherence to the complete existing legal framework of an ecosystem.

3. The ambition: valuing information usage, not data itself.

In conclusion, to address the challenges of inclusiveness and privacy, the journey starts by solving thorny technological questions in the domains of authentication and semantics. Then, digital communication channels and the fantastic potential of digital technologies to enrich information can be included case-by-case in the existing trust frameworks (legal, ethical, cultural). This is our roadmap towards accurate information for decision-making.

Once reached, our ambition loops back to the origins of the foundation as captured by Robert Mitwicki as co-founder:

"Data has value when it flows. It is costly when it stagnates"

Robert Mitwicki, Head of the Technology Council of the Human Colossus Foundation

To receive updates about the Foundation and DDE v1.0, subscribe to the Foundation’s mailing list here. If you are interested in discussing the Founding Donors’ Programme or contributing to the DDE work, please contact the Foundation at contact@humancolossus.org.

DKMS-4-SSI

The project has received funding from the European Unions’s Horizon 2020 research and innovation programme within the framework of the ESSIF-Lab under the agreement No: 871932


HCF announces Dynamic Data Economy v1.0

The Human Colossus Foundation, a Swiss-based independent non-profit organisation, announces the release of its eagerly-awaited Dynamic Data Economy (DDE) v1.0 architecture, describing the core concepts and technologies to enable a next-generation data-agile economy. Two years following its conception, the Foundation published today DDE v1.0, which includes the Principles and a Trust Infrastructure

The Human Colossus Foundation, a Swiss-based independent non-profit organisation, announces the release of its eagerly-awaited Dynamic Data Economy (DDE) v1.0 architecture, describing the core concepts and technologies to enable a next-generation data-agile economy. Two years following its conception, the Foundation published today DDE v1.0, which includes the Principles and a Trust Infrastructure Stack as well as a rollout plan for a related suite of components: Overlays Capture Architecture, Trusted Digital Assistant, Data Governance Administration. In addition, a DDE Founding Donors’ Programme launch accompanies the release, offering exclusive opportunities for organisations to become the earliest DDE v1.0 contributors and experts by engaging in the next stage of development. 

Inspired by the three co-founders' aspiration for secured, authentic data management in an increasingly digitised world, the Foundation coined the term "Dynamic Data Economy", the "DDE". With an overarching vision to empower people and organisations, the DDE enables better-informed decisions based on insights from harmonised, accurate data framed by sound data governance. It has developed an ambient cryptographic infrastructure to underpin ecosystems dealing with harmonised data within distributed governance, a paradigm shift in human-centric digital interaction, free from existing, platform-centric economic models. Further development of the DDE continues to bridge existing data standards and legacy infrastructure whilst preserving nuanced jurisdictional and human distinctions and differences in the digital space. Since its formation in 2020, the Foundation has received multiple rounds of government and private funding to develop this groundbreaking next-generation infrastructure. The release of DDE v1.0 marks the Foundation's readiness for broader collaborative stakeholders and community engagement. 

“The DDE v1.0 conceptual models, methodologies, and technological infrastructure provide a realistic solution for digital transformation across distributed data ecosystems. It is about returning to the roots of how humans interact online, arming individuals and businesses with the conceptual knowledge to understand the technical design limitations of the current Internet. 

Over the last two years, our team has contributed to open standard and open source development of the new Internet at various community forums and summarised our learning and insights into critical blog posts and webinars. It has become clear to us that we developed wrong habits in the digital space, letting technology take over our agency for authentication and privacy. We would never allow this in our physical world; nor should we have done so for the digital one. It is time for real DIGITAL TRANSFORMATION, one that can create a more sustainable, scalable, and human-friendly Internet. 

We released DDE v1.0 today to help you start seeing what we see through the DDE vision and its short-term development roadmap. We also want to invite you to participate in our journey to develop DDE further and use it to solve our collective problems. Are you ready?”

Dr. Philippe Page, Chair of the Board of Trustees


DDE Principles

The DDE, a decentralised, network-agnostic trust infrastructure acutely aligned with the European data strategy, is built upon a set of core DDE Principles. The DDE Principles describe the essential building blocks of any information system, leading to a trust infrastructure that preserves the structural, definitional, and contextual integrity (DDE Principle 1) of any object and their relationships in the Semantic domain, the factual authenticity (DDE Principle 2) of any recorded event in the Inputs domain, and the consensual veracity (DDE Principle 3) of any purpose-driven policy or notice in the Governance domain. As a result, actors in DDE ecosystems will ultimately have the transactional sovereignty (DDE Principle 4) to share accurate information bilaterally in the fourth domain, the Economic domain. 

DDE Trust Infrastructure Stack 

To better define and describe what contributes most notably to creating a cross-sectoral trust infrastructure for access and use of data according to the DDE principles, the Foundation developed the DDE Trust Infrastructure Stack that presents "Infrastructure" versus "Security" incrementally through the core data domains (see figure below). Deployed implementations that align with the Stack will positively affect the relationship between DDE actors and incentivise them to share horizontal data across sectors and jurisdictions. The cryptographic assurance of verifiable digital primitives and the human accountability facilitated by socio-economic data governance administrations and framework empowered by the Stack is pivotal for innovation in analytics, artificial intelligence, or other data-driven applications. 

DDE v1.0 Rollout Plan

As part of the DDE v1.0 release this year, the Foundation will launch three foundational DDE tools, which include: 

Overlays Capture Architecture (OCA), a standardised global solution for data capture and exchange which protects sensitive data, providing a positive alternative to current architectures;

Trusted Digital Assistant (TDA), a key DDE software interface component that provides a way to look at and interact with information in distributed data ecosystems; and 

Data Governance Administration (DGA), a suite of governance methodologies for distributed data ecosystems.

To build a community of DDE developers and advocates, the Foundation will organise community events to facilitate learning and dialogue, launching the Colossi Network later in 2022 as an open forum for more structured community collaboration and contribution.

To receive updates about the Foundation and DDE v1.0, subscribe to the Foundation’s mailing list here. If you are interested in discussing the Founding Donors’ Programme or contributing to the DDE work, please contact the Foundation at contact@humancolossus.org.

Thursday, 28. July 2022

Oasis Open Projects

Invitation to comment on Open Command and Control (OpenC2) Architecture Specification v1.0

OpenC2 enables machine-to-machine communications for command and control of cyber defense components. The post Invitation to comment on Open Command and Control (OpenC2) Architecture Specification v1.0 appeared first on OASIS Open.

First public review - ends August 27th

OASIS and the OASIS Open Command and Control (OpenC2) TC are pleased to announce that Open Command and Control (OpenC2) Architecture Specification Version 1.0 is now available for public review and comment. This is the first public review for this specification.

Cyberattacks are increasingly sophisticated, less expensive to execute, dynamic and automated. The provision of cyber defense via statically configured products operating in isolation is untenable. Standardized interfaces, protocols and data models will facilitate the integration of the functional blocks within a system and between systems. Open Command and Control (OpenC2) is a concise and extensible language to enable machine-to-machine communications for purposes of command and control of cyber defense components, subsystems and/or systems in a manner that is agnostic of the underlying products, technologies, transport mechanisms or other aspects of the implementation. A high level overview of OpenC2 featuring insights from the Technical Director of NSA’s Capabilities Directorate can be viewed at https://www.youtube.com/watch?v=kCooyNJoOrU.

This specification describes the abstract architecture of OpenC2 to define a common understanding of the messages and interactions for all bindings and serializations.

The documents and related files are available here:

Open Command and Control (OpenC2) Architecture Specification Version 1.0
Committee Specification Draft 02
20 July 2022

Editable source (Authoritative):
https://docs.oasis-open.org/openc2/oc2arch/v1.0/csd02/oc2arch-v1.0-csd02.md

HTML:
https://docs.oasis-open.org/openc2/oc2arch/v1.0/csd02/oc2arch-v1.0-csd02.html

PDF:
https://docs.oasis-open.org/openc2/oc2arch/v1.0/csd02/oc2arch-v1.0-csd02.pdf

For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP file at:
https://docs.oasis-open.org/openc2/oc2arch/v1.0/csd02/oc2arch-v1.0-csd02.zip

How to Provide Feedback

OASIS and the OpenC2 TC value your feedback. We solicit input from developers, users and others, whether OASIS members or not, for the sake of improving the interoperability and quality of our technical work.

The public review starts 29 July 2022 at 00:00 UTC and ends 27 August 2022 at 23:59 UTC.

Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility, which can be used by following the instructions on the TC’s “Send A Comment” page (https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=openc2).

Comments submitted by TC non-members for this work and for other work of this TC are publicly archived and can be viewed at:
https://lists.oasis-open.org/archives/openc2-comment/

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review, we call your attention to the OASIS IPR Policy [1] applicable especially [2] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved OASIS specification.

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC’s work.

Additional information about the specification and the OpenC2 TC can be found at the TC’s public home page:
https://www.oasis-open.org/committees/openc2/.

Additional information related to this and any previous public reviews can be found in the public review metadata document [3].

Additional references

[1] https://www.oasis-open.org/policies-guidelines/ipr/

[2] https://www.oasis-open.org/committees/openc2/ipr.php
https://www.oasis-open.org/policies-guidelines/ipr/#Non-Assertion-Mode
Non-Assertion Mode

[3] Public review metadata document:
https://docs.oasis-open.org/openc2/oc2arch/v1.0/csd02/oc2arch-v1.0-csd02-public-review-metadata.html

The post Invitation to comment on Open Command and Control (OpenC2) Architecture Specification v1.0 appeared first on OASIS Open.


OASIS Elects Board of Directors from Diverse Industries and a Wide Range of Backgrounds and Affiliations

28 July 2022 — OASIS Open, the international standards and open source consortium, announced the results of its Board of Directors election. Duncan Sparrell of sFractal Consulting, and Bret Jordan were elected to the Board while Jeremy Allison of Google, Jim Cabral of InfoTrack, Gershon Janssen of Reideate, and Altaz Valani of Security Compass were […] The post OASIS Elects Board of Directors fr

Newly Elected Bret Jordan and Duncan Sparrell Expand Board’s Expertise in Cybersecurity and Promote Further Collaboration in Standards and Open Source

28 July 2022 — OASIS Open, the international standards and open source consortium, announced the results of its Board of Directors election. Duncan Sparrell of sFractal Consulting, and Bret Jordan were elected to the Board while Jeremy Allison of Google, Jim Cabral of InfoTrack, Gershon Janssen of Reideate, and Altaz Valani of Security Compass were re-elected to two-year terms. The continuing members of the OASIS Board, whose terms extend through July 2023, are Nima Dokoohaki, Ph.D., of Accenture; Ross Gardler of Microsoft; Anish Karmarkar, Ph.D., of Oracle; Jason Keirstead of IBM; and Daniel Riedel of Copado. 

The Board members’ extensive industry experience and dedication to serving the OASIS community helps extend the Board’s reach and further establishes OASIS as the home for open source projects and standards in cybersecurity, blockchain, privacy, cryptography, cloud computing, IoT, urban mobility, emergency management, and other content technologies.

“The OASIS Board reflects the tremendous diversity of our member base, bringing together executives from multinational companies, start-ups, and consultancies with interests across the spectrum of open innovation,” said Gershon Janssen, Director of Architecture at Reideate who chairs the OASIS Board of Directors. “It’s really a nexus of thought leadership–all focused on what’s ahead for OASIS, standards, and open source development.”

“OASIS Open has a culture of inclusive interaction and a long-standing tradition of excellence in creating and defining international standards,” said Bret Jordan, who co-chairs the OASIS CACAO cybersecurity playbooks committee. “OASIS promotes and enables open and freely available standards and specifications that are vital to the success of the technologies we all rely on every day. I am excited to once again serve on the OASIS Open Board of Directors.” 

“Having my peers entrust me to participate in setting the vision for a tremendously impactful organization like OASIS is at once a great honor, inestimable privilege, and serious responsibility,” said Duncan Sparrell, a former AT&T executive who co-chairs the OASIS OpenC2 cybersecurity standards group. “All of which leave me feeling humbled and grateful to have been selected as a member of the Board of Directors.”

Jeremy Allison of Google’s Open Source Program Office said, “I am very grateful to the OASIS Community for being given a chance to continue to serve OASIS on behalf of Google. OASIS does important work for the global IT industry and helps coordinate our members in creating useful standards and Open Source projects, and it is an honor to be able to be on the OASIS Board of Directors.”

Jim Cabral, VP, Court Relations at InfoTrack US said, “I am grateful to be elected to continue serving on the OASIS board supporting open standards and open source globally. OASIS specifications and standards enable entire industries, from cybersecurity to business contracts to legal technologies and more. I am happy to support this important work and wonderful community.”

Altaz Valani, Director of Insights Research at Security Compass said, “Today, technology and security are both evolving at breakneck speed. To this end, OASIS has a clear mission to contribute open standards and open source operational artifacts which tie technology stacks and operational security. Members of OASIS communities are tackling significant, real world problems that help organizations and teams build secure products.” 

OASIS expressed deep appreciation to outgoing Board Members Rich Bowen of Amazon, and Wende Peters of Bank of America, whose time, leadership, and contributions have significantly helped grow and improve the consortium.

Additional Information:

OASIS Board of Directors

Media inquiries:

communications@oasis-open.org

The post OASIS Elects Board of Directors from Diverse Industries and a Wide Range of Backgrounds and Affiliations appeared first on OASIS Open.


The Engine Room

Takeaways from our Community Call on Responsible Data for Social Justice Organisations

In late June, as a part of our work with Ugandan organisation Albinism Umbrella, we hosted a Community Call about Responsible Data. Here are some of the insights that surfaced in the call. The post Takeaways from our Community Call on Responsible Data for Social Justice Organisations first appeared on The Engine Room.

In late June, as a part of our work with Ugandan organisation Albinism Umbrella, we hosted a Community Call about Responsible Data. The call included speakers Amos Doornbos and former Engine Roomer Paola Verhaert and brought together a variety of civil society organisations interested in collecting, managing, and storing data in equitable and responsible ways. 

The conversation was centred on the risks and potential harms of data management, and how to go about integrating responsible data into an organisations’ ongoing work. Below are some of the insights that surfaced in the call.

Starting from the top: figuring out what data you are using

Speaker Amos Doornbos pointed out that it is best to start by identifying the ways in which your organisation is using data. It can be easy to underestimate how much data you’re collecting in your day-to-day work, how your team is using it (or not using it!) and what is actually being done with all of it. He introduced the following guiding questions, as well as this short Cheat sheet, to support the process of mapping this out: 

What data is being collected and why?  Who is collecting it?  Where is it stored?  Who is this data shared with? 

For further support, The Engine Room’s Becoming RAD! [Retaining, Archiving, and Disposal] Tipsheets can guide you through some of the processes in more detail. 

Responsible data as an organisation-wide priority

Our speakers also talked about how important it can be for the whole organisation (and if possible, also the organisation’s partners and the communities they work with) to be involved in conversations about potential risks and harms related to the data the organisation collects, stores and works with. Data is not just an issue for the “tech person” on your team: the consequences of the ways individuals on the team use data will affect the whole of your work. In addition to that, taking your team’s different experiences and perspectives into account is a good way of designing your data strategy and solutions that work for all.

Mitigating risk and potential harm

Much of our conversation focused on the importance of assessing how the data we work with could generate or exacerbate risks for the people reflected in the data. Our speakers shared the following resources to support teams in reflecting on potential risks and harms:

Identifying Potential Data Risks and Harms Data Sharing Cheat Sheet (scroll down the page)

We also talked about how practising data minimisation – that is minimising the amount and the categories of data you collect – can be a good strategy to prevent potential harm. If the data you collect does not serve a purpose for your work, consider deleting it and/or not collecting it all.

Participation is key

Another insight from our speakers referred to consent practices: The communities you serve should be informed about potential risks associated with your use of their data, and should be able to withdraw their consent regarding the data you store at any point. That is why baking participation into your processes is a good practice. 

Relatedly, a key point that emerged in the call was this: Responsible data is not a one-off thing. It’s not a conversation you have once (for example, at the moment that you’re collecting data from the people you work with).  Context regularly changes (and so do the potential risks you and your organisation face), so plan accordingly. One way to do this is by creating user-friendly check-ins throughout your project to inform people about what’s happening with their data, making room for them to exercise their agency and select whether to opt-in or out. 

Be specific and realistic with your data management goals 

A different suggestion that came up in the call is to avoid broad and abstract recommendations and processes when implementing responsible data practices in your organisation. Paola Verhaert highlighted how important it is to make them clear and practical, so that they can be implemented easily. Staff might not have extra time on their hands to spend on this, so being specific and realistic with your data management goals is a good way of making sure your team is able to implement them. 

Where to start?

Changing the way your organisation operates can seem overwhelming. If you need support advocating for changes around your data practices, look for allies both within your own organisation and in the sector (the Responsible Data Community might be a good place to start!). If you’d like targeted advice on how to incorporate Responsible Data into your work, reach out to us for Light Touch Support

Below are more Responsible Data resources:

This short overview of Responsible Data Principles, as well as this Responsible Data Resource List document.  International Federation of Red Cross’s Data Playbook. A complete, illustrated guide to Responsible Data for anyone working in the development sector: Responsible Data in Development Toolkit (2016). ​​Monitoring, Evaluation, Research, and Learning (MERL) Tech’s short article including 5 tips on Operationalising Responsible Data Policy. You can also check out other resources available on merltech.org/resources. This blog post on how to start your responsible data journey (and many more gathered on the Information Management Resource Portal). 

Photo by Shane via Unsplash.

The post Takeaways from our Community Call on Responsible Data for Social Justice Organisations first appeared on The Engine Room.

Wednesday, 27. July 2022

Origin Trail

OT-RFC-12 OriginTrail Parachain TRAC bridges

The OriginTrail ecosystem is a two-layer system, driving its two symbiotic networks by their respective crypto tokens — the OriginTrail Decentralized Network (hosting the multichain OriginTrail DKG, as indicated in the whitepaper) driven by its utility token TRAC, and the underlying blockchains with their respective native tokens used for transactions. The OriginTrail Decentralized Network utilit

The OriginTrail ecosystem is a two-layer system, driving its two symbiotic networks by their respective crypto tokens — the OriginTrail Decentralized Network (hosting the multichain OriginTrail DKG, as indicated in the whitepaper) driven by its utility token TRAC, and the underlying blockchains with their respective native tokens used for transactions.

The OriginTrail Decentralized Network utility enabled by the TRAC token therefore requires each of the respective blockchains to support the TRAC token according to the TRAC tokenomics design, and requires necessary bridge infrastructure between relevant chains. TRAC being an ERC20 token on Ethereum has been so far successfully bridged to two blockchains — Gnosis chain (formerly xDAI) and Polygon with their respective bridge infrastructure.

With the launch of the dedicated OriginTrail blockchain on Polkadot — the OriginTrail Parachain — the required bridge infrastructure needs to be created to facilitate the OriginTrail DKG operation on this new chain. Moreover, the same infrastructure will enable further network effects for TRAC on all of Polkadot emerging parachain infrastructure and solutions, such as Acala and its DeFi stack (DEX, aUSD stablecoin, etc).

The purpose of this document is to outline the technical approach to bridging the TRAC token to Polkadot via the OriginTrail Parachain and collect relevant feedback from the OriginTrail community.

Bridging TRAC to OriginTrail Parachain and Polkadot

Polkadot is a network designed to enable high interoperability between blockchains and inter-blockchain trustless operations, such as bridging Polkadot based tokens on connected blockchains. As a multi blockchain network of parachains connected via the common Layer 0 Polkadot Relay Chain, bridging tokens is enabled by the powerful cross chain messaging format XCM. Using these inherent functionalities of Polkadot therefore solves the “bridging problem” within the entire Polkadot ecosystem — once the TRAC token is available on the OriginTrail Parachain, making it available to other parachains is a non-issue.

When it comes to external blockchains such as Ethereum however, there are a multitude of bridging approaches evolving in parallel. Two of the most promising approaches at the moment of writing this RFC are:

Snowbridge, a general purpose trustless bridge in development by the Snowfork team, yet to be launched, Chainbridge, an EVM to Substrate bridge already available and in utilization by parachains such as Moonbeam and Centrifuge.

As development progresses, we can naturally expect new and improved bridging solutions in the years to come. Therefore, bridging of TRAC to the OriginTrail Parachain will, over time, most likely involve a multitude of different bridges and related infrastructure as the Polkadot ecosystem evolves. It is therefore essential to plan for this eventuality from the start and thus enable the bridge infrastructure evolution to be “inherited” by the TRAC bridges on the OriginTrail Parachain.

It is important to note that TRAC token will stay an ERC-20 token on Ethereum and will be implemented as a bridgeable asset on the OriginTrail Parachain, which operates with its native token OTP.

Near term bridging approach — Chainbridge

Out of the two approaches outlined above, the core developers of OriginTrail propose the implementation of the Chainbridge bridge system for the first TRAC bridge between Ethereum and OriginTrail Parachain. Chainbridge is a battle tested, two way bridge, used by several teams within the Polkadot ecosystem to move assets to parachains.

Chainbridge implements a bridge smart contract on the Ethereum side (similar to Gnosis and Polygon bridges), with a respective pallet enabled on the OriginTrail Parachain. Tokens are transferred between the Ethereum bridge contract and the parachain via a set of relayers which listen for bridging events on both blockchains and executing the necessary transfers on the blockchain on the “other side” of the bridge, as illustrated below.

The bridged TRAC token will be implemented as a parachain asset on the OriginTrail Parachain and further bridged to the EVM pallet.

The Chainbridge implementation has been significantly researched by the OriginTrail core developers and progressed in implementation together with assistance from the Parity development team. To our knowledge and experience it is the most mature and tested system within the ecosystem and is the proposed solution for the near term.

However, as most existing bridges (such as Gnosis and Polygon bridges) its trust model can be improved, as explained in the Chainbridge docs:

“In its current state ChainBridge operates under a trusted federation model. Deposit events on one chain are detected by a trusted set of off-chain relayers who await finality, submit events to the other chain and vote on submissions to reach acceptance triggering the appropriate handler. Research is currently underway to reduce the levels of trust required and move toward a fully trust-less bridge.”

Therefore a key component of this proposal is to avoid “bridge lock-in” and enable further development of the OriginTrail bridging infrastructure to involve more trust-minimized solutions (such as Snowfork when ready).

The initial set of bridge relayers will be run by OriginTrail core developers, with an ambition to include additional relayers from the ecosystem in the near future.

Long term approach — multiple bridges

We expect a multitude of improvements as bridging infrastructure evolves to support more than one bridge on the OriginTrail Parachain. These will most likely include improvements in security models (trustless bridges), efficiency and user experience. It’s important to note however that having multiple bridge systems bridging the same asset effectively creates multiple “mirror versions” of the same asset on the OriginTrail Parachain.

To enable a sustainable, long term evolution of the bridging infrastructure therefore 3 key considerations need to be applied from the start:

Ensuring equivalence of bridged TRAC tokens as they might need to be implemented as “different” assets on the OriginTrail Parachain — for example, a TRAC token bridged via Chainbridge and a TRAC token bridged via Snowfork might be two “mirror version” assets on the parachain, with essentially the same value (1 TRAC). Equivalence would involve enabling OriginTrail DKG and other systems utilizing TRAC to register all TRAC mirror versions on the Parachain as the same (equivalent). Appropriate mirror asset naming should be applied to avoid confusion, especially as these assets move across the Polkadot ecosystem. “Phase out” capability for mirror assets in case of potential bridge issues (such as a major flaw being discovered), which would enable a safe decommission of potentially problematic bridges, ensuring TRAC tokenomics preservation.

Having these points in place while implementing the first bridge is important and already taken into consideration by the core development team.

Conclusion

This document outlines the near and long term approach of enabling the utilization of TRAC token in the Polkadot ecosystem via the OriginTrail Parachain token. We invite the OriginTrail community to provide their improvement proposals, comments and suggestions via the official RFC repository.

👇 More about OriginTrail 👇

Web | OriginTrail Twitter | OriginTrail Parachain Twitter | Facebook | Telegram | LinkedIn | GitHubDiscord

OT-RFC-12 OriginTrail Parachain TRAC bridges was originally published in OriginTrail on Medium, where people are continuing the conversation by highlighting and responding to this story.


Next Level Supply Chain Podcast with GS1

Small Business, Big Moves: Conscientious Chocolatier on Expanding Ecommerce

Small businesses may face a unique set of challenges, but on the other hand, they’re agile beyond belief in marketing, growing, innovating, and maintaining relationships with their consumers. In this episode, we’re speaking with one of the founders of The Functional Chocolate Company – a business started in the thick of a pandemic – about their journey during a disruptive time, how they’ve establi

Small businesses may face a unique set of challenges, but on the other hand, they’re agile beyond belief in marketing, growing, innovating, and maintaining relationships with their consumers. In this episode, we’re speaking with one of the founders of The Functional Chocolate Company – a business started in the thick of a pandemic – about their journey during a disruptive time, how they’ve established a best practices foundation for scaling their business, and the efficiencies they’ve built as a result.


Verite

Verification Patterns, Part 2

Exploration of Verite verification patterns, with a focus on non-DID wallets. Part 2 in a 2-part series

Part 2 of this 2-part series explains the did:pkh/CACAO variation for Verite data models and flows, which provides an entry path for wallets that may not support sufficient functionality for emerging decentralized identity patterns

Since some wallets may not themselves be willing to embed protocol-specific logic (interaction with verifiers) or more general verifiable-credential logic, we have to find a kind of "minimum viable" level of support for today’s non-DID-enabled crypto wallets. While handling DIDs and signing Verifiable Presentations brings a kind of secure indirection that enables portability and multi-chain wallets, these properties are not strictly essential to the core functionality of Verite. For this reason, we define a crypto wallet that can receive and pass to dApps a Verifiable Credential issued against its blockchain address adequate, with a few adjustments and supplements.

Phase 0: Issuance Directly to Crypto Wallet

In a crypto-wallet centric end-to-end flow, the trust model is different and the interplay between credential wallet and crypto wallet can be greatly simplified. The credentials themselves must also be slightly different– instead of obtaining the credential subject DID directly from the wallet to which they are being issued, the issuer will use a credential subject identifier based on a specific blockchain address controlled by that wallet. Using DID terminology, rather than attest to the controller of a wallet, it attests only to a specific address controlled by that wallet.

This greatly simplifies the ownership question, by relying on native mechanisms for proving ownership of the address– at the time of issuance, as well as at time of verification of the credentials.

Two Options of Expressing a Blockchain address as a DID (and as a VC subject)

Instead of defining the subject of the VC as a chain-agnostic DID provided by the wallet, the issuer will deterministically generate a DID from the blockchain address controlled by the connected wallet. Multiple DID methods allow this possibility; we’ll describe two of them, assuming a wallet with an Ethereum address (referred to as ETH_ADDRESS).

did:key method - issue against a crypto wallet’s public key: If the issuer has the wallet address ETH_ADDRESS and any signature over a known message, the corresponding public key can be recovered using the ecrecover mechanism ported over from Bitcoin in the early days of Ethereum. In this way. the issuer can deterministically obtain a did:key DID that will be used as the value of credentialSubject.id. This is the method Circle will begin with, for ease of implementation by participants. In this case, the mapping is: did:key:<ecrecover(ETH_ADDRESS, signature)> For blockchains that do not use a Bitcoin-style pay2hash address system, like Solana and Polkadot, no recovery from a signature is necessary because the base form of the address is already a public key supported by multibase and thus by did:key. did:pkh method - issue against a crypto wallet’s public address: Other DID methods, like [did:pkh](https://github.com/w3c-ccg/did-pkh/blob/main/did-pkh-method-draft.md), allow DIDs to be defined directly based on blockchain addresses in their commonly-used, public-facing forms. Long term, this is the preferred method. Among other advantages, the implementation across chains is more apparent. - In this case, the mapping is: did:pkh:eip155:1:<ETH_ADDRESS>. eip155 here refers to the EVM namespace (defined in EIP155), while 1 refers to the ethereum mainnet according to EIP155. - Just as the did:key URI scheme relies on the [multibase](https://datatracker.ietf.org/doc/html/draft-multiformats-multibase) registry, so does the did:pkh URI scheme rely on the ChainAgnostic Standards Alliance’s [namespace registry](https://github.com/ChainAgnostic/namespaces) to add non-EVM namespaces. - In cases where human-readability is important, end-users can introspect the VC and see their familiar address, as opposed to a public key that in pay2hash systems like BTC or ETH, they might never have seen or know they control Sign-In With Ethereum and dApp-native Identity

Wallets that have not incorporated decentralized identity capabilities rarely support JWT _signing _features, or other token mechanics that are common to the traditional web2 identity world. For this reason, many web3 sites and dApps have started using the wallet connection pattern to create a more feature-rich and auditable session mechanism via offchain message signing (i.e. personal_sign on EVM systems). Equivalents for other blockchain ecosystems, such as Solana, are forthcoming.

In the case of issuance, this signature is enough to extract the crypto wallet’s public key, as mentioned above. Importantly, though, it also enables delegated keys to sign offchain events without another onerous or fraught wallet-interaction, as we will see below.

Phase 1: Off-chain Verification Variant: Crypto-Wallet only with only VC storage capabilities

At verification time, when a wallet "connects” to a dApp by providing an off-chain signature over a structured authentication message, the dApp will have the wallet’s address (and live proof-of-control, if the authentication message included a secure nonce) so it can simply compare this address with the corresponding DID:PKH credentialSubject.id of the VC. This way, the verifier will not need to do an ownership check on the VC, and the dApp can trust the verifier to have received credentials from the right wallet because it, too, will require a wallet connection and prove ownership of the same wallet.

Without necessarily even having to parse, validity-check, or introspect the verifiable credentials, any wallet that can store them (whether as JWTs or even as raw text files) can submit them directly to verifiers, as shown below.

Note: while it is recommended that crypto wallets parse verifiable credentials and check their validity or safety, crypto wallets could in theory allow blind passthrough if the user can assume the responsibility for their contents. In the Verite case, there are little security concerns or abuses possible.

By itself, however, this bare VC is inferior to a VP from a full-featured decentralized-identity wallet, since it does not contain a non-repudiable off-chain wallet signature for auditing purposes. Or, to put it another way, it is only as trustworthy as the authentication of the wallet that sent it to you, and there is little standardization of the receipts you keep of crypto-wallet authentication to replay it for a future auditor or security review.

While the corner cases of impersonation or exfiltrated VCs might be vanishingly rare, the "audit trail” of a bare VC is weaker than a VC wrapped in a timestamped signature. For this reason, we encourage Verite dApps to create a functional equivalent to a verifiable presentation in the form of a signed presentation receipt (signed with a session-specific ephemeral key) for logging purposes. To accomplish this, we return to the Sign-In With Ethereum pattern to elaborate on its key delegation feature.

Sign-In With Ethereum Flow

As mentioned above, we support the emerging standard approach of the "Sign-In With Ethereum” mechanism which defines a sign-in message that includes a domain-binding anchor, an ephemeral session key, and other caveats. While the ephemeral session key property was not essential to the issuance wallet connection, it can be useful in the verification situation for more trustless (and auditable) logging.

By generating an ephemeral key and including it in the initial wallet-connection message for the crypto wallet to sign over upon authenticating itself to the dApp, the wallet effectively "delegates” that ephemeral key for the duration of the session. In UX terms, this saves the user from a distinct off-chain wallet signature at each confirmation or consent event. Carefully defining the other properties of the SIWE message, dApps can secure and constrain that delegation, link to an applicable terms-of-service agreement, enable DNS-based domain-checks analogous to the "lock symbol” in modern browsers, etc.

Once the user has "connected” their wallet by signing this SIWE message, a CACAO is generated as a receipt of that session (and of the delegation of signing rights to the key). This allows the dApp to use smoother UX than requiring a full off-chain wallet signature to confirm each consent event or internal transaction (such as the presentation of VCs in a signed VP). But it also provides a compact and tamperproof way of encapsulating each event or internal transaction as a time-stamped and signed object for logging purposes– this makes each event as verifiable as an off-chain (or on-chain) signature, via the indirection of the delegated key.

Ownership Verification

You could say that the crypto wallet delegates the encapsulation and signature of a VP to the dApp, which creates a short-lived key with which to sign the VP, which is a kind of standardized logging object for a presentation event. This allows the verifier to confirm that the dApp is interacting on behalf of the wallet. Since the Verifier has confirmed control of the wallet address with a SIWE message, and the VC is issued to the address directly, there is no ownership verification needed as with a decentralized wallet; thanks to the CACAO, future auditors can replay these interactions and re-check signatures and tamper-proof objects to confirm all of these transactions trustlessly.

Detailed Flow

Wallet initiates DeFi transaction with dApp. dApp generates a session-specific ephemeral signing key and encoded it in the SIWE message for the wallet to sign. This generated session key will delegate the wallet for future signings, once after wallet vouches it (by signing the CACAO). Once the wallet has signed it and returned it to the dApp, the signature and message are encoded into a compact CACAO session receipt for logging and forensic purposes (if needed). Next the dApp lets the verifier know about the session, by POSTing the receipt to an endpoint (eg. signIn). The signed receipt also includes caveats, a domain-binding, an expiration, and other constraints to secure the delegation and the transfer of the session parameters. The verifier saves the CACAO. The verifier only uses this CACAO in the scope of this verification session (to prove the VP signed by the ephemeral key). Once the CACAO verification step is completed, the session object will be updated. Instead of sending the wallet to verify directly with the verifier (as in the previous post), the wallet will submit the VC directly to the dapp (or an agent/service it trusts). The dApp presents the prompt to verify. Wallet submits the bare VC. Subsequent requests from the dApp will include a reference to the session which the verifier can use if they need to check signatures made by that key. The VC(s) submitted by the dApp in this case will not be signed in a VP with the wallet’s key; instead, it/they will be put into a VP and signed by the dApp using the ephemeral key (the signing key mentioned in the first step above) delegated to it by the SIWE message. Introspection into the CACAO is required to extract the public key that signed the VP, as well as a signature from the wallet key over the public key. When all the information is submitted to the verifier, the verifier needs to examine the ownership of the credential: Extract the public key of the session signing key from the resources section of the CACAO Use the public key of the session signing key to validate the VP’s signature. This is to ensure that the dApp properly (which held the key and got user consent to delegate signing rights to it) signed the VP and that it has not been tampered with in transport. Compare iss in CACAO with the wallet’s DID in VC (in this case a did:pkh representing the wallet address as a long URI). They should match, if the dApp’s SIWE message. conforms to the SIWE specification. This is to check the wallet which vouched the session key is the subject (and holder) of the VC, which is also connected to the dApp with a signature over a nonce, included in the CACAO to keep future auditors from having to trust the verifier. Conclusion:

Circle’s implementation of the Verite protocol allows us to serve our customers and the dApps they interact with equally, putting the rigor of our KYC processes at the service of a process that is auditable and verifiable end-to-end without duplicating KYC process or PII from those processes across the chain of asset custody. We are proud to be driving the Verite process, and welcome more implementations, whether end-to-end issuer+verifier solutions like ours or more focused implementations that bring more wallets and more users into the ecosystem.

As the Centre team updates its documentation and sample implementation to reflect the new patterns and flows, we will continue to work with them to share the insights we are gaining from our exploratory work with dApps and clients.

Tuesday, 26. July 2022

Digital ID for Canadians

Spotlight on PXL Vision

1. What is the mission and vision of PXL Vision? PXL Vision has one vision – A world full of trust built on verifiable digital…

1. What is the mission and vision of PXL Vision?

PXL Vision has one vision – A world full of trust built on verifiable digital identities to make secure, frictionless and reliable identity verification available to everyone.

2. Why is trustworthy digital identity critical for existing and emerging markets?

At PXL Vision, we believe in ensuring existing and emerging markets continue to experience strong growth that consumers, governments and businesses alike need to have 100% certainty in the trust of Canada’s digital identity ecosystem. Trust in digital identity is paramount to adoption to prevent identity fraud and protect citizens from misuse of personal data with a solid contribution to economic growth.

3. How will digital identity transform the Canadian and global economy? How does your organization address challenges associated with this transformation?

Digital identity will transform the Canadian and global economy alike by providing consumers access to services that are not currently accessible for so many. COVID has undoubtedly accelerated the need for digital IDentity. We have seen the positive impact on the economy by allowing remote non-face-to-face access for consumers to financial services, corporations, government institutions, law firms, accounting firms: and essentially any institution that previously required in-person ID verification.

Digital Transformation requires collaboration with industry experts to ensure success and scalability. At PXL Vision, we offer AI-powered identity verification tailored to your unique needs – Your business is unique. It has its own needs in security, compliance, user experience, infrastructure, business processes, and more. Our platform is uniquely flexible and adapts to your needs. It fits your existing business processes, and you can configure it to match your individual preferences.

Our customers get rid of manual processes and drive revenues, reduce process and compliance costs, open up new digital channels and boost customer conversion, preventing identity fraud and building consumer trust. Leverage the world’s most flexible identity verification platform.

4. What role does Canada have to play as a leader in this space?

Canada has an incredible opportunity through DIACC and its highly respected member participants to create a trusted framework for Digital Identity that will drive the local economy and be recognized and leveraged globally. Canada is poised to be a role model in the global development of identity ecosystems.

5. Why did your organization join the DIACC?

DIACC is creating the gold standard for Digital Identity in Canada. As the most highly respected association in the Canadian digital identity market, it makes sense that PXL Vision is part of such an organization. With PXL Vision now having a local presence in Canada, we are not only able to be a member but also to participate in the local Expert Committees to provide a global perspective from our Swiss-based experiences. PXL Vision is the technology behind the SwissID in Switzerland, and we are pleased to share best practices as Canadian provinces and the federal government digitize Canadian Government-issued IDs.

6. What else should we know about your organization?

We are a Swiss premium provider of best-in-class technology for scalable, configurable identity verification worldwide. Our AI-powered solutions help businesses of any size to reduce the cost of customer onboarding and compliance, drive revenue growth and prevent identity fraud. We strive to provide the most reliable, quickest and seamless identity verification that anyone can use anytime, anywhere.

Our journey started as a Swiss high-tech spin-off of the prestigious Swiss Federal Institute of Technology (ETH). With experience in identity verification since 2011, our company was founded by former key employees of Dacuda AG in 2017. Within three years, we became the Swiss market leader, helping companies like Swisscom, SwissID and Swisslife verify their customers securely and reliably. Since then, we have expanded internationally with a presence in Europe and North America. We are serving our customers with an international team of 70+ experts.

At PXL Vision, we provide Enterprise-grade identity verification for any business. Premium identity verification is configurable to your individual needs. Choose between our flexible Plug-and-Play solution or build your own custom experiences.

Customize the experience with PXL Pro – Integrate individual modules and features to build your own custom experience. PXL Pro provides the highest possible flexibility and allows configuration to fit your unique requirements. Build a customized experience that your customers and your business will love.

Mix and match our SDKs and APIs to build your own verification flows.

Choose between mobile vs. web, cloud vs. on-premises deployment, wholly tuned to your individual needs and fully integrated into your pre-existing business processes.

With PXL Ident®, leverage our end-to-end process, plug-and-play solution covering all phases of identity verification, including the following key areas:

– SMS/eMail verification

– Self-declaration

– Document verification

– Face verification / Liveness detection

– Address validation – PEP/SL check

– Additional document scan

– Electronic signature

A cloud-based plug-and-play solution that gets you started immediately.

An end-to-end process with all the essentials for your identity verification and onboarding needs.

Dynamic workflow engine for tailored configuration of your verification processes. Simple integration with minimal technical knowledge is required.

Reach out to learn more about PXL Vision:

Doug Lister. VP Sales – Canada

doug.lister@pxl-vision.com

(M) 647-221-1969

www.pxl-vision.com


DIF Blog

DIDComm v2 reaches approved spec status!

DIDComm v2 has now reached DIF Approved Status, joining SideTree as a complete and approved open-source specification.

Following the approval of the Decentralized Identifiers (DID) Core Spec by the W3C as an official open web standard, the Decentralized Identity Foundation (DIF) announced the approval of the DIDComm v2 specification. Combined, this represents a major step forward in the acceptance of decentralized identity, one that opens the path to widespread adoption and further development especially with regard to the types of peer-to-peer communication now possible.

DIDComm, short for Decentralized Identifier Communication, is a communications methodology that works with the decentralized design of DIDs to provide private, secure interaction. "Methodology" is used rather than method because it describes more than just a mechanism for individual or sequential messages. DIDComm defines how messages are composed into application-level protocols and workflows. Just as DIDs are a foundational element of decentralized identity by providing non-revocable identifiers, DIDComm provides secure communication between parties based on the service endpoints and keys present in a DID Document.

DIDComm provides the next step in decentralized identity: direct, secure communication between the owners of DIDs. Currently, APIs are the norm for communicating with online services; however, APIs favor those with the ability to provide highly-available online services; they are ill-suited to peer-to-peer cases where the endpoints are not highly available and the infrastructure costs must be low. In contrast, DIDComm enables peer-to-peer interaction with computers, phones, and even IoT devices.

The protocol derives its security properties independently of the transport being used. The privacy and security guarantees are the same whether using HTTPS, or websockets, or Bluetooth Low Energy (BLE) transport.

By removing architectural barriers, DIDComm-based protocols return individuals and small companies to first-class citizen status on the Internet, a state largely lost via the expansion of large social media platforms and the rise of APIs as a primary integration method.

Version 1 of DIDComm started in the HyperlLedger Aries project and resulted in full community adoption. Version 2 of DIDComm (also called DIDComm Messaging) began at the Decentralized Identity Foundation (DIF) as parties outside the HL Aries community became interested in and started working collaboratively on the protocol. The [DIF DIDComm working group]((https://identity.foundation/working-groups/did-comm.html) is responsible for the numerous improvements and simplifications that now form DIDComm v2.

DIDComm v2 has now reached DIF Approved Status, joining SideTree spec as a complete and approved open-source specification. DIDComm v2 is now ready for development, with planned adoption by the HyperLedger Aries community. The DIDComm spec and "What's New in DIDComm v2" section links are below, along with some explainer videos to help those wishing to understand more.

While the initial spec work may be done, there are plenty of ways to get involved with the ongoing work of the DIDComm community. The DIDComm Users Group is open to all, and a great place to get started with using DIDComm and asking questions: Join the conversation on Discord. This group is working on the creation of the "DIDComm Book," which is available in a live version here: https://didcomm.org/book/v2/

How else can you join the identity community? Joining DIF is a great way to start; you are invited to contribute, learn and connect with our diverse community. Don't forget to subscribe to our monthly newsletter on our website here to stay up to date on developments at DIF and in the wider digital identity landscape. Don't forget to follow us on Twitter & LinkedIn!

Appendix

Rendered DIDComm spec

What's new in DIDComm v2

DIDComm WG page

DIDComm WG Mailing list:

For some background and general understanding, these two videos and podcast focus on the general ideas and utility:

Daniel Hardman's DIDComm Explainer video

Phil Windley's DIDComm presentation from HLGlobal2021

Sam Curren Floss Weekly Podcast appearance - 15th June 2022
Sam Curren unpacks for Doc Searls and Dan Lynch why DIDs and DIDcomm are the best approach to identity---and to making people first-class citizens on the Internet. Curren also discusses the origin story of picos and the advantages of nomadic living and hacking.

Monday, 25. July 2022

Oasis Open Projects

PKCS #11 Profiles v3.1 from PKCS 11 TC approved as a Committee Specification

This document is intended for developers and architects who wish to design systems and applications that conform to the PKCS #11 Cryptographic Token Interface specification. The post PKCS #11 Profiles v3.1 from PKCS 11 TC approved as a Committee Specification appeared first on OASIS Open.

PKCS #11 Profiles ready for testing and implementation.

OASIS is pleased to announce that PKCS #11 Profiles Version 3.1 from the OASIS PKCS 11 TC [1] has been approved as an OASIS Committee Specification.

This document is intended for developers and architects who wish to design systems and applications that conform to the PKCS #11 Cryptographic Token Interface specification, which documents an API for devices that may hold cryptographic information and may perform cryptographic functions.

This Committee Specification is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.

The prose specifications and related files are available here:

PKCS #11 Profiles Version 3.1
Committee Specification 01
14 July 2022

PDF (Authoritative):
https://docs.oasis-open.org/pkcs11/pkcs11-profiles/v3.1/cs01/pkcs11-profiles-v3.1-cs01.pdf
HTML:
https://docs.oasis-open.org/pkcs11/pkcs11-profiles/v3.1/cs01/pkcs11-profiles-v3.1-cs01.html
Editable source:
https://docs.oasis-open.org/pkcs11/pkcs11-profiles/v3.1/cs01/pkcs11-profiles-v3.1-cs01.docx

PKCS #11 test cases:
https://docs.oasis-open.org/pkcs11/pkcs11-profiles/v3.1/cs01/test-cases/

Distribution ZIP file

For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:
https://docs.oasis-open.org/pkcs11/pkcs11-profiles/v3.1/cs01/pkcs11-profiles-v3.1-cs01.zip

Members of the PKCS 11 TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

Additional references

[1] OASIS PKCS 11 TC
https://www.oasis-open.org/committees/pkcs11/

[2] Public review timeline:
Details of the public reviews are listed in:
https://docs.oasis-open.org/pkcs11/pkcs11-profiles/v3.1/csd02/pkcs11-profiles-v3.1-csd02-public-review-metadata.html
Comment resolution log for most recent public review:
https://docs.oasis-open.org/pkcs11/pkcs11-profiles/v3.1/csd02/pkcs11-profiles-v3.1-csd02-comment-resolution-log.txt

[3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3717

The post PKCS #11 Profiles v3.1 from PKCS 11 TC approved as a Committee Specification appeared first on OASIS Open.


Ceramic Network

Into the Dataverse

A future where everyone in the world is building applications on the same networked, composable data layer.

There has been much hype about the Metaverse, a vision for our digital future that's increasingly merging with Web3's. For this article, let's sidestep attempts by Facebook, ahem Meta, or NFT tribes to stake their claim to the Metaverse. We think of the Metaverse as the entirety of all composable and interoperable resources, identities, applications, platforms, services, and protocols that exist in cyberspace.

Our vision of the Metaverse will run on the Dataverse: a composable, web-scale data ecosystem—owned by everyone and no one. Developers will build interchangeable interfaces and online experiences that directly interact with the Dataverse and the composable data that lives there. The Dataverse will play arguably the most important role within the Metaverse: a shared, high-performance, always-available graph of all data created and used by all applications

Most features on the web are just data rather than monetary value transactions. For example, the DeFiverse would refer to the universe of interoperable financial protocols, assets, and applications; but, just think about the applications you use on a daily basis. How many times do you click, ‘send’, or ‘like’ compared to ‘buy’ or ‘transfer’? In the Dataverse, your data follows you around from app to app, putting you at the center and in control of your own digital universe.

Over the next five years we will see a massive explosion in the developer market and a full integration of permissionless protocols into the mainstream development stack, giving rise to a billion networked applications that run and interoperate on shared, composable backend infrastructures. That’s an app for every 10 people on the planet.

We’d like to take you on a tour of the Dataverse—how we navigate from the data silos of today’s Web2 apps and the data desert of today’s Web3 apps—to a future where everyone in the world is building applications and they’re all doing it on the same networked, composable data layer.

The Golden Era for Application Development

The route to that interoperable Metaverse depends on enabling developers. The next five years will be the gol