The W3C Credentials Community Group

Meeting Transcriptions and Audio Recordings (2014-today)

Go Back

W3C CCG Weekly Teleconference

Transcript for 2022-10-11

Our Robot Overlords are scribing.
Mike Prorock: I am going here.
Valerie Thomas: Okay which screen.
Mike Prorock: I can see the SAT-P overview
Mike Prorock: Full screen mode yeah.
Valerie Thomas: Should I let me try I never hardly ever do this make this full screen. Where is the
Valerie Thomas: Is it visible? What did -
Mike Prorock: No I think that's because I want to say f11 is the hotkey for it but.
Valerie Thomas: Wow I don't
Mike Prorock: Oh, Apple L. Yeah down below read mode
Mike Prorock: Yeah go View.
Mike Prorock: Yep no worries let's see if that.
Valerie Thomas: Is that good can you guys still hear me okay let me know when I should start.
Mike Prorock: All right cool yeah I'll run through our boiler plate first and then we'll hand it to you so hello all welcome to the W3C community credentials group weekly meeting the agenda today is an overview of SAT-P from Thomas Hardjono who has been gracious enough to join us from MIT to talk about this. There is a lot of interesting overlap
Mike Prorock: And definitely talking about some real-world
Mike Prorock: Use cases that we see in terms of interoperability and all other sorts of fun stuff so it I'm looking forward to the conversation today just a quick reminder that the meeting today alongside all meetings at W3C are covered by the code of ethics and professional conduct and we should not have any issues there because we rarely do if ever.
Mike Prorock: Quick reminder from an IP note standpoint the anyone can participate in these calls but any substantive contributors actual CCG work items you must be a member of the CCG with the IPR agreement signed membership is there if you need it it's also in the agenda that I post about from the list we do use IRC and the chat in the meeting software to queue speakers I will be monitoring the queue if you need to add yourself to the queue
Mike Prorock: To ask a question you could just type q+.
Mike Prorock: Or q+ plus the words to and then mention whatever you're going to mention so that way you get reminded this meeting is held by voice and not by IRC or chat so any off-topic comments are subject to deletion in the records and we will rely on our robot overlords to transcribe and scribe for us as they are doing right now.
Mike Prorock: Quick pause here for any introductions anyone new to this call new to the CCG that has not been on before you can just jump right in or type the letter q+ into the chat and yourself to the queue and we would like to welcome you.
Mike Prorock: Same holds for reintroductions if you've recently changed roles or affiliations.
Mike Prorock: Awesome great to have you don't hesitate to reach out if you need any feedback or Connections in the community Etc so great to have you.
Mike Prorock: Any others? All right quick pause here now for any announcements or reminders from the community just a quick announcement from the chair side since I saw it I made it beat the chairs to a comment on the list someone just proposed a verifiable credential decentralized identifier use cases community group which is kind of the CCG so we're reaching out to them to let them know that the CCG exists we’re going to have
Mike Prorock: Assume good faith here.
Mike Prorock: Any other announcements from the community at Large.
Kaliya Young: Hey you know this is an old hat but IIW is coming up I think earlier registration ended yesterday if you still want to early register and you want to ping me I can get you a code and we're really committed to accessibility we have diversity and inclusion scholarships available and we really want to support anybody who has something to
Kaliya Young: Contribute and wants to
Kaliya Young: Be at the event to able to be there I'll put my email in chat if you want to or need to reach out.
Kaliya Young: And I wanted to just share about another event that I'm pulling together called the Thoughtful Biometrics Workshop we did this in Winter of 2021 we are going to be hosting it again in the winter of 2023 likely in February but I just wanted to flag it and say that it was coming together if folks were interested in and wanted to participate.
Mike Prorock: Awesome thanks so much Kaliya. Uh, Vriti
Vriti: Hi there great to be here I'm Vriti I'm the founder of Ed3 DAO we're a non-profit that's educating rducators about Web3 and we have a conference coming up in November it's a virtual three-day conference a few folks from this group are actually speaking at it the purpose is to bring concept of these operability credentialing on unchain and things like that to the educator community and so it's at Andif anyone
Vriti: wants to grab a 50% off discount, you can email me
<identity_woman> my e-mail to reach out about IIW
Vriti: I'm I just dropped it in the chat so yeah we'd love to have you.
Mike Prorock: Awesome thank you.
Mike Prorock: Cool let me see just double check the queue before we hand it to Thomas.
<identity_woman> Also The Thoughtful Biometrics Workshop
Mike Prorock: Dmitri I saw you hop on queue and then off queue did I miss you there.
Dmitri Zagidulin: No I just wanted to remind people about the JFF Plugfest the day before IIW but then I realized that I think
Dmitri Zagidulin: Participation to that one is closed so that's why I took myself off the queue.
Mike Prorock: Yeah yeah no it's a good reminder though because I think even if you're not participating it is definitely going to be an interesting one to watch and there will be a lot of lessons learned from that so well thanks for bringing that up.
Mike Prorock: All right well thanks so much all with this I'm going to just jump right into the content for the day so Thomas I'm going to hand it over to you I met Thomas through I think formally through the last IETF meeting and sat in on their birds of a feather session around trying to get a working group together around secure asset transfer which is an interesting interesting question so with that I'm going to hand it to you to give an overview of what you're up to over there and then
Mike Prorock: Might have some here with the CCG.
Valerie Thomas: I can already say there is but we’lll get to that slide yeah so folks thank you for having me thank you Mike for organizing this so this is about a group that was started about maybe two years ago actually during covid and the story is that so I work at MIT in a group called Connection Science we're primarily driven by corporate sponsor funding and one of our corporate
Valerie Thomas: Sponsors company called Swisscomm that
Valerie Thomas: Has a lot of interest in this space you know came with the problem of interoperability between you know existing Legacy systems and with this new technology blockchain deal this and so on and that's sort of kick-started the whole discussion but today I'm going to just jump two years later we have this you know set of proposal ideas we have a draft charter and Mike was saying we had our first BoF presentation in July at IETF 114
Valerie Thomas: In Philadelphia which you know prompted us to keep on going and we're going to have another BoF at the IETF in London in November so problem statement this is for those who are familiar with the idea of this is what the ADs will make you do this is the first slide so what's the problem statement so there is definitely a problem with interoperability
Valerie Thomas: Across blockchains
Valerie Thomas: Even using the lingo even at between layer one networks right that's that's that's that's a given and it's not new this is this is a totally human problem and we saw this with local area networks in the 80s and this is one of the reasons why we have the TCP IP and why we have you know routing solution and so on so the notion of interoperability here is seen from the perspective of an asset so we don't like some people love the idea of
Valerie Thomas: Having unchained
Valerie Thomas: Native assets and having you locked on to that Network for good but if you are from an investment perspective if you are trying to you know create you know next generation NFTs that are bound to physical Goods it could be debilitating you want your asset to be able to move around so so this this brings us to one interpretation of blockchain interoperability is the ability for a digital asset
Valerie Thomas: To be moved from one network to another
Valerie Thomas: And what we want to ensure is that there's no double spending as we all familiar with and that the whole thing is verifiable by some authorized third party the third party could be you know a dispute resolution entity it could be the government it could be anybody but there must be a mechanism to allow that verification right so so this is this is what we came to the IETF with.
Valerie Thomas: And so what we came up with was the
<mprorock> quick note - these slides will be posted to the list - and links to the core set of slides were included on the datatracker link on the agenda
Valerie Thomas: Motto of I could go back to the slides but I'll go Gateway so it's very clear that we will see more and more asset networks blockchains DLTs coming up you know in the future I did I co-authored a survey last year and last count there's like 80 plus different blockchains running out there and so many many of them assume that the world will come on to that network right.
Valerie Thomas: And so to me this is exactly like the local
Valerie Thomas: Area network problem in the 80s where IBM had the IBM SNA proprietary protocol network there was DEC for those who know Digital Equipment Corporation it just had his own thing or DECNet and largely the lines were what is called the file layer protocol layer 2 in the TCP IP to layer 2 set up and TCP IP allowed data to be disconnected from its local area
Valerie Thomas: Physical network implementation and be moved across
Valerie Thomas: To a different network using different physical layer in a manifestation now when I help teach a couple of courses to the students at MIT and I have to explain to many of these students that there is no single public internet in fact there is no open public internet it just looks that way and the internet as we know it today in fact consists of a sequence of private ISP networks that are stitched together
Valerie Thomas: End to end so if I'm watching a
Valerie Thomas: Netflix movie from in a runoff AWS servers up in West Coast somewhere and it's Seattle area let's just say then really my my packet is traversing across multiple private ISP networks and between these networks that are so there are things called gateways which we try the specific protocol called BGP border Gateway protocol and I think it's version 4 BGP4 and it's a standard protocol.
Valerie Thomas: And how the BGP routed deals
Valerie Thomas: With its internal Network or subnet it's up to them of course now nowadays within each Network there's probably a couple of standard routing protocols in OSPF and I think probably a RIP version 2 and probably some other you know and you know well understood well deployed routing routing protocol so this is very similar with this diagram today we have you know multiple networks some are public some are private I think going forward we will
Valerie Thomas: See more private.
Valerie Thomas: Private asset networks being you know established because just human beings like to trade and exchange ideas within communities and sometimes it’s a closed communities kind of make sense and so the challenge for us is well how can we create a standard asset transfer protocol so that you can move an asset from network 1 to network 2 using these two systems or services
Valerie Thomas: And without
Valerie Thomas: Worrying how each system is going to deal with this own Network so for the ITF work what we are proposing is that the yellow area here in the middle is is the scope of work and we can delve into some you know if you guys have questions or you know I'm I should know the answer but but you know we can we can talk about it later on so assumptions this is the second slide that the area directors will make you write, assumptions, so so we assume both
Valerie Thomas: Networks share a common semantic understanding so so there needs to be some kind
Valerie Thomas: Of an application on both sides that drives it right so if there's Alice on one side Bob and the other side Alice says I want to send this digital asset to you so something out of band has occurred before this transfer you know occurs and in fact this is pretty much what happens today with the big exchange companies that send you know cryptocurrencies to other big exchange companies around the world that it's driven by the cost of there's if there's an originator and a beneficiary on
Valerie Thomas: On either side
Valerie Thomas: Second assumption
Valerie Thomas: Identity has been validated so we assume this has happened right this is probably a topic that would be relevant here and we can have a slide on that you know Alice and Bob as the originated beneficiary needs need to be identified by the by the service provider the third one is actually quite fundamental we assume that one or both networks are opaque are not transparent so the they could be both private which is like the worst-case.
Valerie Thomas: Scenario and the thinking is that if we can design
Valerie Thomas: A transfer protocl that can work for 2 private closed non-transparent networks then if in one of them is if you loosen the constraint in one of them is now you know a public network then the protocol should just work right there's this should not be any dependency between the transfer protocol with any network specific construct right because this is exactly why you get scalability
Valerie Thomas: Today in the internet because the BGP
Valerie Thomas: Routers mask away hide away the subnet addressing the routing speed the the you know route damping mechanisms being used within a given ISP Network and that's why you know it scales up you know very well we assume the system's the Gateway whether it's a bare-bones machine whether it's a fully blown you know system whether it's a Mainframe people talk about mainframes or whether it's
Valerie Thomas: It's a service up in the cloud somewhere we assume
Valerie Thomas: That it is trusted and that and we can talk about the fact that the Gateway has to be owned and operated by a service provider and typically a service provider is a legally registered business entity and we can talk about why this is important because they have to take on financial liability in becoming a Gateway lastly some assets related data quote metadata kind of don't know what to call this it's not the transaction yourself but you know information about
Valerie Thomas: The you know
Valerie Thomas: Entities who own or control the asset and so on could be shared export out of the network you know with an authorization from the entity or the person who owns that asset in to a known and and you know selected entity.
Valerie Thomas: So I'm this is a snippet of our increasingly complex flow diagram we've been discussing this for at least a couple of months now but all this stuff about assumptions and and identities and credentials we’ve pushed this out up to phase 0 so this is why I [_____] at this diagram so this is the entities we have in mind so have Alice you know U1 running application 1
Valerie Thomas: You have Bob U2 application A2 and all of this stuff needs to happen in Phase 0 so in other words when Alice somehow creates a transactional instructs Gateway G1 to transfer an asset to Bob in network to via some Gateway which is going to be G2 if it's selected then Alice and Bob must must know each other and more
Valerie Thomas: Importantly the service provider
Valerie Thomas: G1 who owns Gateway G1 and the service provider that owns Gateway G2 needs to know who Alice and Bob is per the travel rule so this is why we believe identities and credentials and DIDs and VCs play a crucial role in Phase zero because and that's that we just we just want to use whatever the W3C comes up with our focus is really the the flow itself
Valerie Thomas: And what happens in terms of asset being locked
Valerie Thomas: Being being exterminate extinguished being minted and so on on the other side.
Valerie Thomas: So three types of flows we call the modes of flow so this first one is the one you just saw the unidirectional transfer of asset the second one is a slightly less constrained flow which is data Loosely called Data sharing kind of misnomer but how can you extract here’s a private network network one I want to copy out extract out some information from The Ledger.
Valerie Thomas: In Network one
Valerie Thomas: You know with authorization of course and move that a copy that out and provide the some you know authorized entity whose outside the network this is there's a if there's if there's time I can show you a diagram this is this is very important for the use case of supply chain tracking which is a related in the fact to another group in the IETF which is the SKIT SIITT secure supply chain was that in transparent, uh -
Mike Prorock: Integrity transparency and trust it rolls off the tongue yeah.
Valerie Thomas: Thank you yeah it's like it's like a five-letter you know working group so and in fact this is this one is driven by a company called Trade Lens. So Trade Lens is the Venture joint venture between IBM and Maersk and they do container shipping tracking using fabric it's a working commercial system the problem is it's not integrated into the try trade financing Community right so
Valerie Thomas: Here's a private Network
Valerie Thomas: Clothes is available to shippers and shipping entities if you want to be you know a seller or a buyer you have to you know you have to do a bill of lading so the bill of lading is on the on the blockchain great but now the banks can see it right so now if you want to you know get a letter of credit basically a debt you know instrument the banks not going to give it to you unless you can show a bill of lading and so you know that means that a gateway
Valerie Thomas: Needs to export out portions
<identity_woman> Just to be clear - the open standards work leveraging VCS is happening that Transmute is a key leader in.
Valerie Thomas: Of the bill of lading into a form and and sign it and provide to the bank so that the bank can believe it and say yeah it's it's signed by this entity who owns this Gateway so we believe it so now here's a check or here’s a bunch of money so these are the two primary use cases we're working on right now the third one is atomic swaps if you guys know what that is we said to ourselves we’ll do atomic swaps when we finish these two work items
Valerie Thomas: Because you know just this too much work you know on our plate so we've got numerous identity and credential challenges so at the asset level there's the requirement from the FATF the travel rule so in the current scenario with the you know big exchanges these are these are private companies essentially when you know Alice wants to use an exchange
Valerie Thomas: In the United States to send
Valerie Thomas: Crypotcurrencies or other assets to say an exchange in Japan to Bob who lives in Tokyo this is exactly how the correspondent banking works today both of these exchanges have to maintain retain information personal data about Alice and about Bob so that they can comply to the to travel rule so this is something that we assume has happened right so this is I think opportunity for this community to to
Valerie Thomas: Look at this the second type of
Valerie Thomas: Identity needed credential is for the service provider itself so the service provider is a business and so we've been looking at the LEI structure and LEI Gleif Foundation we're looking at DIDs and VCs but we're not doing anything in this space because it's we assume somebody else you know has done it. We assume maybe this community has got a solution we just going to adopt you know that solution fourth challenge
Valerie Thomas: Is Gateway Discovery and identification right so
Valerie Thomas: If you know Gateway G1 if Alice says oh please you know send this this thing to Bob and Bob is in some Network that's and Gateway G1 won has never interacted with that network well the first thing that the Gateway news needs to find out is well what what are the compatible gateways that I can peer with in this remote Network
Valerie Thomas: So that's service discovery and then
Valerie Thomas: Ell this this Gateway over there is giving me a DID and the DID is actually parked on a blockchain somewhere else and I need to look for that and I need to validate the URL I need to check through the method all this stuff that's also out of scope for us and so we're we're assuming what kind of hand waving and assuming that the gateways have done this
Valerie Thomas: And then of course there's all this other stuff
Valerie Thomas: We need to look at which is you know logging transaction related data so for legal purposes taxation purposes some of this information needs to be logged somewhere right so this brings the question that you know let's say you know United States for taxation reasons has to be available and verifiable for the next seven years five years seven years five years then can whoever's auditing this in year 4 validate the identities of
Valerie Thomas: All the entities involved
Valerie Thomas: Right Alice Bob the service providers and can they find if it's using a DID or VC can can that be fed so discovered or do we need to also log off chain copies of the relevant data structures pertaining to the identity and the credentials so this is again this is this is out of scope for us but I'm hoping that you know somebody or some folks here might be you know interested in some of these or all of these you know
Valerie Thomas: Questions we'd love to be
Valerie Thomas: Working with you because this is a huge problem set let's say I kind of feel that the transfer protocol itself is complex enough and we just don't have the cycles to like even even talk about this you know to a great length in our discussion group.
Valerie Thomas: Uh scope of work, API endpoints this is pretty standard plain vanilla IETF scope of work resource identifiers possibly including identity related identifiers message payload of course and for the transfer protocol we're looking at a two-phase commit or three phase commit variant to make sure to ensure there's no double spending so the properties you want to aim for are the acid properties so you
Valerie Thomas: You want atomicity so you know no double spending
Valerie Thomas: Consistency again atomicity sorry means that either the whole transaction occurs or nothing happens consistency means no double spending the asset can only exist in one of the networks at any one time isolation means that while the transfer is occurring it needs to be protected from external impact aspects in a crashes and so on and durability means that once
Valerie Thomas: Both gateways have completed the
Valerie Thomas: 2 PC or 3 PC commitment stage then it holds true forever right there's no like there's no ambiguity it needs to hold even if one of the gateways crashes so this is possible scenario that the very last message of the commit one of the Gateway you know crashes then what happens right and where there's folks working on how to address crash recovery that we have a you know a primary Gateway and the secondary back
Valerie Thomas: Backup sort of Gateway what about session resumption
Valerie Thomas: Because between G1 and G2 is running TLS.
<identity_woman> VCs about things - they themselves are not "assets" and are definitely on-chain so I'm really not clear the value that what you are proposing is bringing forward.
Valerie Thomas: So does the backup Gateway you know resume the TLS so there's all these other issues that come into play but that's kind of the the scope of the group we've got an architecture draft we've got a set core protocol we’ve got a number of other drafts you know being written crash recovery Discovery asset profile so what we mean by an asset profile is a definition a legal definition of what digital asset is
Valerie Thomas: And a legal definition of who has the authority to
<identity_woman> *definitely not onchain
Valerie Thomas: Issue this this is important because when you have networks that are carrying actual value bearing blobs the data objects you want to know so Gateway G2 needs to know that this asset that's going to come ingress into its network number one it's at the legal level legal layer it's a known defined asset so the good example is in Switzerland there’s a thing called a
Valerie Thomas: Promissory note big piece of paper
Valerie Thomas: So gateway 2 needs to needs to understand that this is a digital promissory note it's issued by a bank in Switzerland and that's covered under some you know FINMA regulation out of Switzerland so things like that that's pretty much out of scope for us we just we just put it there as a way to tell people that were considering this but asset profiles are out of scope for us.
Valerie Thomas: So we’ve got the discussion group it's we've been meeting informally since September 2020 Lots of people timezone is an issue because we have people in India we have guys in Australia and of course in Europe we have a mailing list you're most welcome to join this is open folks you just you just dial in the zoom zoom link is on the mailing list you know every week and
Valerie Thomas: We plan to have a BoF at the coming
Valerie Thomas: London IETF in November and we're just doing that scope of work and the area in the IETF that this’ll hopefully will fall under is the security area but we'll see we'll see if the IETF accepts this as a work item because it's kind of new for IETF community because it deals with with assets the notion of digital assets what else oh thank you couple of plugs for our new book there Building The New Economy.
Valerie Thomas: And this there's a there's a couple of chapters there to talk about some of this stuff but going back there so that's that's the end of my presentation I prefer to have like a kind of a Q&A discussion as opposed to just having a one-way you know me you know doing slides.
Mike Prorock: We can absolutely facilitate and now really appreciate the time on this and I you know obviously there's a lot of you know and I think I said it in your last BoF right I mean this is a legitimate problem right and interoperability of particular is one of those things that
Mike Prorock: You know is going to be tough and the IETF challenge side obviously is that you have that magic word blockchain in there which obviously then immediately as much as you want to try to avoid it right it causes all sorts of feathers get ruffled so there's definitely some overlap and I think I mentioned this as well as some stuff here at CCG but I want to make sure you know other folks are getting on the queue Harrison I see you up here.
Mike Prorock: And then by the way Thomas your screen share is still up.
Mike Prorock: If you want kill it
Valerie Thomas: Sorry let me okay let me stop screen sharing
Mike Prorock: So Harrison fire away
Harrison_Tang: Well thanks Thomas yeah this is might be the newbie questioned but I know Kosmos is building itself and trying to say they're trying to build an internet of blockchains on top of I think it's called inter blockchain communication protocol so how is this SATP kind of differ and or in some ways similar to the Kosmos like interblock changing communication program?
<tomj> i am running into a similar problem with logging things which are considered private by gdpr - is that part of the groups discussion
Valerie Thomas: Yep I hear that everywhere I go I just had a call with the Avalanche guys three weeks ago and this is the president you know of and an engineer and they have their own sort of asset transfer thing and the reason the reason why I think this work needs to be done outside any specific communities is that it needs neutrality
Valerie Thomas: It needs neutrality it
Valerie Thomas: Needs a solution that's not bound to any incentive mechanism right so with 80 different blockchains now people are trying to do what is it bilateral transfers everybody's typically designing for interop with etherium.
Valerie Thomas: All right so we're gonna
Valerie Thomas: Probably end up with like 80 varieties of a transfer protocol but I think this work needs to be done it needs to be written specifications and in the IETF you need two versions of Open Source Code implementing this we have in fact think three different groups organizations implementing beginning to implement SAT-P and and I'm hoping that you know this could just be the neutral protocolthat you know is simple to understand
Valerie Thomas: It gets over and done with and so it's key that
Valerie Thomas: It's not bound to any incentive and incentivisation you I mean no token raises there is no tokens needed gateways can charge whatever Gateway providers service providers that run gateways they can charge whatever they want to the network or to Alice or to Bob it should not be part of the specification technical specification definition and I think that that kind of helps
Mike Prorock: Awesome Steve I see you on the queue there, uh Magennis.
<mprorock> wow, transcriber - behave
Steve Magennis: Thanks. Thomas, a question for you I think you mentioned earlier that Swisscom is kind of sponsoring some of this work I'm wondering you know a have they signed up to kind of help you evangelize and promote this once it's out there and maybe sort of talk about their interest in that and what they plan on doing to basically get others on board
Valerie Thomas: Sure it's actually so we have a lot of well not a lot number of sponsors corporate sponsors who are interested in such as Swisscom so EY is very interested in this EY has been doing all sorts of experimentation projects and in fact a lot of what I would call a traditional corporations have invested a lot of money in The Last 5 Years doing pilots and so on and so on of you know
Valerie Thomas: Internal implementations and blockchains
Valerie Thomas: I don't know what
Valerie Thomas: Swisscomm or EY all these guys have in mind specifically but when they see my presentation they kind of say yeah you know we kind of we kind of need this and we have we have a we have a Swisscomm you know representative who attends you know our weekly meeting now so I presume they're interested in this we've got a couple of guys who work for the finance Community in London and they're building a product you know for this
Valerie Thomas: And in their particular case it’s this traditional case
Valerie Thomas: Situation wasa
Valerie Thomas: A banking which a monolithic banking system with an RTGS system you know system in the back and so on and they need not 2 gateways they just need one gateway to talk to the blockchain and vice versa right so they need they need that kind of you know Gateway so the the problem itself once once I explain to these guys in many ways
Valerie Thomas: It captures a lot of the dilemmas that traditional organizations have today when facing this you know new technology called blockchains and DLTs and and this is a mechanism the Gateway model is something that they can you know latch their minds to at the IETF meeting in July IETF 114 you know there were a couple of guys in the back of the rooms from Swift right so you guys know Swift
Valerie Thomas: And gateways are a no-brainer for these
Valerie Thomas: Guys like yeah we've kind of invented gateways is what they told me so so it's a it's a good architecture model in that it it's well known in the in the you know financial industry it is the model that's part of the core part of the internet architecture that allows routing to scale up very very fast at a global scale and so you know I'm hoping to answer your specific question I'm hoping one or more or
Valerie Thomas: All of these sponsors who are interested in this work will
Valerie Thomas: Actually you know promote it fingers crossed
Steve Magennis: Thank you
Mike Prorock: Awesome I think Kaliya you are next, yep
Kaliya Young: Hi sorry I'm just umuting challenges I guess I'm some of the things you said Thomas sort of didn't make sense to me so I just I made comments in the chat as you spoke but I just wanted to raise them and get clarification I think many of the companies in on this community have worked via the Silicon Valley Innovation program on implementing
Kaliya Young: Verifiable credentials for a trade use cases
Kaliya Young: Verifiable credentials are not Assets in and of themselves they're just assertions about - sorry let me turn the kettle off
Kaliya Young: They're just assertions about things and they don't like they don't need the kind of transferability you're talking about they're already off chain they're shareable by the holder with whoever they want so I guess I'm confused about some of what you were asserting in your presentation when it’s already solved with off chain solutions
Kaliya Young: That are standards based coming out of this community
Valerie Thomas: Yeah no no I think we’re talking about two different things so the asset itself sometimes I use the example of an NFT that represents a physical asset so this is getting a lot of traction so you guys have heard of Beeple and was it the Ape NFT so a digital only NFT an unchained only NFT is great fine there's a market for that but there's an even huger market for digital unchained digital representations
Valerie Thomas: Of physical assets, whether it’s
<identity_woman> You mean what Mattereum is doing -
Valerie Thomas: Your 200 million dollar Picasso sitting in a bank while whether it's you know a thousand kilos of gold bars in a depositor somewhere so you know what once the world sort of discovers this I think people are digital twin NFT I don't know what you know what to call that kind of NFT sort of a hybrid NFT there's this question of how how can you disconnect the NFT itself from the particular network implementation
Valerie Thomas: Right so there’s ERC 721 that's great but is there a way to have a token that's separated away from a particular Network so that it can move across two different networks for this community I think what's relevant is that the DID or the VC idea pertain not to the asset but to the players the legal entities that have to help have to participate
Valerie Thomas: In getting this
Valerie Thomas: Asset cross from one network to another so that means the originator Alice the beneficiary Bob the service provider and it could be it could be also the authority that issued the the token the begin with the NFT to begin with so so this is it makes you know this is to me this is like the identity this group is the identity layer above
Valerie Thomas: The secure asset transfer protocol
Valerie Thomas: So I think it's two separate problems
Mike Prorock: Yeah I'll jump in it because I see the queue building up because I think Kaliya you're getting at a great line of questioning one thing I did want to note Thomas just in case it's not on your radar there are multiple of us using DIDs for digital twins for real-world stuff along with other types of things to avoid NFT chaos and stuff like that and doing it in a regulatory compliant way so just you know interesting topic for future side discussions there Keith I see you on the queue
Keith Kowal: Yeah thanks Thomas so I think travel rules are a really interesting topic and it's something that I've had to learn a lot about as I’ve transitioned more into Web3 I think you can not ignore ignore like the traveler will protocols that are being established like Shift, Trisa, Open Vat which are all like essentially like off chain protocols for ask communication like that's a big thing I mean I don't see that much VC DIDs being used for travel rule except maybe the discussions happening in Center Consortium
Keith Kowal: Like led by Kim Hamilton Duffy where you know you have maybe an on chain component and then you have offchain
Keith Kowal: Communication for transfer of DIDs but I think also the thing you always get stuck into is that it's not just about movement of DIDs and VCs it also has to be the trust architectures because who who owns the DID who manage like you need all the trust architectures as well so and you also need typically like account identification so that's actually why a lot of travel rule protocols have a good head start because they take on the trust problems they take on the account identification problems you know it's not just the transfer of travel rule information it's
Keith Kowal: Like a whole bucket of stuff that
Valerie Thomas: I'm on the board of Trisa and so Trisa how do I say this politely Trisa is the majority of people there are policy makers so I've mentioned you know DIDs, VCs, and they say well great put it put it in the white paper you know but for the traveler or the concern for them is well number one VASP
Valerie Thomas: Discovery so here's a is a VASP of the United States
Valerie Thomas: And Alice is in the United States and Alice says send this you know bunch of tokens or cryptocurrency to Bob in Africa.
Valerie Thomas: Okay so and all Alice has his maybe Bob's email address or public key right so where does the VASP discover this other VASP that supposed to be in Africa that's problem number one and problem number two how does the US VASP validate that the African VASP is a legal legally registered business covered under the local jurisdiction
Valerie Thomas: Because what's going to happen is
Valerie Thomas: The US VASP has to send to Africa Alice's personal information which is the BSA 986 regulations so this is first name last name address telephone number and a few other bits of information account number and so the last thing Alice and the US VASP want to happen is that Alice’s data is sitting in some PC computer in in Africa and it gets hacked and it's lost
Valerie Thomas: Right so there's this there's almost this
Valerie Thomas: Incompatibility of of jurisdictions which in the past has been sort of umbrelled and by [_____] and but now in this new world of crypto gets pretty pretty complex right and you're right it's not it's not even about the DID structure and the VC structure its who says that this data about Alice is accurate and who says this data about Bob is accurate who's willing to take on financial liability if either the information is incorrect or they lie
Valerie Thomas: Right this is this is what you sort of brought up, which is the
Valerie Thomas: Trust trustworthiness sort of aspect.
<identity_woman> This is where the trust framaework work comes in
Mike Prorock: Awesome Point watching the queue I think we've got a pause in the queue here I'm gonna go with the fun point-blank question which is why not just use the Trade Center up for the API layer and everything else and so that's what's rolling out US gov-wise regulatory-wise for trade and imports and all that kind of fun stuff?
<phil_l_(p1)> Sounds like a strong argument for trust repositories. And specs for these.
Valerie Thomas: We could I've heard that suggestion where we're looking at it in or right now and and yeah it's a good question I don't know what the future of that effort will be
Mike Prorock: Yeah we'd love to have you obviously there's a lot of a lot of work going on there from a lot of different parties and tech demos or starting with US gov in January right so and some stuff to be definitely make sure it's on the radar folks. Harrison?
Harrison_Tang: Yes I'm just curious because what you described sounds to me like KYC know your customer kind compliance problems like so have you and the group like consider partnering with KYC vendors you know in the solving these issues?
<identity_woman> that is the point - you are solving a business problem by forming a technical thing at IETF
<identity_woman> ??? we are wondering why
Valerie Thomas: Not specifically so IETF is an engineering organization it's not like it doesn't have a doesn't have a business group it doesn't have a Marketing Group most most consortiums industry consortiums typically end up having a policy group / Marketing Group nothing like that so there's no one in theIETFno one in our groups mostly Engineers is really talking to that you know community I am myself and another guy is probably the only two people are sort of
Valerie Thomas: Following what's happening in the KYC area but but Harrison you're absolutely.
Valerie Thomas: Spot on this is a KYC problem and for the IETF it’s like well it's out of scope either this is Phase zero as you saw before in this slide this is all the on the difficult legal stuff like KYC and so it happens before Gateway G1 talks to Gateway G2.
Mike Prorock: So just quick question because I'm looking at back-channel here and you know I always like to ask the fun questions which is what about accusations that you're just spinning upset p as cover to avoid accusations of vendor lock-in between proprietary hyper ledgers situations?
Valerie Thomas: Well so you know I'm known to become unpopular for saying certain things but I think I think the you know there is still new blockchains you know that are vendor-specific that are being spun up it usually doing a token raised and the whole point you know I love all the words about yeah we want you know what's the famous phrase financial inclusion we want to solve world hunger using blockchain and I love I love all of that.
Valerie Thomas: But the BS and the hype has to stop and if you’re just spinning
Valerie Thomas: Up yet another blockchain and doing a token raised and then you have a foundation and then you know next thing you know the foundation collapses you know isn't that like you know a story that you know is kind of getting old I mean you know coin there seems to have a story like that every month right and this is why I'm saying we kind of need to look at a technical specification technical Solution that's that's you know separated from the whole financial sort of motivation incentivization
Mike Prorock: Awesome and I did see, yeah, Keith go ahead.
<identity_woman> can you spell trisa please
Keith Kowal: I just want to follow up on your comment so I didn't realize you were a member of Trisa so like I've been attending a lot of Trisa meetings like I think it's like I think Trisa’s a really interesting organization they have a lot of interesting stakeholders like their new Enterprise directory which is basically like a trust directory is very interesting I've also like wondered well how do you get them to be more adopt DIDs VCs like off chain you know architecture and it does seem like it's a
Keith Kowal: I mean it seems like maybe it's a non-starter because they just you know they use their proprietary protocol APIs to
Keith Kowal: Transfer that information I just wonder what your thoughts are about how -
Valerie Thomas: Keith you need you need to come you know in the meetings just speak up and say Hey I want to contribute to the to the spec whatever version it is now a think it's version 11 or version 12 and say Hey you know I want to add DID VC data structure to represent the VASP I think I think that would be most welcome by the Trisa community
Valerie Thomas: Absolutely I'm behind you you you know if you want sort of somebody to help you co-author that for the white paper I'm happy to do that you know you're right right now it's just a directory service to look up VASPS
Valerie Thomas: Right and so you
Valerie Thomas: Know I suggested them well you know it could be a blockchain it's in itself the director could be represented as blockchain but I think this idea was just a directory is it's a more palatable conceptually sort of model particularly for policymakers because they can they can sort of Imagine does this database in the sky that's going to have a list of all the VASPs you know so a list of VASPs is
Valerie Thomas: Is a concept that's familiar for people
Valerie Thomas: In the policy and regulatory sector because typically you know they already have a list of banks you know consortiums of you know of banks are listed you know if you're a member of Swift you're listed in that certain someone.
Mike Prorock: Quick so two questions before we close out from the text chat there one is can you clarify spelling on Trisa
Valerie Thomas: T R I S A
Keith Kowal:
<mprorock> TRISA
Mike Prorock: Perfect thank you I'll type that out for those that don’t have it and then the other question was just as far as you know potential items related to stuff that you know just what we're looking and auditing at data that has to be collected and stuff like that are there you know GDPR things you're running into or things like that around data privacy
Mike Prorock: Side either with offchain. I know
Mike Prorock: You’re trying to keep some of that stuff out of scope but it's a question that popped up in the chat there
Valerie Thomas: Yeah I'm not seeing the chat but in the IETF, no, but in Trisa, yes.
Valerie Thomas: So you know this whole need for you know entities the VASP to retain beneficiary and originator you know personal data information for multiple years that's a Trisa problem that in fact that's it that's all the this everybody's problem right whether you're coinbase it's a what I call using quite invested example of Binance pick your exchange they all have the same dilemma.
Valerie Thomas: And it's not a new dilemma
Valerie Thomas: The banking sector had had to deal with this 30 years ago 40 years ago.
Mike Prorock: Yes yes it's not a new problem for sure awesome well I think that's pulling us right up to about time any closing statements obviously want to thank you very much for your time here the great topic and there's a lot to cover here and a lot of great overlap and they it's one of those areas
Mike Prorock: Where I see a lot of
Mike Prorock: Cross interaction between IETF and CCG folks and W3C folks so it's a very happy to bring you over so yeah.
Valerie Thomas: Yeah yeah yeah absolutely you know feel free to reach out to me directly or join the mailing list because you know we're relying on this community for the for the identity DID VC structure we're not doing any of that you know work in the IETF so you know any help that you guys can provide us you know you know in that area would be much appreciated.
<harrison_tang> Thank you, Thomas!
Valerie Thomas: Thank you Mike thank you folks.
Mike Prorock: Awesome well thanks so much again just a big thanks from all of us here at CCG really appreciate the open questions and we'll cross our fingers for you for the next BoF and probably try to grab an update and just see where the work evolves to so it's really appreciate it thanks again.
Mike Prorock: Thanks all