The W3C Credentials Community Group

Meeting Transcriptions and Audio Recordings (2014-today)

Go Back

VC for Education Task Force

Transcript for 2023-05-08

Our Robot Overlords are scribing.
Kerri Lemoie: Great hello everybody Welcome to the Monday May 8th edition of the BBC edu task force called my name is Cary Illinois and I'm one of the co-chairs of the group and hosting today's call I'm going to go through some introductory boilerplate stuff that we do at the beginning of every call and then we will get to our main topic with Christopher Alan wolf McNally from blockchain Commons we're going to talk to us about a slut.
Kerri Lemoie: Active disclosure.

Topic: IP Note

Kerri Lemoie: So first anyone can participate in these calls this is an open Community call and we welcome anyone also but note that if you are planning on participating on contributing to any of the specs at w3c or the ccg you should join the group and sign the paperwork and if you're curious about that information you can follow this link right here that I'll put it in the chat.
Kerri Lemoie: I mean info Link in the chat right here.

Topic: Call Notes

Kerri Lemoie: These calls are recorded the minutes are taken by this robot transcriber that is pretty smart the most part and also we are doing an audio recording and there is now a video recording we send out the minutes after the call you don't typically include the video right now but if you would like a video of this please feel free to reach out to the chairs I try to remember to send it out to the mailing list when I whenever I.
Kerri Lemoie: An excuse me so next let's talk.
Kerri Lemoie: Introductions and reintroductions is there anybody that's new to the call today that would like to introduce themselves or perhaps Christopher wolf would like to introduce themselves before we get started on the main topic today.

Topic: Introductions & Reintroductions

Christopher Allen: Sure I'm Christopher Alan I am the former co-chair of the ccg and one of the co-authors of the didd 1.0 standard and I also have founded and host rebooting web of trust which I hope you all have heard of we have another event coming up in Cologne in September 18th so I hope to see some of.
Christopher Allen: You in person there.
Christopher Allen: I don't think I've ever been to a VC edu meeting so this would be my first meeting wolf.
Wolf_McNally: Ali Ali researcher for location Commons Christopher and I have been working for several years together on a variety of Open Standards that allow of the Privacy Community I think should be very interested in and so excited to be here this is my first meeting.
Kerri Lemoie: Awesome thank you both for joining us I think bed and touch on the ccg Carl says great to have you at our age you call this week anybody else here want to make any introductions or reintroductions.
Kerri Lemoie: There is one thing I forgot to mention is that we use a cue system on these calls just like most of the ccg calls to if you would like to you know participate in in the conversation just put a plus in the chat and if you take it take yourself out of the cutest type Cube - you can also use the little hand in the bottom of my dashboard is good see.
Kerri Lemoie: Here next part is announcement.
Kerri Lemoie: Announcements and reminders of anybody have any announcements for they would like to make today.
Kerri Lemoie: Coming up at you like a fill us in on just put yourself in the queue right this Leah look.

Topic: Announcements & Reminders

Kaliya Young: Hi I will share again if you are based in Europe or working in Europe and want to join us we're having the digital identity unconference Europe or dice happening June 7 2009 in Zurich the eighth and the ninth are the main unconference day and there's a pre-conference.
Kaliya Young: Reference had a on the 7th.
Kaliya Young: It's less is Central.
Kaliya Young: I'll put a link to the registration in chat feel free to reach out a few questions too.
Kerri Lemoie: That's great thank you for Leah.
Kerri Lemoie: And you have the floor.
Colin_Reynolds,_Ed_Design_Lab: Hey good morning afternoon evening of all God's wanted to throw out there one of the sort of projects or things that someone my team and in our networking but working on are related to The Last Mile challenges from the employer perspective and HR Tech Menders specifically and some of the challenges and barriers associated with the consumption of digital credentials and skills data so we are actively working on kind of a series.
Colin_Reynolds,_Ed_Design_Lab: he's of convenings and in-person get.
<christopher_allen> Rebooting Web of Trust 12 (aka RWOT), on September 18th, in Cologne Germany:
Colin_Reynolds,_Ed_Design_Lab: Over the next five six months and so if anyone on the call has any good relationships or interest in supporting good relationships with individuals who are in kind of that perspective space and The Last Mile Challenge then what about the connect put my email address in the chat but yeah we're really I think we you know the last mile is a is a complex challenge but I think the employers and engaging them in the conversation and some of these HR Tech group.
Colin_Reynolds,_Ed_Design_Lab: has been something we've heard a lot about and have some.
Colin_Reynolds,_Ed_Design_Lab: Who are engaging us to dive into this work so just wanted to throw that out there you know wants to chat about it or has any good contacts that they think might be helpful.
Kerri Lemoie: Thank you calling I like to talk more about it at some point when you have a chance.
Colin_Reynolds,_Ed_Design_Lab: Awesome you're gonna be in The Trusted learner now become conference coming up yeah.
Kerri Lemoie: Yes actually that was going to be why I put myself in the key so yes.
Colin_Reynolds,_Ed_Design_Lab: All right I'll get out of the way let's shut them.
Kerri Lemoie: And also I just want to point out they Christopher Allen put a reboot of trust in the chat too oh you bet that's what you mentioned his first sorry that's the link to reboot I did for myself only when I think in there right now and the q1 for the ASU tln on conference next week which runs at on Thursday next week I'm going to be running a workshop there that I'm hoping will be helpful to folks I'm still working through it because it's kind of challenging but.
Kerri Lemoie: It's about the language to describe.
Kerri Lemoie: Both credentials and education and Workforce so verifiable lers but sort of been leaning towards calling things lately so that folks could be able to take this Tech back to their communities and describe it in ways that are comfortable and familiar to them so I'm working on that for next week and then the other announcement that I had for all of you if you haven't seen it in the ccg there's been a new work item announced that is going to be really useful to this community this.
Kerri Lemoie: Is that the rendering methods work item put the link to the.
Kerri Lemoie: Reaper there and essentially what this is is making it possible for issuers to make suggestions as to how they think a credential should display in wallet well I won't have to necessarily pay attention to this but they could and so I work for the digital credential Consortium we work with universities and one use case for us for that is diplomas that institutions may want to say hey we're going to issue a VC version of this diploma but we would really have to look at.
Kerri Lemoie: This way.
Kerri Lemoie: And we're going to provide it.
Kerri Lemoie: Actions for the wireless to do that so if you are interested in in that work item please go do that repo and read through what they have there and and participate.
Kerri Lemoie: Okay so I think that is all for Nelson's and reminders for now if you think of anything feel free to cure yourself up later I'm going to know him things over to Christopher and wolf you do their announced do their presentation I'm going to put a link to it in the chat for all of you so that you have it.

Topic: The Next Step in Digital Credentials — Hash-based Elision

Christopher Allen: Okay thank you thank you just booting up my screen.
<kerri_lemoie> Presentation Link:
Christopher Allen: Okay I hope everybody can see that so I'm Christopher Allen from blockchain Commons you know our big goal is what we create an open interoperable secure and compassionate digital infrastructure to enable people to control their Destiny and to maintain their human dignity online we are particularly focused now on working with developer communities.
Christopher Allen: Tools for digital identity digital assets and responsible key management but these are based on our gordian principles are Guardian principles are for Independence privacy resilience and openness and those in turn are based on the self Sovereign identity principles so that is really kind of the context where we came into this.
<colin_reynolds,_ed_design_lab> If you'd like to connect on the employer + HR Tech side of the Last Mile challenge, please send me an email:
Christopher Allen: This discussion so obviously I've been involved in D IDs and verifiable credentials for a very long time I'm a co-author of the didd 1.0 standard and then I'm also a co-author of the TLs standard from the late 90s and I really wanted to talk with you as you know we I think you guys have done a great job with schemas and VC group has done a great job.
Christopher Allen: Model I just really wanted us to take the next step and the next step is significantly more privacy so clearly digital credentials are a better way of sharing when we wouldn't be in this meeting today if we didn't believe that to be true I mean they simplify Administration you know you just create this thing that is a digital version of what you've done in the past you digitally sign it you put your public keys in a pki and to a certain extent that's relatively simple you know.
Christopher Allen: You're publishing.
<kerri_lemoie> Announcement that I forgot: ELM Webinar this Thurs May 11, 2-4pm CET
Christopher Allen: The you know they allow you to simplify your usage the students can use them as they will it's not Institute necessary for you know a staffer an institution to verify because the signature does that and of course there's no phone home that that's actually one of the first useful things from a verifiable credentials model is that the holder can basically get it verified without having to call home.
Christopher Allen: Which could cause privacy problems but I also feel like digital credentials can be dangerous all that we've done with them is right now make them better but we haven't necessarily addressed the the problem so in particular how do you protect student privacy so you know a subclass of that is how do you protect against discrimination against students but possibly even.
Christopher Allen: I'm more important especially.
<kerri_lemoie> Fixed presentation link:
Christopher Allen: Group which is working directly with universities and other educational institutions is how do we reduce liability especially given laws like gdpr the CCPA in California and I've been involved with even more digital privacy laws that are emerging so what are the problems of digital credentials well obviously an important one is identity theft you know you get three points of data about somebody and.
Christopher Allen: And you know you're on.
Christopher Allen: Well on the path of understanding who they are why they are what are their weaknesses what are their strengths excetera so we're always trying to minimize this and credentials even educational credentials contain a huge amount of info and a lot of stuff is you know not properly boxed so oftentimes you'll have you know personal identification issue to allow for Authentication.
Christopher Allen: Action which.
Christopher Allen: Nothing to do with the credential data so you know oftentimes in there will be things like birthdays you know real names various ID numbers and these are often used by other parties as identity questions but specific data can cause problems too so let's talk about that a little bit gender discrimination so at the last rebooting we had a young woman from Eastern Europe.
Christopher Allen: Who was a doctoral candidate come and her basic thing was you know a she's already dealing with gender discrimination but then she also graduated from a central European University so she's also discriminated against as central European and her name sounds ethnic and so she's also potentially discriminated on a religious.
Christopher Allen: All data.
Christopher Allen: That's going to be on her her credentials in addition to that it may have their birthplace in may have various issuer location information other things that can be used for racial or other things there's age discrimination when I last taught in an MBA program number of my students were in their 50s and you know in the years since that I've communicated with them despite.
Christopher Allen: Getting their MBA.
Christopher Allen: They felt discriminated against because of their age at least the initial interviews with people so faith-based school information whether or not it's a religious school or something that gives a clue about religious details can also be used and then you know in the basic problem is the more data the more problems so how do we solve this and one of the simplest Solutions is something that we call holder based Elysian.
Christopher Allen: So what is this.
Christopher Allen: Session is the data field credentials should be out shouldn't be out in the wild as much as possible instead let the holder redact the information as they see fit now note very carefully I'm not saying subject I'm saying the holder redact information yes the subject is the first holder but there are a variety of reasons as these go back out to HR departments out to various accrediting bodies or Loan review bodies Etc where they become.
Christopher Allen: Um holders and they to me.
Christopher Allen: To redact potentially in different ways that meet their needs so this allows all the parties to you know eliminate potential discriminatory information or partially reveal it but the holder still have the full credential when it's needed because the signatures will still verify that's the question of data retention deletion.
Christopher Allen: And Etc becomes more of an issue for the holder and of course the holders Wallet not the educational institution so how do we how does this work so I'm going to talk about one particular approach to it this is from blockchain Commons wolf is the implementer and it basically starts with a hash I presume that everybody here knows you know what is a hash I mean it's a data fingerprint you can see here the input is hello.
Christopher Allen: A 256-bit hash we also have beside it here as something called a life hash which is a visual version of that that was invented by wolf because it's really hard to read those numbers I mean on everybody I know looks at like the first three in the last three which isn't as secure but if you see both the hash and a life print you can feel much more confident that two hashes are the same.
Christopher Allen: We very small.
Christopher Allen: Changing the input from a no to a gnome Lotto makes for a drastic change both in the hash and in the Life print so that's what pastures are there fixed size no matter what the size of the input is you can kind of consider them to be the ultimate in lossy compression and hashes are one way you can pack them out and they're really a long series of numbers but again they can be made more visually visible so what does hash-based elisions so.
Christopher Allen: Right now when you sign a document.
<kerri_lemoie> ASU TLN Unconference:
Christopher Allen: And then you remove the data you can no longer verify the signatures so you're kind of stuck without the data so how do we allow the holder to remove the data without invalidating the signature so instead of signing the the input we're basically signing the hash now you could say it's pretty obvious because that's actually technically underneath the scenes what actually is happening but we're making this even more explicit and designing it in the.
Christopher Allen: The key thing is that with the data is removed the hash remains in the document when the Hat when the data is restored you can verify that the data is Hash matches the hash in the document so let's take this up to the next level what is a tree of hashes so data can be arranged in a tree oops and for some reason I'm not seeing the tree image there it is the all similar data is kept in the same.
Christopher Allen: Branch for credentials.
Christopher Allen: All of us.
Christopher Allen: Students personally identifiable information might be in one branch all of their qualifications might be another this organization continues down from there now this allows us to Allied specific types of envelope so how does this work you know every bit has its own hash and you know it you know is reflected all the way up to the root hash this is a really old and you know consider to be mature technology the Merkle tree.
Christopher Allen: Was invented in.
Christopher Allen: It was one of the first cryptography things so we know how to do this well so what is hash-based Elysian well if a document is a tree of hashes than any change anywhere will invalidate the signatures so you know we see here we sign this route document and it's basically you know anything changes and Below boom it propagates other upward and now the signature no longer verifies because the hashes different right.
Christopher Allen: Pretty Basics but with hash.
Christopher Allen: The document is a tree of hashes not a tree of the actual data than any branch can be removed while leaving the hash behind so that all the higher-level signatures can be evaluated so in this case the root is also signed but we can choose to Allied this particular document let's say that this is my age and I don't want to send that to somebody it removes certain information about me I can send this.
Christopher Allen: Along to someone else and.
Christopher Allen: Given that a lighted information the signature still verifies and maybe they don't care or not are not supposed to care about my age they don't need that extra alighted information so this really allows for data minimization which is the Cornerstone of privacy the basic reveal reveal no more than what is needed you know that's the bottom line any kind of data minimization and my opinion requires some.
Christopher Allen: Um system of selecting.
Christopher Allen: Are there and there are a number of other approaches I think this is one of the better ones because holder based hash based religion makes students allows student holders to make all of the initial decisions about how things are going to be shared so you know as people creating these credentials why do we care so we want meaningful credentials but we also want to protect students and their Futures we want to protect vulnerable populations that are.
Christopher Allen: Coming to our schools.
Christopher Allen: Students are particularly vulnerable they're young they're away from home they're away from their support systems their way often times from their own cultures we have to protect them and then of course we value diversity and we want to protect the diversity in our institutions and but we also want people to be able to leave our institutions and get great jobs and careers and support our institutions in the future.
Christopher Allen: Some other ways that it helps Institution.
Christopher Allen: As you don't have the admin of a light and credentials the institution does not have to understand what the risk requirements of a you know a somebody who is the third party and a verifiable credential you know the person that is hiring the student now has some information about the students credentials and they have very different needs they may need to prove hey I've got 10 people in my organization who have these qualifications.
Christopher Allen: Ins to some other body but they don't want to give the people.
Christopher Allen: Names or anything.
Christopher Allen: Allows other parties to to poach those students those employees so they have a different holding and Elysian requirement than what is needed the institution doesn't need to have to understand this and how this works or enable it it's just automatic with Gordy and envelope thus they also don't have the liability of overfull credentials you know having too much data in there because it is all a Lie To Believe.
Christopher Allen: By the by.
Christopher Allen: This lowers your responsibility I probably should have put a legal caveat here you still have responsibilities in GDP are but it lowers your responsibility for gdpr because some of it is and you know specific to the holder institutional compliance Elysian can also protect institutions from violating laws so for instance often time institutions need to be able to say this number of students graduated to somebody.
Christopher Allen: That is loaning money to students and wanted to make sure that the.
Christopher Allen: Doing that how do you exchange all of this thing to know what is the status of you know these students without violating their privacy well with Elysian you can prove yes we have these number of students and this number of students is employed and you know the the hash tree works and the and compliance rules work for this and but I'm not giving you the names of the students and names of the instead of the.
Christopher Allen: The their employees.
Christopher Allen: This is particularly important in the United States because of FERPA and the ppra which has very very strong requirements as far as how information about students is passed forward and I think a lot of Institutions are in violation in the sense that you know they're doing stuff that allows others to violate the Privacy so.
Christopher Allen: I don't think there's any case.
Christopher Allen: It pulls it back to him but institutions can clearly do better in your there isn't a specific law around student information but gdpr is pretty Broad and of course CCPA and California is you know kind of a variant cjd PR ish some pros and cons but there's a whole bunch more coming data supporting data minimization can really help you provide compliance for a lot of these different kinds of rules and regulations.
Christopher Allen: So that is in general what is elision and why it's important specific to gordian envelope are some additional features so there's this concept of something called a proof of inclusion so instead of having an individual certificate you can basically sign the root hash and publish it with no other information then when someone reveals.
Christopher Allen: Their document to say oh.
Christopher Allen: You know I'm a student only the necessary hashes are revealed between the students credential and this root hash and that allows for a lot of interesting use cases so that's one that's one thing we really wanted to support natively one of the particular ones that I really like with this is something called heard privacy the institution can give every student or credential like they do now but with some additional information.
Christopher Allen: You know where are they in the cohort and then it all the institution has to do is publish the public root for the entire cohort so instead of giving out you know a thousand graduation credentials certificate credential great credentials and all this type of stuff for a cohort of students you can just publish a public you know a public route and the students can choose to to prove that they were.
Christopher Allen: Part of that particular court.
Christopher Allen: Graduating class or the you know quarterly ending public root of something this allows for a lot of additional anti-correlation capabilities and such it is however different than the classic verifiable credentials model so there would have to be some adjustment to think about it because in some sense as you this is a giant verifiable credential for everybody in the class rather than a you know per individual per.
Christopher Allen: Per subject.
Christopher Allen: More I'm going the wrong direction sorry.
Christopher Allen: So again the student can prove inclusion in a cohort also another aspect of gordian envelope is that we allow for a lot of different kinds of elisions so Gordy and envelope I'm sure all of you are comfortable and familiar with triples you know Alice knows Bob in this particular case and the gordian envelope anode is the the kind of the the leaf hash of Allah.
Christopher Allen: Less its assertions Who and the nose and.
Christopher Allen: You can see the Hat there are five hashes here we can Allied the subject we can say that somebody knows Bob and have it be signed we can say that Alice has some relationship to Bob but not what that specific relationship is we can say Alice knows somebody yeah we're has some predicate there and we can also just say Alice has a number of.
Christopher Allen: Oceans but we're not going to.
Christopher Allen: Many and of course there is just the ability to have the single hash route where everything is a lighted this gives for a lot more choices as compared to some other Elysian spec so right now these are the four major ones there's SD jaw twitch is being run through the ietf it leverages the verifiable credentials jot Echo System dif uses a lot of.
Christopher Allen: Of those it's.
Christopher Allen: Needed to the iso mdl and MDOC standards that are being used for mobile driver's license you know for a lot of people if they like it because it doesn't require schemas which you know if you're familiar with this area that's a complicated pro and con a particular con is that the hash list is not a tree they basically elide a whole claim from a list.
Christopher Allen: So they basically the list of claims and they say well we're going.
Christopher Allen: You know three five and nine so it is not quite as flexible As a treat version of it there's LD Merkel disclosure which I think is a little less mature but there is a w3c doc on it the particular advantages of it is that it leverages the json-ld echo system which I believe the vce you community is losing its particularly convenient.
Christopher Allen: For node graph data.
Christopher Allen: But again it is a you know a hash list not a tree you're just basically being able to allocate Allied an entire claim and it does require you to have a node graph structure for your data and a schema for it to properly work Gordy it envelope is ours its data structure agnostic meaning you can do graphs you can do lists you can do schemas or no schemas you can even do different.
Christopher Allen: Kinds of graphs you can do node graphs you can.
Christopher Allen: Edge graphs Etc so that gives it a lot more capability that this is why we can offer things like redaction inclusion proofs heard privacy that I discussed earlier but we can also encrypt data we can put you know is something in escrow and still be able to verify it signed if it's a large object we can press it and then we have some special capabilities as far as secret sharing the cons is it's not W3 cvcc.
Christopher Allen: Trick in some ways it's a little bit below the VC it's useful for many other purposes also.
Christopher Allen: IDs and other data but it's not on a standards track we have submitted it to the ietf and we hope at some point it will be standards track but it's not been a you know accepted by an existing working group yet finally we have BBS plus signature which is being run through the ietf but are active people in both the dif and w3c communities in regarding regarding it.
Christopher Allen: Its main advantage is that it allows for.
Christopher Allen: Signatures that's something hash Collision can't do because what happens with it as you're offering proof of knowledge of an undisclosed the signature and then correlating that it's a powerful feature it doesn't use hashes and instead uses a brand-new cryptography I would even argue two layers of it it uses pairing cryptography and then it uses new cut cryptography on top of pairing cryptography the combination of.
Christopher Allen: Of this makes it more complicated.
Christopher Allen: There are it's a little bit more complicated to do holder based elision scenarios but it's still a very powerful technology.
Christopher Allen: Digital credentials are powerful simple Productions credentials do not protect privacy both the holder and the issue issue or have risks they're also transient they can be lost there's too much information we need strong safe credentials with control by the holder the ability to alai maintenance of signatures through hashing and proofs for further data minimization and I really need to put this call to action here holder based.
Christopher Allen: Collision is crucial for privacy.
Christopher Allen: It can do more I mean I if you're supporting BBS plus proofs fabulous that doesn't mean that you shouldn't also be considering holder base to listen we really need to turn some of these oh well maybe we can do some privacy things maybe we should do some privacy things and start putting them in musts I'd like to see more specs more groups saying this must be done could because legally data minimization really is a requirement so.
Christopher Allen: Why aren't we doing that.
Christopher Allen: Ethically if you're part of the self Sovereign Community you've also said that user control is a requirement so we need to turn these in the musts we'd love for you to use gordian envelope because it has some of these additional features capabilities privacy Etc but if not please please use one of these other Elysian specs for your base so more on gordian Tiny you.
Christopher Allen: Your url.
Christopher Allen: Elope there's also a bunch of very useful videos and transcripts of videos Etc at this URL tinyurl tinyurl gordian hyphen videos and then specifically there is this educational use case where we've tried to describe you know the utility of gordian for for that and I'll quickly show you what that looks like so this is the educational use case.
Christopher Allen: You know we talked about.
Christopher Allen: Various would call this a progressive use case various official credentials she restricts them somebody wants to hire her she gives them their information later there's an open badge and then three kind of progressive heard privacy credentials we'd really like to see contributions from this community to take this educational and credential industry use case forward I think.
Christopher Allen: That's it.
Kerri Lemoie: Thank you Christopher is still a lot but also really interesting and important I have I'm free to thank you I see if we have fill in the cube I have a question for you to controlling could you explain to us how how would a wallet how would a VC wallet Implement something like ordering envelopes so that an individual would know that they have the option to you know share limited pieces of data.
Kerri Lemoie: And also how would a verifier.
Kerri Lemoie: That so how would you apply this to the software simplest kind of the suffer we have now you know.
Christopher Allen: Correct so I mean one of the problems with any of these types of things is it does put a greater burden not just on the the provider of the information in the form of the holder but also the verifier in the information so my kind of take on it is it needs to be incentivize hand-in-hand because to a certain extent the holders don't want the information I mean the non subject holders don't want the information either becomes toxic.
Christopher Allen: Asic data so we really want to you know create systems.
Christopher Allen: Are the the verifier goes this is the information I must have and so we've actually kind of written a at rebooting we have this draft paper called selective disclosure I'll send put the link in the chat the talks about a different way of thinking about things which is we really need to deeply understand you know what we.
Christopher Allen: Want and need to be correlated.
Christopher Allen: So that's part of it I think there's a lot of exploration to in ux of how to do this without overwhelming users you know my hope is that as we you know look carefully at these schemas and such that we maybe break them apart a little bit more it's one of the advantages of the tree structure that gordian has because on one hand and institution who is.
Christopher Allen: You know making.
Christopher Allen: About authentication information of a user which allows you know the you know it's kind of like the student ID type stuff for the purpose of then separately being able to validate the credential keeping those separate really helps and then within the credential itself you know having it have sub credentials and things of that nature will also help you X in this so one of the other things is I've written an article on something called Progressive.
Christopher Allen: Rest of trust.
Christopher Allen: I think that anybody who's implementing this type of thing has to think in this sense there is a there's a desire among developers in this community which is O going to get this blob and I'm going to throw the blob into a box and the box is going to Glow green and say go you're done okay I just don't think that's the way the world works in the in in its patterns of trust things are much more gray than that you know you only.
Christopher Allen: We want the information.
Christopher Allen: The risks that you're having at the moment so that means the the the verifiers need to be able to throw these blobs into the box and box come back it's okay but it might just need one more thing and then go ask for the one more thing and then the user can basically say well do I really want to do this I mean why are they asking me for this one more thing and I basically can decide no I don't want to give him this one more thing you know it's.
Christopher Allen: I don't need this.
Christopher Allen: Of that bad I've got other applicants who aren't asking for that information I hope that helps.
Wolf_McNally: Yeah I look at something too if that's okay.
Wolf_McNally: Yeah so what we tried to do with envelope is design a substrate that is very flexible and because of the tree structure is because tremendous and you can have these triples which are assertions but you can also have assertion Zahn the assertions as many levels as you want and so there's many possible structures that could emerge to make this easier for users one would be and of course you know a nose in substrate we'd like to see people start to create tools and standards around this substrate for instance you could provide.
Wolf_McNally: templates that say okay for a particular purpose here's the required information.
Wolf_McNally: This credential that we need and then you apply the template and it shows you in one step essentially what's being a lighted because and only with the required information is left another possibility is that issuers can actually put assertions on various parts of the data saying this is potentially discriminatory and so the user can just use a tool to say eliminate all potentially discriminatory information or let me review it so I can decide what to Allied so there's a lot of ways that these documents can be both constructive.
Wolf_McNally: and and manipulated such that the user actually has a lot of transparency into the kind of information they're providing are choosing not to provide.
Christopher Allen: Yeah just to be clear on that one of the differences between the sort of the node graph model of json-ld is that you know you you have this triple and then you have one more value that you can add to that triple which allows for the quad to function and do ordering and other different types of things we're not limited to that kind of structure so you know you.
Christopher Allen: You can basically have.
Christopher Allen: Certian zor multiple predicate surround the same claim so you can have all kinds of annotation sub annotations of things and in fact even the predicates can be envelopes so they can have multiple assertions about the predicate to say oh this is an owl schema this is a you know this is a you know belongs to such and such a template or whatever so again it's a lot depends on whether or not you.
Christopher Allen: Want to go up to the full flexibility.
Christopher Allen: Gordy and envelope if you're using json-ld jot or nuts ild it's anyhow you're if you're using one of the selective disclosure Alternatives in the jaw or json-ld system you won't be able to take advantage of those but it you know you can at least say you know this one claim you know I don't want to share.
Wolf_McNally: Yeah I'd also had the the Christopher went to this 5 illusion points in a document of course that applies to the you know all the way down the the tree but any of those illusion points can also be encrypted public symmetrical encrypted public key encrypted split into shares which can be distributed to a group of parties where a quorum is required to actually reconstruct the secret and compressed things like that they're all available illusion obviously is one way of protecting information such as the holder has.
Wolf_McNally: tourist provide the information but it could be encrypted or other kinds of escrow so it's very flexible.
Kerri Lemoie: It's very interesting I'm going to I'm going to oversimplify and then really feel I'm going to hand it over to you in a second we work with the open badges spent quite a bit in the space right now because it's the one that's really like a line to BC so far pretty closely and education could it be so simple as that spec includes a property that says this is where you put this if somebody just wants to know that this person say it's a diploma they just won't know if they wanted to graduate.
Kerri Lemoie: And then we add a property for that.
Kerri Lemoie: Would that be useful.
Christopher Allen: There has been discussion in some other places where admits another format you know you know Jason or whatever there is a gordian spot inside it gordian is uses see bore if you're familiar with that so that's a binary expression language that is determined we use a particular variant of Sabor called.
Christopher Allen: DC borer which is.
Christopher Allen: Some deterministic variant so our data is binary but that being said it can be because of the you know how we've done the layers you can encode it any way you want you can turn it into boring hex you can have used various other compression things or whatever but it is a self describing format and there are some real advantages to using Seaboard directly and that is a you know an ietf standard and there's lots of tooling out there for it the it.
Christopher Allen: It but it isn't Jason.
Christopher Allen: I mean you obviously can you know put it into a Jason statement but it's not Jason.
Kerri Lemoie: It does help thank you Phil Long you have the floor now thank you for your patience.
PL/T3-ASU: Can you hear me clearly a complex topic I just had a really simple question at the very beginning you mentioned that you were able to doing this eliminates the check the sections of the tree that you relied in and presumably that means it's actually not transmitted it's it's not hashing those things that the individual receiving it can't.
PL/T3-ASU: view and.
Kerri Lemoie: CBOR:
PL/T3-ASU: Translate or otherwise recover the information in it it's removing it from the actual credential that is true that is transmitted and received by the.
Christopher Allen: That is correct so I mean there are some subtleties here again we're trying to keep this simple not use a whole bunch of advanced cryptography and things and you know I can talk to you exactly when you must really do BBS plus proofs or things of that nature but most of the time 99% of the time you just basically either want to provide the data the data don't provide the data.
Christopher Allen: And then there's sort of an arc.
Christopher Allen: You going to solve the data for anti-correlation so again this requires a different sense of thinking we do have a sense sometimes in the as a trust architect it's like oh everything should be selectively disclosed you know disclosed we should you know you know nothing should be correlative all etcetera but I think you have to turn that upside down and say no you need to design very carefully there are some things that must be correlated or won't work because it's the whole point of a car.
Christopher Allen: Essentials your correlating that somebody graduated with a person who graduated and.
Christopher Allen: So there is.
Christopher Allen: Nation things that are important but you know what is the Persistence of that correlation you know an institution doesn't need signature privacy a user might you know so you can salt things such that you know things can't be reused or somebody can't try to play games but in some cases salting you know not salting can be advantageous so there are some design considerations will.
Wolf_McNally: If I can give a quick really quick you know intuitive kind understanding of this if a person's name is John Smith and you hash that you get a particular you know a fingerprint back and if you know at that fingerprint is for John Smith you can search a large database fine every hash that's identical and say oh this correlates to John Smith so theoretically if you have unsalted hashes you can find every John Smith in the database without that data being actually present just by its hash so Christopher Ford assaulting salty.
Wolf_McNally: because it's.
Wolf_McNally: Because you can have a certian saint anything you can have random data asserted on which is called salt asserted on a name and therefore what that does because that's part of the tree of that name when the name is lighted the hash is unique in the whole world and so you can have 15,000 John Smith's and every single one of them in this kind of document will have a different hash on their name and you won't be able to correlate them so that's the kind of thing Foresters talking about.
PL/T3-ASU: That's a good that's a good example I think thank you.
Christopher Allen: So yeah and just to be also clear so the the SD jaw and LD Merkel both have salting in them but they're in order to say space in the case of the SD jot they basically have one salt and then they basically create children salts from that one salt.
Christopher Allen: Each has some pros and.
Christopher Allen: It means you're only salting the individual you know once you're only having to put you know a few bites in / the entire Prudential but it also really limits what you can do there and one of the consequences of that is they often you know they kind of have two blobs here are the things that can be alighted and then here's the things that can't be delighted in gordian there isn't really a difference everything would be a lighted so.
PL/T3-ASU: If I can if I can ask one other quick question you mentioned that gordian aligns with both Edge graphs as well as as node graphs that would suggest then that property graphs are natively supportable within okay just wanted to clarify.
Kerri Lemoie: Thank you hash I see you in the queue here you have the floor. Thank you great presentation Christopher and work for just a quick question maybe this is very clear to everybody else but you know I just wanted to clarify so in the example you just gave about let's say that John Smith really wants to reveal his name to you know an institution so that they can know that it is John Smith so how does the verifier actually decrypt any piece of disclosed information right. whatever they disclose How do they. 10 and know who you are right.
Christopher Allen: So in that sense you know what if you give somebody your name you know so I'm John I'm Christopher Alan you know I graduated and here is my credential to you know hiring institution you have the the in that particular institution that hiring body has that information it's not encrypted okay and it's very easy to tell that the educational institution has.
Christopher Allen: It because there's a signature associated with it and you know and there's the ongoing problem okay so now how do you identify that I'm Christopher Allen and that can be done within the credential in some way or some external method of doing that authentication Etc the the heart the harder problem is that let's say I'm applying for a job okay and the job says I need to have a laser welding safety certificate for that job.
Christopher Allen: Okay so.
Christopher Allen: Up that I can basically prove that I have that and I can give them a you know idid and how to contact me with it whatever but I don't need to give them that I'm you know that I'm Mohammed Joan Muhammad something and I got my degree from an accredited institution in in Central Europe I can just basically say you know I have a degree from a European credentialed school and I.
Christopher Allen: Have this have.
Christopher Allen: Particular credential that you are asking for and now you know are you interested in interviewing me and if you're not interested in interviewing me I'm not gonna give you any more information so there this is what I mean by Progressive disclosure and again I have a whole article on you know kind of what the implications of that are so the next step is that you know the company comes back and says yeah you know we're only like you know what information you've given you we've given you we'd like an interview you may reveal some.
Christopher Allen: Other information which might be how a contact you and zoom links and other.
Christopher Allen: Different things of that.
Christopher Allen: Nature endorsements in the form of badges personal endorsements I've been long encouraging Kim Hamilton to put peer endorsements into the schemas that you guys are working on he'll present a few of those again being sensitive to privacy and when they actually make you an offer and you accept that offer that's when you might actually give all here is my equivalent of social security number I might prove that I have I can have a.
Christopher Allen: Field that's basically.
Christopher Allen: You know social security number is alighted and signed by another institution that basically says yes we have their social security number so we actually does have a Social Security number not to give it to you until you give me a job because you don't need it until I you give me a job so that's Progressive trust it you know that is you know I think increasingly how we have to think about our designs.
Christopher Allen: Super I find might slip in another question I was really curious about the graphic display of the hash itself seems very fascinating as a human way of kind of you know interpreting what is just a jumble of numbers so is there some you can you say a few words about it as to what kind of technology that is.
<kerri_lemoie> We'll close after this question.
Christopher Allen: Sure so what I'm going to do is I'm going to put in the the the link to the life hash page and if you take a look at that page wolf we'll talk about it.
Wolf_McNally: Yeah so life hash was my conception and implementation as a kid I became familiar with an algorithm that is John Conway's Game of Life which is not really a game at the cellular Atacama automata and it produces these patterns which are very concerned with very simple to simple grid of black and white squares and it involves a long very kind of organic lines as you watch it and I was inspired to create what's called often called a a visual.
Wolf_McNally: hash based on the idea that because you give it unique input you get unique output.
Wolf_McNally: Using a number of techniques to have retained the whole history of this evolving pattern called life and then using mirroring and coloring to make it even more kind of interpret what people's minds I was able to come up with a system where pretty much any two pieces of data can go in and even if they were similar they come up with very different visuals and you know and they're very difficult to it's very difficult to come up with two pieces of data that actually come up with visually indistinguishable hashes.
Wolf_McNally: I want impossible I think and so we published this is an open-source specification we.
Wolf_McNally: Limitations other people have converted from patient other languages so we're very happy to see that it's being adopted in kind of inspiring people as well and that's part of our mission is to you know be compassionate about these kinds of things working with long strings of numbers especially trying to find you know where they might differ is not a very easy cognitive tasks and so you know from a ux perspective you know this isn't the only system that does these kinds of visual hashes this is the one we developed and we think it has a lot of.
Wolf_McNally: of kind of.
Wolf_McNally: Approachability compared to some others and yeah so and all the information is there and I hashed out in fact you can enter strings and see the life has changed you know Generate random life hashes and kind of compare them and kind of see for yourself and then download the software and and the plate yourself so it's just open for anybody to use.
Christopher Allen: And of course to be clear from a cryptographers perspective there we do not have a proof that this is as strong a hash that this visual hash is as strong a hash as a sha-256 or you know even md5 the but that's not the point you know we do have strong machine-readable hashes that allow for that have the cryptographic details that we need.
Christopher Allen: We just need.
Christopher Allen: Additional hint to users and this this helps you know.
Wolf_McNally: Yeah we often recommend this be used in conjunction with at least like eight digits of the of a hash itself of the Apple hexadecimal digits and that way users have kind of multimodal ways of quickly verifying that a hash is the same across providers. Excellent thank you so much.
<pl/t3-asu> Gotta run - Thank you Christopher & Wolf
Kerri Lemoie: Thank you for the question Christopher and well thank you very much for coming here today we appreciate this I'll get the minutes published soon so thanks again everybody thanks for being here good week you next week take care.
Christopher Allen: Thank you everybody I put my email and contact information.
Christopher Allen: Thank you everybody.
Wolf_McNally: Thank you it's great.