The W3C Credentials Community Group

Meeting Transcriptions and Audio Recordings (2014-today)

Go Back

W3C CCG Weekly Teleconference

Transcript for 2024-02-06

Agenda
https://www.w3.org/Search/Mail/Public/advanced_search?hdr-1-name=subject&hdr-1-query=%5BAGENDA&period_month=Feb&period_year=2024&index-grp=Public__FULL&index-type=t&type-index=public-credentials&resultsperpage=20&sortby=date
Organizer
Mike Prorock, Kimberly Linson, Harrison Tang
Scribe
Our Robot Overlords
Present
Harrison Tang, Bob Wyman, Jing Chao, Ted Thibodeau, Ramesh Narayanan, Erica Connell, Gregory Natran, Kimberly Linson, Kerri Lemoie, Rashmi Siravara, Will, Dmitri Zagidulin, Phil (T3), Meagan Treadway, Chandi Cumaranatunge, Vanessa, Leo, Kaliya Young, Geun-Hyung Kim, TallTed // Ted Thibodeau (he/him) (OpenLinkSw.com), Manu Sporny, Nis Jespersen , James Chartrand, Adrian Gropper, Lucy Yang, Tim Bloomfield, Jeff O - HumanOS, Phil Long
Audio Log
<tallted> I am very confused. CCG meeting is on calendar for Noon-1pm ET (https://www.w3.org/events/meetings/8e8242af-7a68-40e4-9a7f-71e2f06b6b12/20240206T120000/), but apparently ran 11am-Noon (https://meet.w3c-ccg.org/archives/w3c-ccg-weekly-2024-02-06-irc.log) ?
<tallted> skimming that log, I see, that wasn't the weekly CCG call, it was a special call for maintenance volunteers, for the did spec Registries and the verifiable credential specs directory
<tallted> unfortunately, the new recordings and logs for the *actual* weekly call will over-write those for that earlier call.
Our Robot Overlords are scribing.
Kimberly Linson: Recording is on.
<harrison_tang> @TallTed I'll take a look at the issue later this week and see how we could fix it
Kimberly Linson: All right well hello everybody um welcome to today um it's exciting to see so many faces here um I'm gonna go ahead and uh get us through our uh housekeeping items so that I can turn it over to mesh and um.
Kimberly Linson: And get us get us started with today so uh as everyone knows um we start off each of our meetings by just taking a moment to reflect on.
Kimberly Linson: How we approach this community and that we are looking um at everyone as a who is a part of this community as someone who has positive intent and we do follow the w3c code of conduct and that is in the agenda if you would like to review it.
Kimberly Linson: Uh also uh we uh welcome everyone who is here and we're very excited to have you and uh if you are not an official member of the ccg then uh that's great you're welcome to join in these calls at any point and participate in the larger Community if you feel like you want to dive into the work a little bit more um be a contributor then I would ask you to.
Kimberly Linson: Go ahead and use the links in the agenda to create an account with w3c and actually join the community group it is um of no uh no there is no cost for individual members and so feel free to go ahead and do that the more voices that we have in this community better.
Kimberly Linson: Um we.
Kimberly Linson: Minutes of these meetings and a and a transcript uh and a and a video call um 1 I think the the the most important piece of that is so that uh as members we have the opportunity to be able to go back and and review pieces of information that are important to what what we're interested in I know it has happened for me um that a session wasn't necessarily pertinent at the time that it came but then uh later down the road I was like oh actually need to really understand that and so having that archive is uh.
Kimberly Linson: Is enormous.
Kimberly Linson: And then also just to make sure that we we keep a record of what happens in these meetings and the things that that we discuss um obviously as we're as we.
Kimberly Linson: Continue to um have more and more membership and this becomes larger and larger Community having a record um of how this community is evolving is important.
Kimberly Linson: Uh and I think now that I'm I'm through sort of the the Spiel portion um I'd like to uh ask for the opportunity for anyone who is new to this community or just has an update to this community to put themselves on the Queue which actually is the other thing I didn't mention is that that's how we manage these meetings so uh if you are interested in introducing yourself or sharing an update um that I would ask you to put Q Plus uh into the queue so that you can uh we can call on you and and recognize you.
Manu Sporny: Hey uh Kimberly hey everyone um just some good news uh the verifiable credentials data model version 2.0 is now in the candidate recommendation phase at w3c uh so apologies this happened last week There's the news announcement from the w3c um what this means is that the working group believes that they're done with version 2 um and is and they're asking uh people implementers out there to start implementing the specification so feature freeze happened a while ago now we're saying we really think we're done um we will probably keep the door open for the next maybe 3 to 5 months and once we have enough implementers implementing saying that they feel comfortable with the specification we will wrap it up.
Manu Sporny: Call it a global.
Manu Sporny: And put it out for the final vote at the worldwide Web Consortium so that's where all 450 plus companies.
Manu Sporny: They still think it needs work um so this is a big milestone this basically means that you know the past 18 months of work uh you know we're we're done uh there have been.
Manu Sporny: If I remember off the top of my head 280 changes to the specification so a lot of people didn't you know why while we're working on it it feels like we're like making no progress but when you look back to the last 18 months of work it's resulted in a lot of updates.
Manu Sporny: And clarify.
Manu Sporny: Patients to the specific.
Manu Sporny: So it's out there now um feel free to start implementing I know that a number of vendors are already starting to integrate the vc20 data model into their production roadmap plans for the summer.
Manu Sporny: Um that's it good news and thank you everyone in the community that contributed to it and and got it to the stage.
Kimberly Linson: Thank you Manny that is an enormous amount um volume of work that's been completed so congratulations to to everyone uh anyone else with an an introduction or reintroduction.
Kimberly Linson: All right how about announcements and reminders anything coming up that that you want to make sure the community is aware of.
Kimberly Linson: You can add yourself to the queue with Q Plus.
Kimberly Linson: That's great thank you please check check that out and and provide some input.
Manu Sporny: Yeah well 1 thank you for working on that um uh in the the preview looks great I think that's going to be way easier to manage um using mermaid I still owe you that list of.
Manu Sporny: From the.
Manu Sporny: Buried deep on my work queue so please feel free to uh Pastor me until I get that list to you if that would be full to you.
Kimberly Linson: Any other announcements in or reminders or questions about work items.
Kaliya Young: As always forgot IBEW coming up in April in Mountain View California.
Kaliya Young: Um should be great um.
Kaliya Young: I think very soon the registration for our regional event in Europe will open up the digital identity unconference Europe which is the third week of June.
Kaliya Young: And it looks like um.
Kaliya Young: The South African event um will be happening the third week of septembar which unfortunately conflicts with TPAC but.
Kaliya Young: That's the way it goes with venues and availability.
Kaliya Young: I'll put a link to aew and then chat.
Kimberly Linson: Great thank you.
Kimberly Linson: All right well I'm going to go ahead and uh get rash started um first of all I if you weren't here at the very beginning of the call it is very late for him and we're very appreciative of him taking the time to come and join us to talk about modular open source identity platform uh and so uh welcome rash and go ahead and and the floor is yours.
Ramesh_Narayanan: Thank you for the opportunity to present.
Ramesh_Narayanan: You all and as per.
Ramesh_Narayanan: Those Sage advice of Harrison I'll turn my video off and I start my screen share so that.
Ramesh_Narayanan: things will.
Ramesh_Narayanan: But I just.
Ramesh_Narayanan: Just wanted to make sure.
Ramesh_Narayanan: Most of you may not have met me I just wanted to you to be able to put a face to my.
Ramesh_Narayanan: Name and voice.
Ramesh_Narayanan: Let me start sharing.
Ramesh_Narayanan: I hope you are able to see my screen.
Kimberly Linson: Yes we see it.
Ramesh_Narayanan: Okay thank you.
Ramesh_Narayanan: uh so.
Ramesh_Narayanan: I'll try to keep this brief maybe up to 20 minutes and then we could.
Ramesh_Narayanan: To get into questions after that.
Kimberly Linson: That sounds great thank you.
Ramesh_Narayanan: was found.
Ramesh_Narayanan: Incubated at the triple it Bangalore University.
Ramesh_Narayanan: And it's supported by grants from various philanthropic agencies.
Ramesh_Narayanan: Including the ones listed here.
Ramesh_Narayanan: We started in 2018 we remain a not-for-profit and not for Revenue project.
Ramesh_Narayanan: We have been adopted in.
Ramesh_Narayanan: 43 so far which I've gone live and there have been several Pilots that are that have been run and 2 more countries are in the process of.
Ramesh_Narayanan: Taking their identity systems life using.
Ramesh_Narayanan: The platform that we have built.
Ramesh_Narayanan: As of date we have 100 million plus people who have been issued IDs.
Ramesh_Narayanan: Using our platform.
Ramesh_Narayanan: Uh this is this is scam happened over.
Ramesh_Narayanan: Last 3 plus years through the pandemic and after that there's been plenty of Interest.
Ramesh_Narayanan: As uh digital systems.
Ramesh_Narayanan: More traction I think the pandemic has accelerated the demand and we are also feeling the same.
Ramesh_Narayanan: What we basically do at mosip is we build underlying Platforms in the open source.
Ramesh_Narayanan: For people to create their systems on and run ID systems have been our Focus.
Ramesh_Narayanan: And the it.
Ramesh_Narayanan: Apart from providing the platform we also help countries with the actual uh adoption by way of training their people building capacity.
Ramesh_Narayanan: Supporting them with issues in the platform.
Ramesh_Narayanan: and so.
Ramesh_Narayanan: We have close to 80 plus partners.
Ramesh_Narayanan: who have.
Ramesh_Narayanan: Been working with us for the last.
Ramesh_Narayanan: Years it it grew from an initial set of a handful.
Ramesh_Narayanan: To this number over the years and this consists of.
Ramesh_Narayanan: A platform is deeply people who offer biometric components people who offer.
Ramesh_Narayanan: Ation services and so on.
Ramesh_Narayanan: We also work with several.
Ramesh_Narayanan: Non-governmental organizations for research and collaborations in technology as well as.
Ramesh_Narayanan: Non-technology areas uh in terms of inclusion.
Ramesh_Narayanan: Bias recognition and management and so on so this is to keep ourselves sharp and in line with expectations and emerging Trends also.
Ramesh_Narayanan: Largely are learning happen from the deployments that we do.
Ramesh_Narayanan: And from the trends that are happening in the industry.
Ramesh_Narayanan: The over the last few years we have actually built several Solutions we started off with.
Ramesh_Narayanan: An identity issuance and life cycle management system which is what.
Ramesh_Narayanan: Most of us the modular open source identity platform it included identity verification capabilities also in it.
Ramesh_Narayanan: This is where we started with this was the intent behind this was to be able to issue IDs for.
Ramesh_Narayanan: People who don't have IDs.
Ramesh_Narayanan: So several countries had uh poor coverage.
Ramesh_Narayanan: They were looking for systems that could be used and this was positioned.
Ramesh_Narayanan: For those countries.
Ramesh_Narayanan: Are um initial adoption has been primarily in Africa and parts of Asia.
Ramesh_Narayanan: uh Moro.
Ramesh_Narayanan: Togo and Ethiopia and Africa and the Philippines in Asia who have gone live with the system.
Ramesh_Narayanan: Have been using the most of platform for this.
Ramesh_Narayanan: But in the last couple of years we have started adding additional uh capabilities to start unlocking the value of having an identity.
Ramesh_Narayanan: So on top of this foundational a real identity that that we have been issuing we wanted to create a digital Authentication.
Ramesh_Narayanan: Uh and digital.
Ramesh_Narayanan: Identity stack which will allow people access to services do kyc.
Ramesh_Narayanan: Solutions which were purely targeting the digital access space.
Ramesh_Narayanan: And this started including credentials and the original format which is where our journey with verifiable credentials began.
Ramesh_Narayanan: And then we extended this to uh as as we started working with this we extended this usage from online to offline.
Ramesh_Narayanan: Usage by promoting digital wallets.
Ramesh_Narayanan: And uh and building this digital wallets we recognize that these digital wallets are not going to be just for.
Ramesh_Narayanan: the ID.
Ramesh_Narayanan: That we have.
Ramesh_Narayanan: And uh that's where uh we have been combining the digital identity and the wallet together.
Ramesh_Narayanan: Focusing on not just uh this but all kinds of credentialing.
Ramesh_Narayanan: So we have started some work on the credentialing area also.
Ramesh_Narayanan: While these were all infrastructure that we were building to help countries.
Ramesh_Narayanan: Start issuing IDs offering Digital Services on top of that and so on we wanted to have.
Ramesh_Narayanan: a powerful.
Ramesh_Narayanan: Demonstrator of how this ID can be used so we started working on.
Ramesh_Narayanan: Open g2p platform which uh basically helps with.
Ramesh_Narayanan: Benefits delivery for government to people programs.
Ramesh_Narayanan: And uh this this actually uses the ID that that is issued.
Ramesh_Narayanan: Using these platforms it's well integrated as a demonstrator.
Ramesh_Narayanan: And this is something that that we have been able to actually showcase as well as deploy.
Ramesh_Narayanan: This module works with most of based systems as well as existing ID systems that they may already have so it's not opinionated to uh just most of solutions.
Ramesh_Narayanan: Going beyond the foundational idea there are there are lots of systems which are looking at sectoral ideas for example Health ID or student ID and so on and using the same set of principles that we have been building other.
Ramesh_Narayanan: Solutions we have started some work on.
Ramesh_Narayanan: Registries for sectoral IDs also.
Ramesh_Narayanan: And this is all possible because of our approach we have been always thinking of modularity in the way we build our Solutions and also very responsible development by way of promoting reuse of existing.
Ramesh_Narayanan: Open source tools as well as our own components that we are building.
Ramesh_Narayanan: So these Solutions.
Ramesh_Narayanan: They all share uh lots of the components and they can all be used independent of each other in most cases for example the digital wallet that we.
Ramesh_Narayanan: Can work with.
Ramesh_Narayanan: Issue and services or it can also work with other issuers.
Ramesh_Narayanan: So it nothing is tied.
Ramesh_Narayanan: Are locked in into the whole stack or whole solution landscape that we offer people can pick and choose the solutions that they want to use or they can actually also work with this whole Suite.
Ramesh_Narayanan: This um there's a quick overview of what we have in the uh.
Ramesh_Narayanan: Editions platform we have 2 parts 1 is.
Ramesh_Narayanan: Something that supports the ideations and life cycle management which includes a self-service pre-registration.
Ramesh_Narayanan: And uh online or offline mode.
Ramesh_Narayanan: Of registration this is this is a activity that requires.
Ramesh_Narayanan: Uh contact if Biometrics are collected if there is no Biometrics involved this can be totally offline and remote.
Ramesh_Narayanan: Once the ID is issued.
Ramesh_Narayanan: Then get to the second part of the story which requires.
Ramesh_Narayanan: Usage of the ID so we have an authentication Service and then we have resident services which allow.
Ramesh_Narayanan: Users to manage their uh ID credentials and then we have a partner management module which which allows the ID system to manage who gets access to.
Ramesh_Narayanan: What kind of kyc uh policies they are enabled to so that data sharing can be strictly on a need to know basis and regulated.
Ramesh_Narayanan: And our entire development has been led by what we call as a principle that development approach privacy security Open Standards these are all some of the things that we try to make sure we use or incorporate in at every step of the work so we have several privacy features extensibility features the ability to customize configure localize these Solutions.
Ramesh_Narayanan: So multi-language support is a great example of how this can actually be used in different country contexts for example in Morocco it is um used.
Ramesh_Narayanan: With French and Arabic while Ethiopia uses.
Ramesh_Narayanan: In English Philippines uses.
Ramesh_Narayanan: English and so on so there are choices that people can make.
Ramesh_Narayanan: And the system can be configured or extended to.
Ramesh_Narayanan: Meet specific requirements.
Ramesh_Narayanan: Once we go beyond the ID issue and life cycle management we had to cater to a variety of requirements some some countries opt for initial infrastructure.
Ramesh_Narayanan: Which is basically online and centrally used for authentication there are other cases where there is a need for a combination of centralized as well as decentralized use of.
Ramesh_Narayanan: And in in more advanced cases where uh people don't want.
Ramesh_Narayanan: Centralized verification at all pure offline usage or decentralized usage of ID verification.
Ramesh_Narayanan: is need.
Ramesh_Narayanan: We have a bouquet of.
Ramesh_Narayanan: Modules and services that caters to all these kind of needs.
Ramesh_Narayanan: Verification Services the underlying core support for any kind of Channel actually lies in the.
Ramesh_Narayanan: Pi that we offer.
Ramesh_Narayanan: PA has 2 flavors on it's a simple yes no API which.
Ramesh_Narayanan: The uh given the identifier of the user and the authentication factors comes back with the yes or no.
Ramesh_Narayanan: So whether it's.
Ramesh_Narayanan: But whether it's the right user.
Ramesh_Narayanan: The second flavor is a kyc endpoint which takes similar inputs except that this shares authorized.
Ramesh_Narayanan: Kyc results so.
Ramesh_Narayanan: It's possible through policy to control what gets shared to which relying party using this kyc endpoint.
Ramesh_Narayanan: We have support for anonymous.
Ramesh_Narayanan: Identifiers and tokens in this so that people don't have to share their permanent ID numbers to a relying parties so short-lived ID tokens can be used.
Ramesh_Narayanan: And anywhere where Biometrics are used for as authentication factors we have a support where the Biometrics get.
Ramesh_Narayanan: Encrypted on the capture device itself and then gets sent to the server where only the authentication server can.
Ramesh_Narayanan: Crypto Biometrics for any comparison this prevents.
Ramesh_Narayanan: Building local databases of Biometrics or reuse of those biometrics.
Ramesh_Narayanan: In other places.
Ramesh_Narayanan: Where Biometrics are not used we have other authentication factors like 1-time passwords.
Ramesh_Narayanan: And bins and so on and we also have the ability to extend.
Ramesh_Narayanan: Using protocols like web Bots and uh.
Ramesh_Narayanan: To to support additional methods for uh.
Ramesh_Narayanan: Optional factors for Authentication.
Ramesh_Narayanan: On top of this.
Ramesh_Narayanan: we have.
Ramesh_Narayanan: Built uh open ID connect based solution which allows people to.
Ramesh_Narayanan: Simplify the integration to this API the API is routed using ID provider.
Ramesh_Narayanan: And uh this ID provider is a plug-in into the Signet solution that we have eignet can be plugged in.
Ramesh_Narayanan: Or the plug-in can be developed in eignet for not just mosip but for other systems also.
Ramesh_Narayanan: In fact we have done something of that sort exactly in Cambodia where cambodia's existing.
Ramesh_Narayanan: ID system is is the 1 that's fronted by eignet and uh the IDP their talks to their systems.
Ramesh_Narayanan: So what is Signet offers is the ability to use the government issued ID.
Ramesh_Narayanan: For login and authentication and uh login basically starts giving you access to various systems without having to create too many credentials username passwords everywhere.
Ramesh_Narayanan: This service is run by authorized people uh.
Ramesh_Narayanan: You will be you'll be getting a uniform experience across portals and you'll be sharing.
Ramesh_Narayanan: Your authentication factors and data or even your ID number only in these set of authorized providers.
Ramesh_Narayanan: So all kinds of relying parties don't keep getting don't get access to it.
Ramesh_Narayanan: They only get access to.
Ramesh_Narayanan: Token that is returned to them and any kind of consented attributes that are shared as part of the open ID connect process.
Ramesh_Narayanan: Uh we also have started incorporating support for our.
Ramesh_Narayanan: Offline usage or offline authentication any Signet by way of being able to hand over the authentication completion to the wallet.
Ramesh_Narayanan: Once the user to sign in they redirect them to eignet.
Ramesh_Narayanan: And they can either complete the authentication on eignet or they can actually.
Ramesh_Narayanan: take over.
Ramesh_Narayanan: Uh from their wallet completed on the wallet and E then.
Ramesh_Narayanan: Redirects them back to the aligned parties portal after the authentication is completed.
Ramesh_Narayanan: So this uh as in yeah.
Kimberly Linson: Thank you is it is it all right if Manu jumps in with a question at this point.
Manu Sporny: Hi uh ramish this is this has been uh fantastic so far I've I have a question though on eignet um uh it it sounds like a centralized solution so I'm I'm trying to understand it sounds like eignet would everything would route through eignet and I and I get the benefit of not exposing all the other relying parties to the information that might go through eignet but you know I'm I'm trying to square that with the the decentralized you know message that you started off with so so who runs these Signet like is it like login.gov in the United States where all you know all login to Federal systems go through login.gov so you have to have a login.gov account how I'm trying to understand the the centralization characteristics of the eignet.
Ramesh_Narayanan: Yeah excellent question man it is an online solution and.
Ramesh_Narayanan: The way you deploy it can actually be the the choice of was deploying it and if there is 1 single system obviously it becomes centralized.
Ramesh_Narayanan: That but it's also possible for us to actually support multiple underlying ID providers like how it is in France the France connect solution for example talks to.
Ramesh_Narayanan: Various underlying parties right so eignet does not have any persistence layer.
Ramesh_Narayanan: Other than the user consent.
Ramesh_Narayanan: Doesn't it doesn't store any user information or ID or anything of that sort.
Ramesh_Narayanan: And uh what what basically means is that if the underlying IDs are many then based on which ID is used.
Ramesh_Narayanan: Authentication Services of that particular system are used.
Ramesh_Narayanan: That system would know so it centralized to that extent but essentially it it can act in a federation mode or in a centralized mode.
Ramesh_Narayanan: but if.
Ramesh_Narayanan: If you're handing.
Ramesh_Narayanan: It over to the.
Ramesh_Narayanan: Right then the authentication happens against a credential which is there in the wallet in which case you're not hitting the centralized systems is hitting the user's wallet.
Ramesh_Narayanan: This is where the support for decentralized usage comes in in the e-cigarette portion but it is essentially an online uh centralized system run by some particular provider.
Ramesh_Narayanan: I hope that answers your question.
Manu Sporny: It did thank.
Ramesh_Narayanan: So as 1 of indicated this is not a solution that.
Ramesh_Narayanan: We wanted to make sure that this has a path to uh decentralized usage also where this becomes actually a Cygnet becomes.
Ramesh_Narayanan: And complete the authentication on the wallet so that that's our.
Ramesh_Narayanan: Uh that's 1 Pathway to decentralization which is supported in a signal.
Ramesh_Narayanan: When it comes to a wallet we built uh this wallet NG a normal um.
Ramesh_Narayanan: Wallet would mostly be used as a store.
Ramesh_Narayanan: And it will be a protected wallet.
Ramesh_Narayanan: Maybe there's a way to unlock it and so on but in our case we have taken the wallet.
Ramesh_Narayanan: And added an additional feature by adding an authenticator in it.
Ramesh_Narayanan: What we do is we.
Ramesh_Narayanan: Most of the issuance software it it generates verifiable credentials by default for ID credentials these can then be downloaded onto the wallet using issuance software.
Ramesh_Narayanan: Uh we had started off with a custom integration and retrieval mechanism using our API.
Ramesh_Narayanan: Ally but then once we had open ID for VC issuance.
Ramesh_Narayanan: Protocol um once it was created we actually have implemented that I think we are right now supporting.
Ramesh_Narayanan: Implementers draft level is something that we are supporting and you so we can download the credential onto the wallet using open ID for VCI.
Ramesh_Narayanan: And this credential is uh the way that open ID for VC it's done is through eignet so there is an authentication of the user and then they download their credential.
Ramesh_Narayanan: So we bind the wallet to the user's ID credential.
Ramesh_Narayanan: Which means subsequently when you want to do authentication we can actually do authentication against the credential which is there in the wallet.
Ramesh_Narayanan: And uh we support a face authentication offline.
Ramesh_Narayanan: Uh for actually doing the presence verification and a biometric binding of the.
Ramesh_Narayanan: User to the credential as well as uh for the authentication itself so these are um.
Ramesh_Narayanan: This is the authentication capability that is supported in our wallet.
Ramesh_Narayanan: From a pure credentials perspective apart from the store we have the ability to share the.
Ramesh_Narayanan: Credentials either through QR code if it's a very small credential that can be fitted into 1.
Ramesh_Narayanan: Else we have a Bluetooth low energy based peer-to-peer sharing.
Ramesh_Narayanan: That we have built this uses open ID for VP over ble as the protocol.
Ramesh_Narayanan: And as I mentioned it has uh e signate integration 1 for uh.
Ramesh_Narayanan: Download of the credential and second for.
Ramesh_Narayanan: The Handover of authentication from eignet to the wallet.
Ramesh_Narayanan: There are cases where the phones that are available in the market are not.
Ramesh_Narayanan: Secure uh or they don't have they're not smartphones and they're not maybe capable of doing all that we are proposing here so for these cases.
Ramesh_Narayanan: Uh we are looking at building a cloud wallet.
Ramesh_Narayanan: Cloud wallet will be a completely encrypted Cloud store.
Ramesh_Narayanan: Uh which really the user can decrypt by operating it through a shell app or.
Ramesh_Narayanan: 3 ussd these mechanisms so we are looking at various cryptographic means where uh the the key for decrypting.
Ramesh_Narayanan: Can be generated on the Fly by the user maybe using Sim toolkits.
Ramesh_Narayanan: That can that can leverage the capabilities of the SIM card on their phone so these are mechanisms that we are looking at to see how.
Ramesh_Narayanan: We can have a hosted wallet Cloud wallet where again their privacy data privacy is protected.
Ramesh_Narayanan: So this is on the wallet side.
Ramesh_Narayanan: As I was mentioning we combined all of this and uh you're working on a digital credentialing stack.
Ramesh_Narayanan: So this this triangle is something that you'll all be familiar with so I won't go deep into it we have added um.
Ramesh_Narayanan: Holder basically is in G wallet but we can support other wallets also because the insurance protocols that we are supporting are open.
Ramesh_Narayanan: Chatting with a relying party as I mentioned we have QR as well as based shares we are looking at adding support for other protocols also like.
Ramesh_Narayanan: And the relying party can trust the issuer we have set up some trust mechanism using uh did web and well-known.
Ramesh_Narayanan: Uh specs and uh we again rely on open ID for VCI Associated uh specifications for these.
Ramesh_Narayanan: The advantages of um.
Ramesh_Narayanan: Are many we have integrated with opencv.
Ramesh_Narayanan: For example for uh issuance of birth certificates as digital credentials similarly we are issuing we are working with a couple of countries Bangladesh being 1 for issue of trade licenses or business incorporation certificates.
Ramesh_Narayanan: This so the issuance model right now supports we see 1.1.
Ramesh_Narayanan: But we are um having a modular approach where we can actually start adding.
Ramesh_Narayanan: Credential formats also and as 1 you mentioned we were waiting for the 2.2 to become an official spec for us to actually start some work on that.
Ramesh_Narayanan: And I think it looks like it's going to be in our plans too so.
Ramesh_Narayanan: We have plenty of integration models a place stages that can be plugged into workflow event based integration mechanisms data sharing.
Ramesh_Narayanan: With a lot of cryptographic protections built into it so with this we have integrated with Benefits Delivery Systems civil registry digital signatures Healthcare systems and so on many of these are open-source Solutions which can also be used in case somebody wants to adopt those Solutions.
Ramesh_Narayanan: Wherever possible we work with standards.
Ramesh_Narayanan: Wherever the standards don't meet we try to work with various industry initiatives and groups to bring in our inputs and if you see that they are already working along those lines if there are some emerging drafts we pick those up and work.
Ramesh_Narayanan: Uh where we have not been able to see anybody taking any steps we try to actually work with some groups like.
Ramesh_Narayanan: Stack or g2p connect and so on in order to Define uh some specifications which can then maybe over over time get into standards process we have 1 um.
Ramesh_Narayanan: 1 initiative and Ile for uh working for secure biometric devices so this this is the 1 that deals with encrypting the Biometrics captured on the device in the field itself in order to provide high level of security for biometric Authentication.
Ramesh_Narayanan: So all this is to basically work towards our core objective of creating interoperable systems which are for everyone.
Ramesh_Narayanan: Global Care Solutions which address everyone and then.
Ramesh_Narayanan: Identity so that that trust is what drives usage and the transactions that.
Ramesh_Narayanan: That that are initial part of the.
Ramesh_Narayanan: My digital life that we are all looking forward to very much.
Ramesh_Narayanan: That that's my presentation but I think I took more than the 20 minutes I.
Ramesh_Narayanan: Happy to take questions.
Kimberly Linson: Thank you so.
Kimberly Linson: But that was actually really informative and I'm glad you you checked the time to go through it all uh uh manual I believe you're first on the queue.
Manu Sporny: Thank you yes um uh thank you for that uh romesh your your work in this space um in in the folks on the mosip team um it's um very inspiring um it's it's wonderful work um uh and so I'm I'm wondering um what do you feel you you mentioned the the gaps in the standards um uh what do you feel was kind of the the the biggest uh challenge uh for adoption uh that you faced you know I'm I'm looking at you know the way the the way that you've you've built this system out um it feels like you know you almost had to start as an identity provider for kind of central government government institutions and then build the services out from there like it was very you know was did you try other approaches where it was very difficult to kind of start as a digital wallet provider and then try to provide services uh it it almost feels like for.
Manu Sporny: Uh or really any any platform to get a hold inside you know a digital identity you have to have the government understand that they want that solution and then you have to kind of work through kind of core services in in government so do you see any other approaches was that the approach that you had what were the kind of the biggest challenges to scale to the level that that you've been able to scale to today.
Ramesh_Narayanan: Yeah I think the challenges have been plenty.
Ramesh_Narayanan: The way you put it across is exactly how it happened we had to start with addressing the most fundamental need which was basically fill the Gap where.
Ramesh_Narayanan: H people.
Ramesh_Narayanan: Did not have an ID at all and participation in any kind of transaction even if it's a physical paper based transaction was not possible if a person did not have an ID.
Ramesh_Narayanan: Access to financial services uh lot lot of it was a problem.
Ramesh_Narayanan: I can.
Ramesh_Narayanan: Court examples where.
Ramesh_Narayanan: People were not able to get birth certificates.
Ramesh_Narayanan: Because the parents did not have documents.
Ramesh_Narayanan: and then.
Ramesh_Narayanan: If they don't children don't have birth certificates they can't.
Ramesh_Narayanan: Get into a vaccination or immunization schedule.
Ramesh_Narayanan: They can't get into schools so.
Ramesh_Narayanan: May be a lot of it is to do with the policy and how uh basic services are available but uh the process of using ID documents to ensure that citizens get benefits as opposed to all kinds of people who are coming and getting benefits was uh.
Ramesh_Narayanan: Was a problem.
Ramesh_Narayanan: A lot of these Services were subsidized so it was important to ensure that people got IDs first so that's where we started.
Ramesh_Narayanan: But we also knew that.
Ramesh_Narayanan: Even as we started uh we were very aware of concerns around uh privacy.
Ramesh_Narayanan: Of users risks of surveillance.
Ramesh_Narayanan: How centralized systems are looked at somewhere people like like them somewhere people from upon them we know that we are getting into a world where we need multiple Solutions and multiple pathways.
Ramesh_Narayanan: So they were always ready to evolve into something more than just a centralized system but a government issued ID was what would bring trust in the ID in the first place so this is the real ID or the foundational ID that we started then.
Ramesh_Narayanan: Order to provide mechanisms privacy provide friendly mechanisms on top of it for ID usage.
Ramesh_Narayanan: We started building features there and then subsequently we started once the wallet related uh.
Ramesh_Narayanan: Standards and specifications started emerging better we know that we will not be building something which will be throwing away so we started working with a draft specifications and and started working on that aspect.
Ramesh_Narayanan: So the tip um was was 1 of our uh.
Ramesh_Narayanan: Big Inspirations that when we saw the framework we decided that instead of building just some data and issuing some ID we'll make sure that we are natively supporting credentials right from the outset so we started incorporating.
Ramesh_Narayanan: And we see uh even before it became a a full full accepted spec into our product.
Kimberly Linson: Thank you Harrison you're on the queue.
Harrison_Tang: Yes um Ramesh do you mind uh kind of clarify uh who are the implementers because earlier you mentioned that there's Bangor Dash government and I'm guessing Indian governments like is it just the governments or are there other uh like businesses or other um entities that that that implemented this.
Ramesh_Narayanan: Oh actually the governments are the adopters.
Ramesh_Narayanan: Implementations have been uh sometimes carried out by Common departments themselves and other cases they have worked with.
Ramesh_Narayanan: Uh ecosystems partners and systems integrators to actually roll out these Solutions.
Ramesh_Narayanan: Are mandate atmosphere from a funding perspective has been primarily to help governments.
Ramesh_Narayanan: We have cases where university has actually picked us up for their student ID and they're doing it on their own this isn't Argentina.
Ramesh_Narayanan: And uh we have uh somebody actually building a sectoral IDs in India for healthcare using some of our Solutions so yes it's we expect it to be used Beyond.
Kimberly Linson: Harrison did you have another question.
Harrison_Tang: Yes uh so separate questions um first of all it's quite impressive that uh Mastiff actually tackles multiple uh aspects and facets of identity uh from issuance right wallets and so on so on so my question is like what is the toughest.
<phil_long_(t3)> It appears verification is done by the issuer, rather than an independent verification service. Is that accurate?
Harrison_Tang: Challenge right what's the toughest problem like when you marginalize the identity problems um like for example earlier you talked about authentications biometric like keeping it uh secure private and things like that like which part uh when you're working on different parts and different modules for like B term which which module is the hardest.
Ramesh_Narayanan: Rather than module I would say the the aspect that we find it the hardest is actually inclusion.
Ramesh_Narayanan: The the diversity of the population is such that there are challenges in terms of infrastructure there are challenges in terms of digital Savvy as well as many other many other factors.
Ramesh_Narayanan: So cost lots of factors are there so we have to make sure that.
Adrian Gropper: We have to make sure that.
Ramesh_Narayanan: uh we.
Ramesh_Narayanan: Had to have a.
Ramesh_Narayanan: And not just 1 so that that I think was 1 of the biggest challenges that we had.
Kimberly Linson: Great thank you uh Adrian.
Adrian Gropper: Uh in the example you mentioned India sector role in healthcare in particular uh what's the relationship uh that you have with adhar.
Adrian Gropper: As the national ID for things like that.
Ramesh_Narayanan: Yeah um so other is is built by the uidai and run for India's national like program so we don't have anything to do with that right that's a totally independent system.
Ramesh_Narayanan: So mosip is uh incidentally built in India but it's a totally new system built from scratch.
Ramesh_Narayanan: The Health Care System might use the underlying other for.
Ramesh_Narayanan: Verification against the foundational ID but what we are uh what most of is used for us building the sectoral identity for the same person.
Rashmi_Siravara: Uh Ramesh if I can ask you um a query based on the other discussion that you were uh you are having so the verification is done even for the pan card since other card has certain requirements or is it uh only there is no identification or verification needed for that since you work with the governments and they are scaling it.
Ramesh_Narayanan: So we don't work with the Indian government actually um so I can't I can't answer to that um this particular thing I think there are.
Ramesh_Narayanan: Uh as is the case in most places for different processes people can produce 1 of many IDs.
Ramesh_Narayanan: So it could be the tax number or it could be the.
Ramesh_Narayanan: National ID and so on right so I think those are processes.
Ramesh_Narayanan: By respective applications.
Ramesh_Narayanan: Even if somebody's using the national ID in cases where they have deployed most of most of offers the solutions for quick verification easy verification.
Ramesh_Narayanan: in online.
Rashmi_Siravara: Right that's the main reason I asked you because the ekyc is in feature right now at every payment Gateway right I mean in international transaction verifications dates credentials all of it so I just wanted to know if you are directly working with the government or it's just in the peripheral collaboration that uh you're talking about yeah thank you.
Kimberly Linson: All right may I know your next step on the queue.
Manu Sporny: Um right so so the the quite this question has more to do with the standards work so you you mentioned a set of standards that are missing now around trust Frameworks and Biometrics and and things of that nature um and so you know since many of us here work in standards setting organizations global standard setting organizations I'm curious what kind of work we can focus on next that would be most helpful to you understanding that they're limitations like w3c doesn't work on biometric anything right they they're they the position is kind of the opposite they're kind of it I think antibiotics they focus more on web athn and types of authentication that's cryptographic and unlabel and and and stuff like that so you know there's certain things where we can't really help around I think the biometric portion of it but there are other places where I think we could help you mentioned QR codes in uh uh.
Manu Sporny: Down into small.
Manu Sporny: We do have work on you know taking a verifiable credential in compressing it using core LDS so that you can express it in a QR code with a digital signature in that sort of thing very important for offline uh scenarios um we are also you know have a work item in this group around uh trust Frameworks effectively the you know the authorized verifiers issuers you know lists work um that that is going on what what's the what's the biggest pain point for you like if if there was a a new standard that we could work on in the next you know year or so and get done what would be the highest priority standard uh we could work on.
<kimberly_wilson_linson> Great question Manu!
<dmitri_zagidulin> and is that standard 'Trust Registries' :)
Ramesh_Narayanan: Yeah actually um.
Ramesh_Narayanan: The core LD.
Ramesh_Narayanan: That you mentioned right we we had we needed it 2 years ago when people were issuing cards with QR codes embedded in them so we had to build a cwt based.
Ramesh_Narayanan: Approach where we have to make certain assumptions about.
Ramesh_Narayanan: The envelope as well as the content in order to make sure that it fits and is usable cryptographically verifiable and and still interpretable so you'll be happy to look at what how it how sibo LDS.
Ramesh_Narayanan: Been used actually to to support this so we felt that the VC envelope itself was.
Ramesh_Narayanan: Big lot of work on the metadata.
Ramesh_Narayanan: Area was very rapidly changing and.
Ramesh_Narayanan: And and moving I think that that's 1 area where we would like Clarity more than anything else.
Ramesh_Narayanan: Specifically on on standards I I will get back we have a laundry list at what what would take the cake what what would be high priority something that we can probably revert back to there are there are a few pain points that we have and we'll be actually very glad to talk about those um talk about this pain points while we see does not address schemas there is also a need to agree upon some common schemas for simplifying interpretation.
Ramesh_Narayanan: of the data.
Ramesh_Narayanan: Especially for cross.
Ramesh_Narayanan: So crossborder usage related cases change uh the trust as well as the uh the content related requirements it puts additional expectations on that I think those are areas that are beginning to emerge we are working with the West African.
Ramesh_Narayanan: Region for where they want a regionally interoperable ID so to be able to address that we will need actually need specifications uh for that.
Ramesh_Narayanan: Another um area where we are facing challenges uh there's some some amount of Divergence between what verifiable credentials does as work and uh mdl does this work at ISO MDOC set of standards and it's um if if there's some possible way to reduce the.
Ramesh_Narayanan: Deviations and and arrive at some common set of specifications which which support different kinds of credential types for example in India there's been signed XML.
Ramesh_Narayanan: That has been issued for ages and this was even before anybody was imagining credentials as a first standards rated work right so and that also needs to be supported so there are many cases where we would need different types of credentials formats to be supported and I think we'll need to have for interoperability common uh Frameworks.
Ramesh_Narayanan: And it can't be in isolation imagine different ways in different continents.
Kimberly Linson: Thank you Dimitri I'm gonna let you have the last question of the day.
Dmitri Zagidulin: Oh sure thing thank you um uh thanks for me really enjoyed your presentation what uh specification do you use for trust Registries for lists of known issuers and verifiers and is that something uh most of would be interested in collaborating.
Ramesh_Narayanan: We would be um right now uh for the wallet we have a wallet server and the wallet server.
Ramesh_Narayanan: Is the 1 that feeds the trust registry or gives access to the wallet.
Ramesh_Narayanan: So we have kept it simple um till till we get good Clarity on.
Ramesh_Narayanan: Being able to refer to some common infrastructure.
Ramesh_Narayanan: For Discovery we are using um for for a given issuer discovery of other things we are using well-known specs.
Ramesh_Narayanan: So that that's our current simplified approach.
Ramesh_Narayanan: We are open to anything from a simple GitHub.
Ramesh_Narayanan: Onward still a registry which is publicly acknowledged.
Ramesh_Narayanan: Or uh acceptable to everyone.
<harrison_tang> Thank you, Ramesh, for a great presentation today! Thanks for dropping by CCG.
Kimberly Linson: Great thank you again so much for being here um and sharing um this with us it was really interesting and and uh very applicable to my own work so I'm excited to thank you uh and thank you everyone for participating today and we will see you next uh next Tuesday at the same time thank you all.
Ramesh_Narayanan: Thank you for the opportunity why.
Kimberly Linson: Recording has stopped.