Trust Over IP : Linux Foundaion ?

Completely and utterly unrelated.

Moderators: raboof, MattKingUSA, khz

Post Reply
jonetsu
Established Member
Posts: 2036
Joined: Sat Jun 11, 2016 12:05 am
Has thanked: 10 times
Been thanked: 22 times

Trust Over IP : Linux Foundaion ?

Post by jonetsu »

The lines are getting blurred between what would have been considered the "good, open side" and large corporations. Without going into details, the Trust Over IP, a Linux Foundation project, works towards having a certified digital identity. Master Card is involved, amongst other interests in providing such an identity. The larger banner is a Self-Sovereign Identity (SSI) infrastructure which will provide a certified identity to an individual. That identity will be used in lieu of all the logins to different services as well as for justice and government purposes.

Since regular folks do not have the means of certifying an identity, the concept of "Guardianship" is put forth. Your "guardian" will be able to certify your identity as well as manage an individual's 'wallet' in a legal manner. And you guessed it, a Covid Credential Initiative (CCI) will be part of this landscape, in order to include a verifiable and certifiable immune passport.

For a simple example, here on LM one would not need to setup an account that's local-to-LM as far as creating a user name and perhaps even a password. One will use his/her SSI to create an account. One does not have a SSI, one cannot create an account. It seems the same will be for other services such as stores, restaurants, public libraries, etc. Not having a SSI will mean not having the CCI immunity passport. Having a CCI green light will also mean that you got the 12cm swab inside your nose and rubbed against some part of your 'blood brain barrier'. That 1-cell thick barrier is in the spotlight regarding coronaviruses since at least 2015.

And so it all starts very simple, as a 'Linux' project:

https://trustoverip.org/


"Mastercard joins blockchain digital identity alliance ID2020" - Ledger Insights

Excerpt:

"The ID2020 Alliance enables partners to pool in funds and other resources to develop digital identity projects.

The Alliance has already launched pilots and recently worked with the Government of Bangladesh to launch a digital identity program for vaccination in the country.

Digital identity has a myriad of applications, and Mastercard previously joined the Trust over IP (ToIP) Foundation. Other members of the consortium include Accenture, Evernym, IBM, DIDx, and R3.

Evernym is the company that initiated the Sovrin network, the public self-sovereign identity network. South Korea has three separate decentralized identity projects.

Last month, Microsoft, Evernym, ID2020 and many others formed the COVID Credentials Initiative (CCI) to use digital identity for keeping COVID-19 spread in check. "

https://www.ledgerinsights.com/masterca ... ce-id2020/

Evernym is one of the company involved:

"Responding to the COVID-19 Challenge with Verifiable Credentials"
"Launching the Trust over IP Foundation & What It Means For Portable, Digital Identity"

https://www.evernym.com/covid19-creds/
https://www.evernym.com/blog/trust-over-ip-foundation/

"The Self-Sovereign Identity Roundup: July 2020"
https://www.evernym.com/blog/ssi-roundup-july-2020/

Evernym is a sustaining member of the Digital Identification and Authentication Council of Canada, as well as Master Card, etc.

https://diacc.ca/

While the DIACC directors are major banks, Canada Post, an insurance company, a cell phone company, and three provinces.

"DIACC releases first model of Canadian digital trust framework" - IT World Canada, July 2019

Excerpts:

"But eventually, after the authority finalizes a privacy/identity/consent infrastructure and governance policies, patients could use Navigator to book medical appointments, have a private chat with a health care provider and access their health records kept by doctor and area hospitals.

Ultimately, the Framework will become more important when governments issue digital versions of identity we use today like drivers’ licences and health cards. These digital IDs, perhaps stored in digital wallets in smart phones, will be used across a wide range of networks and applications.

–Two Ottawa companies, Calian Group’s health division and Bluink Ltd., showed an app they built for checking into hospitals and doctors’ offices

2Keys Corp., another Ottawa firm, demonstrated its proof of concept digital wallet that could be used, for example, to prove a person is of age when buying cannabis or liquor. In its vision, a store would have a QR code a user’s mobile device would scan to open an app for age verification. The user approves showing a screen that verifies the device owner is who they say they are, and they are above the legal age for purchasing product."

https://www.itworldcanada.com/article/d ... ons/418769

Sovrin is another company in this landscape:

"On Guardianship in Self-Sovereign Identity"
"The Creation of the Trust over IP (ToIP) Foundation"

https://sovrin.org/wp-content/uploads/G ... epaper.pdf
https://sovrin.org/the-creation-of-the- ... oundation/
Last edited by jonetsu on Fri Aug 07, 2020 7:33 pm, edited 5 times in total.
Basslint
Established Member
Posts: 1511
Joined: Sun Jan 27, 2019 2:25 pm
Location: Italy
Has thanked: 382 times
Been thanked: 298 times

Re: Trust Over IP : Linux Foundaion ?

Post by Basslint »

This is stuff from cyberpunk dystopias...
The community of believers was of one heart and mind, and no one claimed that any of his possessions was his own, but they had everything in common. [Acts 4:32]

Please donate time (even bug reports) or money to libre software 🎁

Jam on openSUSE + GeekosDAW!
jonetsu
Established Member
Posts: 2036
Joined: Sat Jun 11, 2016 12:05 am
Has thanked: 10 times
Been thanked: 22 times

Re: Trust Over IP : Linux Foundaion ?

Post by jonetsu »

Basslint wrote: Fri Aug 07, 2020 6:41 pm This is stuff from cyberpunk dystopias...
You mean, those cyberpunks are actually reading those articles and corporate news, such as the Evernym in the post above, and nobody else does ?

Does this dystopia include fining stores, as it is here, up to $6000 if they have customers not wearing masks, while waiting for the same fines to be applied to individuals later on this month. Does it also include, as it is the case here, a prime minister who openly encourages citizens in delating other citizens that do not wear masks ?

Does it also include shooting to death a 73-year old over a dispute concerning wearing a mask ?

"OPP shoot man dead hours after mask dispute leads to alleged assault"

https://www.cbc.ca/news/canada/toronto/ ... -1.5650761

The 73-year old was not a serial killer, was not a terrorist. As of note, no-one has seen the old man shooting from his home. All four witnesses are police officers. No ordinary citizen.

Is this all included in this dystopia, or is it just part of the Carebear's very unique world ?
User avatar
raboof
Established Member
Posts: 1855
Joined: Tue Apr 08, 2008 11:58 am
Location: Deventer, NL
Has thanked: 50 times
Been thanked: 74 times
Contact:

Re: Trust Over IP : Linux Foundation ?

Post by raboof »

jonetsu wrote: Fri Aug 07, 2020 6:32 pm The lines are getting blurred between what would have been considered the "good, open side" and large corporations.
Haven't those lines always been blurred?
jonetsu wrote: Fri Aug 07, 2020 6:32 pm The larger banner is a Self-Sovereign Identity (SSI) infrastructure which will provide a certified identity to an individual. That identity will be used in lieu of all the logins to different services as well as for justice and government purposes.

Since regular folks do not have the means of certifying an identity, the concept of "Guardianship" is put forth.
Actually, part of the point of SSI is that regular folks DO have the means of certifying an identity.

The idea is that you have a 'wallet' with all kinds of digital identities, and depending on who's asking (and why) you decide what part of it to show.

It is being designed partly by the people who were also behind OAuth. When OAuth was originally designed, the idea was that it would become more and more common that 'regular people' would own their own domain name and run OAuth software, and 3rd party websites would allow you to login 'bringing your own Identity'.

Sadly, while OAuth has been widely adopted, it usually comes in the form of 'login with Facebook' and 'login with Google' buttons, and 'bringing your own Identity' is rarely allowed. Making things worse, any login action actually goes via Facebook/Google, giving those companies yet another way to track you.

Since many people were disappointed by how this turned out, SSI at least aims to solve the problem that every login goes 'via' the identity provider: even if you'd use an Identity provided by one of those giants, they are only involved in putting the identity into your wallet. However they are not involved whenever you use it, that remains something between you and the site you're authenticating to.
jonetsu wrote: Fri Aug 07, 2020 6:32 pm For a simple example, here on LM one would not need to setup an account that's local-to-LM as far as creating a user name and perhaps even a password. One will use his/her SSI to create an account. One does not have a SSI, one cannot create an account.
Yes. Of course, if I would add SSI support to the forum login here, I would of course allow you to 'bring your own Identity', and not link it to any government.
jonetsu wrote: Fri Aug 07, 2020 6:32 pm Not having a SSI will mean not having the CCI immunity passport. Having a CCI green light will also mean that you got the 12cm swab inside your nose and rubbed against some part of your 'blood brain barrier'.
That is only true when it is required by the site you're trying to authenticate to. We should definitely be critical of sites that put up unreasonable barriers, but just supporting SSI doesn't necessarily mean they are.
jonetsu wrote: Fri Aug 07, 2020 6:32 pm 2Keys Corp., another Ottawa firm, demonstrated its proof of concept digital wallet that could be used, for example, to prove a person is of age when buying cannabis or liquor.

https://www.itworldcanada.com/article/d ... ons/418769
In theory, this is a good thing: currently, I assume you can only buy liquor/cannabis if you're (for example) at least 18 years of age. How is the liquor/cannabis store supposed to check that? Right now, they require you to show your ID. The problem with this is, that your ID reveals much more of your identity than just your age. The point of SSI, here, would be that you could show an identity that proves you are 'at least 18', without revealing other personal information.

We should definitely closely follow how these projects evolve, and be vigilant in calling out unacceptable use of the technology. The technology itself, AFAICS, does not seem necessarily bad - and when used correctly, potentially even allows us to take back some of our privacy, rather than giving it up.
User avatar
raboof
Established Member
Posts: 1855
Joined: Tue Apr 08, 2008 11:58 am
Location: Deventer, NL
Has thanked: 50 times
Been thanked: 74 times
Contact:

Re: Trust Over IP : Linux Foundaion ?

Post by raboof »

jonetsu wrote: Fri Aug 07, 2020 6:47 pm Does this dystopia include (...). Does it also include, (...)? Does it also include (...)?
Just a quick heads-up: I already got a ping from a very active and respected forum user to stop this thread, fearing it would get out of hand.

I'll keep it open for now, but let's work to keep it on-topic to ToIP/SSI topics and not meander too much.
jonetsu
Established Member
Posts: 2036
Joined: Sat Jun 11, 2016 12:05 am
Has thanked: 10 times
Been thanked: 22 times

Re: Trust Over IP : Linux Foundation ?

Post by jonetsu »

raboof wrote: Sat Aug 08, 2020 2:34 pm
jonetsu wrote: Fri Aug 07, 2020 6:32 pm The larger banner is a Self-Sovereign Identity (SSI) infrastructure which will provide a certified identity to an individual. That identity will be used in lieu of all the logins to different services as well as for justice and government purposes.

Since regular folks do not have the means of certifying an identity, the concept of "Guardianship" is put forth.
Actually, part of the point of SSI is that regular folks DO have the means of certifying an identity.
Well if that's really the case, you should tell the guys at Sovrin. They are then seemingly working on this concept of Guardianship for nothing.

From the paper posted above:

"Executive Summary. As a new model for Internet-scale digital identity, self-sovereign identity (SSI) moves beyond centralized “identity providers” by establishing an infrastructure that enables anyone to issue, hold, and verify digital credentials signed with cryptographic private keys. As powerful as this is, it limits the direct use of SSI to individuals who have digital access and the legal capacity to use the technology. For SSI to work for everyone, individuals who do not have digital access, or the appropriate capacity for access, will need another person or organization to serve as their digital guardian. "

It seems as if you're focused on the technology and its scope of individual use, or rather collective use as much as it is a bunch of individuals. Perhaps not considering its instrumental use in political power games. Do you know about the social credit used in China for instance ?
raboof wrote: Sat Aug 08, 2020 2:40 pm
jonetsu wrote: Fri Aug 07, 2020 6:47 pm Does this dystopia include (...). Does it also include, (...)? Does it also include (...)?
Just a quick heads-up: I already got a ping from a very active and respected forum user to stop this thread, fearing it would get out of hand.

I'll keep it open for now, but let's work to keep it on-topic to ToIP/SSI topics and not meander too much.
We all have bad days when using words. Hence thank you for putting in contrast the notion of 'respected'. In contrast with what might you ask ? I'll leave that open.

In any case, we see that one single person, whoever that might be he's respected, can weight a lot.

I was simply replying to @Basslint one liner which reduced the perspective on the topic to a class of people called 'cyberpunks' (whatever they are) and a 'dystopia' that they have. That one liner of course, naturally, just goes smoothly as hot knife in butter. Maybe I should write one liners instead. But then, where's the documentation, the detailed sharing of points of views ?

It is as if you are calling me the one who launches insults. I never insulted anyone in the COVID-19 thread. Others did. And these people were not told anything, the thread was closed instead.
raboof wrote: Sat Aug 08, 2020 2:40 pm I'll keep it open for now, but let's work to keep it on-topic to ToIP/SSI topics and not meander too much.
Stick to technology, never mention the (possible) role of technology in society, never mention technology and it's use for controlling people, just plain and raw technology. Never talk about people and society because that's verboten in respected circles.
User avatar
raboof
Established Member
Posts: 1855
Joined: Tue Apr 08, 2008 11:58 am
Location: Deventer, NL
Has thanked: 50 times
Been thanked: 74 times
Contact:

Re: Trust Over IP : Linux Foundation ?

Post by raboof »

jonetsu wrote: Sat Aug 08, 2020 3:28 pm
raboof wrote: Sat Aug 08, 2020 2:34 pm Actually, part of the point of SSI is that regular folks DO have the means of certifying an identity.
Well if that's really the case, you should tell the guys at Sovrin. They are then seemingly working on this concept of Guardianship for nothing.
Perhaps I misunderstood you: what did you mean by 'regular folks'?

If you meant 'people who are not powerful entities like governments or large corporations', then I'd say 'regular folks' can certify identities - and become guardians - in this framework: of course not everyone has the technical ability, but there are no barriers as to who is 'allowed' to do this.

If you meant 'people who do not have the capacity/access to certify an identity', indeed I guess they'd have to rely on something like a 'guardian' - but the system does allow that to be someone they actually trust, it doesn't have to be a particular government/large company/etc.
jonetsu wrote: Sat Aug 08, 2020 3:28 pm It seems as if you're focused on the technology and its scope of individual use, or rather collective use as much as it is a bunch of individuals. Perhaps not considering its instrumental use in political power games. Do you know about the social credit used in China for instance?
I think the technology itself has positive as well as negative possible use cases. I don't think "technology is neutral", but in this case AFAICS the technology definitely can have real benefits, so I think we should fight the political power games, not the technology.
jonetsu wrote: Sat Aug 08, 2020 3:28 pm It is as if you are calling me the one who launches insults.
I did not intend to imply that.
jonetsu wrote: Sat Aug 08, 2020 3:28 pm
raboof wrote: Sat Aug 08, 2020 2:40 pm I'll keep it open for now, but let's work to keep it on-topic to ToIP/SSI topics and not meander too much.
Stick to technology, never mention the (possible) role of technology in society, never mention technology and it's use for controlling people, just plain and raw technology. Never talk about people and society because that's verboten in respected circles.
That's not what I meant to say. You started a thread on ToIP/SSI and its role in society. That is obviously off-topic on a Linux Musicians' forum, but some off-topic discussion is OK in the Backstage subforum. However, then switching the subject from ToIP/SSI to "dystopia's in general" and disputes over wearing face masks is not very helpful.
jonetsu
Established Member
Posts: 2036
Joined: Sat Jun 11, 2016 12:05 am
Has thanked: 10 times
Been thanked: 22 times

Re: Trust Over IP : Linux Foundation ?

Post by jonetsu »

I'll reply to your questions later when I have the time.

This line caught my eye though.
raboof wrote: Sat Aug 08, 2020 4:04 pmHowever, then switching the subject from ToIP/SSI to "dystopia's in general" and disputes over wearing face masks is not very helpful.
Can you pinpoint who brought the notion of dystopia in this thread ?

I actually looked it up before replying yesterday to the person who brought the term. Here's what I found on Wikipedia:

"A dystopia (from Ancient Greek δυσ- "bad" and τόπος "place"; alternatively cacotopia or simply anti-utopia) is a community or society that is undesirable or frightening. It is an antonym of utopia, [...] Dystopias are often characterized by dehumanization, tyrannical governments, environmental disaster, or other characteristics associated with a cataclysmic decline in society"

The meaning of the word implies society. As such, a reply to someone advancing the notion of the state of a society will include aspects of a society, including governments, their actions, laws and enforcement of those laws and rules.

I could have replied something like, "Is dystopia a new flavour of Kindersurprise ?" although considering the rather serious - and technical - topic, I did not.
Basslint
Established Member
Posts: 1511
Joined: Sun Jan 27, 2019 2:25 pm
Location: Italy
Has thanked: 382 times
Been thanked: 298 times

Re: Trust Over IP : Linux Foundaion ?

Post by Basslint »

Apologies if I contributed to the drifting of this thread into the OT territory, my remark was in reference to the fact that in many cyberpunk novels you find this pervasive use of technology. I think a society in which one cannot refuse to live "off the grid" is not a free society, and many of these initiatives I am afraid will inevitably lead to this.

Smartphones are not safe. There are only two popular operating systems and the security of one (Android) highly depends on the hardware manufacturers' willingness to keep the older models up-to-date, which we all know conflicts with the interests of who wants you to buy the next model.

For this reason, I think all of this is a bad idea. People can't even keep safe their paper IDs, we hear of identify thefts all the time, I think having our lives depend on phones is awful, even before going into the privacy issues (blockchains have been deanonymized in the past and will be in the future)
The community of believers was of one heart and mind, and no one claimed that any of his possessions was his own, but they had everything in common. [Acts 4:32]

Please donate time (even bug reports) or money to libre software 🎁

Jam on openSUSE + GeekosDAW!
jonetsu
Established Member
Posts: 2036
Joined: Sat Jun 11, 2016 12:05 am
Has thanked: 10 times
Been thanked: 22 times

Re: Trust Over IP : Linux Foundaion ?

Post by jonetsu »

Basslint wrote: Mon Aug 10, 2020 7:13 am For this reason, I think all of this is a bad idea. People can't even keep safe their paper IDs, we hear of identify thefts all the time, I think having our lives depend on phones is awful, even before going into the privacy issues (blockchains have been deanonymized in the past and will be in the future)
I agree. So far my 3G phone, which I turn on when I expect calls/ need it, is foldable, has real buttons, and sports a 5cm x 2cm approx. screen. I was surprised that vendors and providers are still supporting those phones from the stone age although all that's needed is to ask for one at a vendor. They are not on display though.

Sometimes it's worth to add a few more lines to a statement :)
jonetsu
Established Member
Posts: 2036
Joined: Sat Jun 11, 2016 12:05 am
Has thanked: 10 times
Been thanked: 22 times

Re: Trust Over IP : Linux Foundation ?

Post by jonetsu »

raboof wrote: Sat Aug 08, 2020 4:04 pm
jonetsu wrote: Sat Aug 08, 2020 3:28 pm
raboof wrote: Sat Aug 08, 2020 2:34 pm Actually, part of the point of SSI is that regular folks DO have the means of certifying an identity.
Well if that's really the case, you should tell the guys at Sovrin. They are then seemingly working on this concept of Guardianship for nothing.
Perhaps I misunderstood you: what did you mean by 'regular folks'?

If you meant 'people who are not powerful entities like governments or large corporations', then I'd say 'regular folks' can certify identities - and become guardians - in this framework: of course not everyone has the technical ability, but there are no barriers as to who is 'allowed' to do this.
Not sure what you mean in this context. As a parallel, I can make a CA. Anyone can start a CA. Will it have any authority ? No.

Or, anyone can make a driver's license. Will it be valid in the end ? No.

Not everyone will be able to legally certify a digital ID that's used to exchange personal data with doctors, buy things, even pay your taxes and receive records of employment. It will have to be certified by an authority. The scheme that's proposed by Sovrin, for one, is the concept of "Guardianship", about which you can read in their paper whose link is posted above.

It's not because my digital ID is legally certified that I will be able to certify you.
raboof wrote: Sat Aug 08, 2020 4:04 pmI think the technology itself has positive as well as negative possible use cases. I don't think "technology is neutral", but in this case AFAICS the technology definitely can have real benefits, so I think we should fight the political power games, not the technology.
This is quite true.

Though what happens nowadays is that technology is introduced as a benefit, on its best side, while we have a pretty good idea by now about politicians that govern us, how it can be used in other ways. After all, it will be very good for people if they can be tracked down while driving their cars because they will be able to save money on their new insurance monthly premiums based on how and where they drive. One will save money, so it must be good to be tracked in all road displacements.

Or, present a project as being "community-driven". Everyone likes a community. The friendly neighbourhood. So when Master Card and Enernym are putting forth the notion of their actions being "community-driven"... it must be a good thing.
User avatar
MattKingUSA
Moderation Services Senior Administrator
Posts: 795
Joined: Fri Mar 21, 2008 4:01 pm
Location: United States
Has thanked: 52 times
Been thanked: 38 times
Contact:

Re: Trust Over IP : Linux Foundaion ?

Post by MattKingUSA »

I would have to say that I am not a fan of having large corporations and government join together to manage private citizens on-line. Talk about a monopoly. This is a one ring to rule them all type of infrastructure and it's a bit worrying to me to be honest. Will this affect only http? If so, maybe gopher is a good alternative in the future? :D Or is this a type of infrastructure that will require a login on the IP level? Maybe need a pots line and hosting a gofish over dial-up will be the future for LM. Anyone know how to port PHPbb to be gopher friendly? I wouldn't mind dial-up so much. haha

This kind of takes me back to the old Microsoft days where they put all kinds of obstacles in the way of Linux users. Now it seems this is more of a roadblock for the internet as a whole. RIP internet privacy.

-Matt :D

Post Reply