Home < Rebooting Web Of Trust < 2019 Prague < Topics


Transcript By: Bryan Bishop

Tags: Security, Multisig

Category: Conference

Rebooting Web of Trust topic selection

Dictionary terms: we have a glossary that I wrote 6 months ago which by definition glosses everything. A dictionary would give an opportunity to go into more depth, to look at disagreements without getting lost in the weeds, and also talk about some foundational assumptions.

Verifiable secret sharing: this is a modification for Shamir secret sharing that also incorporates multisignatures as well. We’re interested in solidifying that into an actual proposal and talk about the pro’s of con’s of traditional secret sharing and this scheme and whether you should be using multisig as opposed to Shamir secret sharing in your application and provide some guidance there.

User interfaces. How do people interact with a user interface? It’s the activity of interacting that causes them to form a passive theory about what the consequences of their actions are. If the actual security consequences are too far out of alignment with the actions they perform, then you have a bad interface.

Rubric for decentralization. This is a continuation of a conversation and has become a part of the charter of the DID working group. We have some of the editors here.

Progressive trust, where you can progressively expose more operations. Derived from that, you don’t need to confront people with all of the complexity upfront.

Data hubs architecture: basically, requirements or dangers around data hubs and different approaches people are taking, without trying to dive super deep into actual implementations.

Minority concerns in a web-of-trust. Maybe starting a framework.

Standardizing block search with verifiable credentials.

Minimum viable agent architecture. Can we make a shareable layer? We need an agent architecture for wallets and smartphones.

Protocols. Given DID and others, there are protocols. I want to write a paper about delegation and access protocols where we start to analyze in terms of how do we understand or how do we want to model the roles of delegation and how verifiable credentials and DIDs are used.

Approach to terminology by elucidating criteria for concepts: how do you talk about terminology in our space without devolving into contention?

Verifiable credentials threat modeling and general threat modeling in our environment. To put a positive spin on this, how can we have confidence in what we’re doing?

Non-technical but user-centric DID workflow. This is talking about pseudonymity vs DPKI and having a master DID versus pairwise DID. How does this all work together? I know there’s many technical perspectives, but how is this going to work for users? How are normal users going to adopt this? Let’s map this out into a non-technical workflow.

ECR DID reference method.. it’s a bitcoin-based DID mapping. We have a lot of prototyped parts of it working. There’s still more to do. There’s an end-to-end interop scenario that the decentralized identity people have been working on. It’s about sending and receiving claims. For anyone that is interested in building this or help build something and learn more about this space, I’d love to help support that.

Decentralized identity as a meta-platform: this answers the question of how cooperation can beat aggregation. We’re looking at economic frameworks where that is true, looking at things like trust transaction stuff, erdotic economics, generative identity and network effects. If there’s a way to make a value proposition where decentralized identity is competitive to centralized identity, through cooperation, then that’s what we want to provide.

We have a marriage proposal for integrating DID and postal standards for the Universal Post Union.

Independent verification: in Singapore, we’re developing a verification for a specific schema and we see the problem that not everyone is going to adopt that schema. Could it be possible for us to also verify blockcerts or verify other types of signatures? This topic is meant to be kind of a focus on methods as opposed to the current verifiable credentials model which is very data-centric. This is more like, what are the ways in which we verify a credential?

Would you go to jail for me? My topic is about trust and liability transfer. Trust and reputation are fantastic if you’re looking for a good restaurant or figure out who to include in your social structure. But what we really want to know is when the chips go down, will you go to jail for me? I want to talk about the transfer of liability. If one of us fails to keep his word, then there is actual heat coming down. What’s going to happen when the police shows up?

I’d like to formalize a secure communication layer for DIDs so that we can get it into a spec and have a layer 2 be able to transfer verifiable credentials and other pieces of data.

Next version of the DID resolution specification.

Exploring interpersonal data and credentials: use cases for non-centralized decentralized credentials. It’s us and communities of people connecting to each other, as opposed to getting credentials from centralized institutions. What about the wallets for decentralized networks?

The big problem of centralized systems: not entirely just corruption. Or, how distributed systems can unleash learning, fostering coordination, and help us meet the complex challenges facing humanity.

Agents and their costs. Specification of agents. What would the minimum agent specification be? Agent credential request response protocol.

Reputation systems

Decentralized anonymous proof of uniqueness of identity. And proof-of-personhood.

This doesn’t have to be the final list. If someone wants to add something, but they needed someone to join as a coauthor but didn’t know who to ask. Does everyone feel like one of these topics you might be able to work on?