2023-03-14 ACDC Meeting Notes

Attendees:

Sam Smith 

Kevin Griffin

Philip Feairheller 

Kent Bull 

Henk van Cann 

Jason Colburne 

Lance Byrd 

Click here for → Meeting Recording

Agenda

• Announcements
  • W3C WI re-proposal 3/15 please support the work
  • KERI gone to 1.0 PyPi release upcoming.
  • ToIP TF trust spanning layer work continues (includes KERI/ACDC)
  • P256 support being added to keripy/cesride
  • ToIP Datamodelling and representation
    • Sam to present on authentic data chains
    • Data Modelling & Representation WG
      Tuesday, March 21⋅12:00 – 1:00pm  ET
      https://zoom.us/j/99186768208?pwd=TUwxOUIvYW5xL0JHaEJTRlp5ZnNlUT09
  • Roots ID vLEI credentials received from Provenant!
  • KASLCred - saidifies a map of schema
    • https://github.com/tetraveda/kaslcred
    • additional blog post for issuing and verifiying an acdc
  • RootsID working on a hands on education "notebook" for SSI including KERI/ACDC

• Reports
  • vLEI  
    • VC schema using JSON Schema for VC Data Model  make ACDC schema compatible?
    • https://w3c-ccg.github.io/vc-json-schemas/
  • ViRA  charter expanded to allow signing individual facts

• Discussion Items
  • Do we want to go to 1.0 for ACDC
  • Informal page within the repo "scrapbook"
    • summarize minor changes
    • markdown file within the IETF Draft ACDC repo
    • date | item
  • Milestones for ACDC/1.0
    • do we have any open github issues?
    • formaly publish a draft spec with IETF
    • ACDC went to production via KERIpy
  • Update ACDC readme to point to KERIpy 1.0
    • submission to IETF update the verion and IETF will pick it up
    • Kevin Griffin will look at GitHub issues

Graduated disclosure

• Minimum disclosure first
• only disclose what you need to further the transaction
• progression of least disclosures
  • progress next disclosure or stops
• disclosure transactions can provide protections, such as terms of disclosure/contractual obligations to minimize risk
  • "Chain-Link Confidentiality" paper by Woodrow Hartzog is a seminal work on the topic.
    • https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2045818
  • Woodrow Hartzog is one of the major legal privacy rights legal minds in this space.
  • legally we can protect privacy in terms of "data rights"
  • current vLEI implementation only has usage in the rules section
  • compact disclosure
    • disclose a hash of the data that can be used later to verify the data
  • partial disclosure
    • not disclosing everything you could disclose
    • disclosure hash/schema
  • selective disclosure
  • full disclosure would be the final step in graduated disclosure
• Public ACDCs have no UUID
• Private ACDCs have a UUID (salty nonce with sufficient entropy it can't be guessed) which means that you can selectively/partially disclose sections and the data you're disclosing cannot be guessed.
• Continue from section five