Re: [GNAP] Human rights perspective on W3C and IETF protocol interaction

Justin Richer <jricher@mit.edu> Thu, 06 January 2022 13:46 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 868113A0C0E for <txauth@ietfa.amsl.com>; Thu, 6 Jan 2022 05:46:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.484
X-Spam-Level:
X-Spam-Status: No, score=-0.484 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOTGOV_IMAGE=1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, KHOP_HELO_FCRDNS=0.399, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cOUVnKuA2cny for <txauth@ietfa.amsl.com>; Thu, 6 Jan 2022 05:46:45 -0800 (PST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF8AD3A0C0D for <txauth@ietf.org>; Thu, 6 Jan 2022 05:46:44 -0800 (PST)
Received: from smtpclient.apple (static-71-174-62-56.bstnma.fios.verizon.net [71.174.62.56]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 206DkaHb019767 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 6 Jan 2022 08:46:37 -0500
From: Justin Richer <jricher@mit.edu>
Message-Id: <3C82D2BD-EACC-41E0-BE92-9357199412BB@mit.edu>
Content-Type: multipart/alternative; boundary="Apple-Mail=_2ABD8DAE-5DF3-4F3B-85BF-22F4E713C5EB"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
Date: Thu, 6 Jan 2022 08:46:36 -0500
In-Reply-To: <CAN8C-_+rMsFDCnbEn7KJhWA_ovFbJbpiviYR-wPr2MK756Z-Lw@mail.gmail.com>
Cc: Adrian Gropper <agropper@healthurl.com>, Bob Wyman <bob@wyman.us>, Alan Karp <alanhkarp@gmail.com>, GNAP Mailing List <txauth@ietf.org>, W3C Credentials Community Group <public-credentials@w3.org>
To: Orie Steele <orie@transmute.industries>
References: <CANYRo8i=H3p23boH4OQ6sCXds8ADqaizwDHebE6-xMP2mZ5QEg@mail.gmail.com> <CAA1s49VWs_Qe9qryJOwWG4oHTS6Wa-6p6jAVSDT6Vqn4cwdUwQ@mail.gmail.com> <CANYRo8jUaP=9eX3HJWhFOmMCeaU7gkTQ9FdLg3=E61AUFQv8qQ@mail.gmail.com> <CANpA1Z2WBT69AJ6ynsYCHuOAAoB7F3fn+ebtV3fjBdeYTT-D+Q@mail.gmail.com> <CANYRo8gnx0nFje=GfqUVUESkKpeJB4Ln3Pa2QYt_iFMkrPBsLQ@mail.gmail.com> <CAA1s49UdeVBgc+rzOEJ+LcAP8g4gXX9XnZH2m+4=oOcFy3AvCg@mail.gmail.com> <CANYRo8iDA-EGK589VdcNU8PMK2BQZwT19Bxsav2HSGwhyBL=4A@mail.gmail.com> <CAN8C-_+eSZCohY7QDC5La90=14=sjpo5pELOUqUdb7PhRzhXxw@mail.gmail.com> <A4FA7445-31A5-4B7A-BE30-EB47168F8ED5@mit.edu> <CAN8C-_+rMsFDCnbEn7KJhWA_ovFbJbpiviYR-wPr2MK756Z-Lw@mail.gmail.com>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/C96mTUvx3j3KsuHKKhXPLvbr2dI>
Subject: Re: [GNAP] Human rights perspective on W3C and IETF protocol interaction
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: GNAP <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Jan 2022 13:46:52 -0000

Hi Orie,

> On Jan 5, 2022, at 8:02 PM, Orie Steele <orie@transmute.industries> wrote:
> 
> Thanks for your reply Justin, I'm loosely familiar with IETF, having seen HTTP Signatures work expire before <https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12>... (same status type)... vs https://datatracker.ietf.org/doc/html/rfc9162 <https://datatracker.ietf.org/doc/html/rfc9162> (does not expire).
> 
> You stated that the document is incorrectly labeled:
> 
> > Also a note about IETF process for the W3C folks that this document is not simply an “internet-draft” from an individual (which has about as much weight as a web-page) but an active document of an active working group, and as such has more normative standards weight than any Note the CCG is allowed to produce within the W3C.
> 
> Am I linking to the incorrect place here?
> 
> <Screen Shot 2022-01-05 at 4.43.41 PM.png>
> 

You are linking to the correct draft but you’re still missing an important distinction: there’s a huge difference between an individual I-D, which is what the old signatures draft was, and an active working group document, which is what the GNAP resource servers document is. The latter is on a path to become an RFC, the former is not. Both are “labeled” as I-D, which might be the source of the confusion — and that’s why I say that the label of “internet draft” doesn’t actually mean anything on its own. It’s the state of the document within the process of the SDO that matters. This is why the current HTTP Signatures draft within the HTTP working group is considered :much: more normative than any of the old individual drafts, including the series of Cavage drafts. There’s a group of people who have committed to working on it and progressing it, and that progress is being made. So what I’m trying to do here is to stop you from drawing these false equivalences, especially in the service of casting doubt and fear around the documents.

> > The choice of a service to delegate login — which GNAP does not define — is the choice of that service.
> > And in fact, the loss of services is exactly the kind of thing that, I believe, Adrian is asking about.
> 
> Yes, this is my exact point...(sorry if the humor didn't land properly). 
> 
> You seem to be asserting that GNAP does not protect against loss of services (clearly OAuth does not).
> 
> Adrian seems to be asserting that loss of an issuer service is a threat to human rights.... My point is that suggesting GNAP is a solution to this problem is incorrect in the same way you pointed out that conflating federated identity and delegated access is incorrect.... or to put the entire thing in terms of GNAP.... GNAP does not protect against loss of GNAP authorization servers... GNAP users are vulnerable (in the same sense that OAuth users are) to loss of authorization servers... If I am getting this wrong, and GNAP supports decentralized authorization servers that are uncensorable, please explain how that works, because that sounds awesome... and similar to a blockchain :)
> 

Believe it or not, blockchain does not solve all problems — or even most of them. :) Loss of an AS means loss of access to the services that the AS protects, yes. But what you’re missing here is that with GNAP, the AS can now be more closely regarded by the RS instead of forcing it to outsource the AS to a larger provider. This is possible in OAuth, of course, but the process is much easier in GNAP. UMA tried to solve the problem in the other direction of making it much easier for the RS to outsource to an arbitrary AS, but the trust model of that approach never caught on, for what I think are a lot of really good reasons. In GNAP, we’re instead looking at the AS as a “token factory” that provides a set of policies that translate into a token the RS can understand. This means that the relationship between the AS and RS is the choice of the RS, and the relationship between the AS and end user is potentially separated from that. It means that an AS can now give me a lot more different options for accessing my stuff at the RS instead of just “do you have this account”. I am no longer limited to a model where it’s expected that I “log in”, and where “logging in” is just one among many options. Again we see this in OAuth as well, but it’s less common than it could be because of assumptions built into the OAuth protocol flows.

But again I want to point out that you’re conflating API access with federated login. In a strawman twitter example, let’s say they do remove a hypothetical fascist dictator from their platform. That dictator won’t be able to access Twitter, of course, but as you point out they also won’t be able to access their twitter-connected apps. This might :feel: like you’re not able to access the RS’s because you’re not able to access the AS, but that’s not at all what’s happening. What’s really happening is that the apps are a bunch of clients — consumers of the RS provided by Twitter (the Twitter API) which, among other things, provided an identity API and therefore acts as an IdP. Twitter is not the AS that protects the services, it’s the IdP that provides a log-in process to them.

It may seem like a subtle distinction, but it’s vital to understanding how these trust ecosystems actually function, and I am constantly seeing people get these lines crossed.

> I am attempting to learn the answer to the same question Bob asked:
> 
> > Could you please explain how CCG's adoption of GNAP would facilitate "a focus on human rights as a design principle" (i.e. the goal you stated in your original message) 
> 
> Based on what Justin has said so far, it seems like the answer is no, protocols do not solve human rights problems, especially ones associated with issuer's revoking or refreshing credentials, or Verifiers / RPs acting in bad faith.... or any of the other issues discussed here: https://w3c.github.io/vc-data-model/#privacy-considerations <https://w3c.github.io/vc-data-model/#privacy-considerations>
> 
> Since GNAP and OAuth are both equally incapable of compelling an issuer (like twitter, or the US Gov), or verifiers (... like Login.gov <http://login.gov/>, Auth0 / Okta, or other proud operators of OAuth Authorization Servers), or RPs (verifiers who are resource server operators) to enforce human rights.
> 

This is really the crux of the argument — the technology is never going to outweigh the trust and policy side of things. You could have a completely internet-wide fully-distributed system, like OpenID 2.0, and people would still make allowlists and blocklists to limit which sites they accept login from. The same thing already happens with DIDs — implementors are limiting to specific methods and resolvers, which immediately slices the “global distributed” network up into silos. This will always happen. The best thing that we can do is build a technology that makes it easier to connect and work on policies, regulations, and environments that encourage those interconnections to happen. It takes both the capability and the will to do so, and technologies all too often focus on the former.

This is at the heart of what Adrian is talking about, in my interpretation: we need to make sure that the technological choices we are making :enable: the policy and trust decisions to be good ones. This is what the human rights considerations work in IETF is trying to accomplish, to make sure that technologies being developed are considered in that light, in the same way that the security and privacy considerations have done in the past. I applaud and welcome this, even though it means more work for me as a specification author.

> However, GNAP has learned from OAuth (and its many failings), and as Justin pointed out, the core document is the current focus of the working group at IETF... 
> 
> <Screen Shot 2022-01-05 at 5.17.27 PM.png>
> (Same status, expires in April ). -- side note, I wish W3C did the same thing, expiring things seems like a best practice.
> 

Again please see above, you are misinterpreting the document status and expiration tags. Please stop putting this weight and interpretation behind them. To go back to the signatures example, please see the difference between the status of the WG document, particularly in the “Stream” section of the metadata:

https://datatracker.ietf.org/doc/draft-ietf-httpbis-message-signatures/ <https://datatracker.ietf.org/doc/draft-ietf-httpbis-message-signatures/>

And the individual drafts:

https://datatracker.ietf.org/doc/draft-cavage-http-signatures/ <https://datatracker.ietf.org/doc/draft-cavage-http-signatures/>
https://datatracker.ietf.org/doc/draft-richanna-http-message-signatures/ <https://datatracker.ietf.org/doc/draft-richanna-http-message-signatures/>

Please stop extrapolating from the values you have been, your interpretations are not correct and your conclusions are misguided.

> This section seems to speak to the question Bob and I were asking...
> 
> > The role of the authorization server is to manage the authorization of client instances to protect access to the user's data. In this role, the authorization server is by definition aware of each authorization of a client instance by a user. When the authorization server shares user information with the client instance, it needs to make sure that it has the permission from that user to do so.
> 
> > Additionally, as part of the authorization grant process, the authorization server may be aware of which resource servers the client intends to use an access token at.
> 
> > If the authorization server's implementation of access tokens is such that it requires a resource server call back to the authorization server to validate them, then the authorization server will be aware of which resource servers are actively in use and by which users and which clients. To avoid this possibility, the authorization server would need to structure access tokens in such a way that they can be validated by the resource server without notifying the authorization server that the token is being validated.
> 
> -  <x-msg://47/goog_1480019720>https://www.ietf.org/archive/id/draft-ietf-gnap-core-protocol-08.html#name-privacy-considerations
>  <https://www.ietf.org/archive/id/draft-ietf-gnap-core-protocol-08.html#name-privacy-considerations>
> To me, this section of the GNAP spec sounds very familiar.... to this section of the VC Data Model...
> > As detailed in Section § 7.13 Usage Patterns <https://w3c.github.io/vc-data-model/#usage-patterns>, usage patterns can be correlated into certain types of behavior. Part of this correlation is mitigated when a holder <https://w3c.github.io/vc-data-model/#dfn-holders> uses a verifiable credential <https://w3c.github.io/vc-data-model/#dfn-verifiable-credentials> without the knowledge of the issuer <https://w3c.github.io/vc-data-model/#dfn-issuers>. Issuers <https://w3c.github.io/vc-data-model/#dfn-issuers> can defeat this protection however, by making their verifiable credentials <https://w3c.github.io/vc-data-model/#dfn-verifiable-credentials> short lived and renewal automatic.
> 
> > For example, an ageOver verifiable credential <https://w3c.github.io/vc-data-model/#dfn-verifiable-credentials> is useful for gaining access to a bar. If an issuer <https://w3c.github.io/vc-data-model/#dfn-issuers> issues such a verifiable credential <https://w3c.github.io/vc-data-model/#dfn-verifiable-credentials> with a very short expiration date and an automatic renewal mechanism, then the issuer <https://w3c.github.io/vc-data-model/#dfn-issuers> could possibly correlate the behavior of the holder <https://w3c.github.io/vc-data-model/#dfn-holders> in a way that negatively impacts the holder <https://w3c.github.io/vc-data-model/#dfn-holders>.
> 
> > Organizations providing software to holders <https://w3c.github.io/vc-data-model/#dfn-holders> should warn them if they repeatedly use credentials <https://w3c.github.io/vc-data-model/#dfn-credential> with short lifespans, which could result in behavior correlation. Issuers <https://w3c.github.io/vc-data-model/#dfn-issuers> should avoid issuing credentials <https://w3c.github.io/vc-data-model/#dfn-credential> in a way that enables them to correlate usage patterns.
> 
> - https://w3c.github.io/vc-data-model/#frequency-of-claim-issuance <https://w3c.github.io/vc-data-model/#frequency-of-claim-issuance>
> 

Yes, these are similar privacy considerations because of similar underlying problems. Implementors need to be aware of what could happen when the technology is used, because it might otherwise surprise them. And the fact that they’re discussed at all is a testament to the utility of the privacy considerations section.

> Another reference:
> > An application currently utilizing OpenID Connect for accessing various federated identity providers can use the same protocol to also integrate with emerging SSI-based wallets. This is a convenient transition path leveraging existing expertise to protect investments made.
> 
> - https://openid.net/2021/12/17/first-public-review-period-for-openid-connect-siopv2-and-oidc4vp-specifications-started/ <https://openid.net/2021/12/17/first-public-review-period-for-openid-connect-siopv2-and-oidc4vp-specifications-started/>
> - https://openid.net/specs/openid-connect-4-verifiable-presentations-1_0-07.html <https://openid.net/specs/openid-connect-4-verifiable-presentations-1_0-07.html>The questions Adrian is asking regarding human rights apply to GNAP, OAuth, OIDC and the VC Data Model.
> The question remains which protocol is "best for human rights"... OIDC, OAuth, GNAP ?
> 
> I hope they keep competing with each other for that title... 
> 
> Lets not feed the trolls by taking their bait of "Bitcoin is the only solution to human rights issues" or "OIDC is the only solution to human rights issues"... 
> These kinds of moral statements are divisive and unwinnable.
> 

There is no “best” overall, there is only what can do better in specific aspects. I really do believe GNAP is doing better in a lot of aspects because it is built on learning of how people have used other systems, including OIDC and OAuth but not limited to those experiences, of course. In fact, it’s experience with technologies like VC’s and wallets that drove much of GNAP’s open extensibility in end-user interaction, to allow for that kind of connection. Nobody from the VC community has stepped up to help write down that connection in an interoperable way, yet, but it’s something that I keep reaching out to people for and hoping we can do.

> Lets avoid maximalist perspectives and embrace the fact that diversity is a security property.
> 
> I encourage folks interested in contributing to GNAP to join the IETF WG, interested in OIDC? Join the OIDF, etc...
> 

While this statement is correct, the connections are also important, and I thank Adrian for continually trying to make these connections happen. It’s important to understand what the best connection points are, though. I do not see this as a competition, since these technologies are working in tangential spaces and can fit together in a  variety of ways, as I’ve presented to this very group.

 — Justin

> The "best protocol for defending human rights" is an observable property of successfully served users.
> 
> Cheers,
> 
> OS
> ᐧ
> 
> On Wed, Jan 5, 2022 at 4:33 PM Justin Richer <jricher@mit.edu <mailto:jricher@mit.edu>> wrote:
> Federated identity and delegated access are separate concerns, please be careful not to conflate them. The choice of a service to delegate login — which GNAP does not define — is the choice of that service.
> 
> And in fact, the loss of services is exactly the kind of thing that, I believe, Adrian is asking about. In GNAP core, we improve this over OAuth by moving away from the “go to a web page on the AS” assumptions and allowing a more nuanced and varied means of interaction and consent. Technologies like VC fit really well here: if I can present a VC to the AS, then the AS doesn’t need to “log me in” in a traditional OAuth sense.
> 
> https://www.ietf.org/archive/id/draft-ietf-gnap-core-protocol-08.html#name-determining-authorization-a <https://www.ietf.org/archive/id/draft-ietf-gnap-core-protocol-08.html#name-determining-authorization-a>
> 
> As I’ve explained on several DID, VCAPI, and related calls so far, this connection inbound to the AS is one of the most important ways that these items can be connected. If I have an accepted and standard way to get my consent, rights, and attributes into the AS without the AS needing me to make an account and log in, the more distributed the end system ends up being :without: requiring an RS to accept tokens from an arbitrary AS. We know from past attempts that this latter request is a bridge too far for nearly every RS. Getting the AS to accept external inputs and interactions, however, is a well-established pattern that GNAP is codifying and making explicitly extensible.
> 
> Also a note about IETF process for the W3C folks that this document is not simply an “internet-draft” from an individual (which has about as much weight as a web-page) but an active document of an active working group, and as such has more normative standards weight than any Note the CCG is allowed to produce within the W3C. This is not to disparage the CCG at all, but just to point out that there are different classes of work here, and it’s easy to confuse the two.
> 
> Also since this seems to be confusing, the expiration date is an artifact of the group currently focusing on the core document, and as discussed publicly at the WG meetings, the resource server document is next on the queue. As I’m sure you are aware yourself, Orie, there are only so many cycles that a group can apply to work in progress and be effective. It is not an indication that the WG has abandoned or plans to abandon the resource servers draft.
> 
>  — Justin
> 
>> On Jan 5, 2022, at 5:12 PM, Orie Steele <orie@transmute.industries <mailto:orie@transmute.industries>> wrote:
>> 
>> I wonder how many services President Trump lost access to when they banned his twitter account.
>> 
>> Can someone explain how GNAP improves on OAuth in this regard?
>> 
>> I can't find anything here: https://datatracker.ietf.org/doc/html/draft-ietf-gnap-resource-servers#section-7 <https://datatracker.ietf.org/doc/html/draft-ietf-gnap-resource-servers#section-7>
>> 
>> Also heads up that this "Internet-Draft" of "Intended status: Standards Track" expires on 13 January 2022.
>> 
>> 
>> OS
>> 
>> 
>> ᐧ
>> 
>> On Wed, Jan 5, 2022 at 3:46 PM Adrian Gropper <agropper@healthurl.com <mailto:agropper@healthurl.com>> wrote:
>> Bob,
>> The design principle is Separation of Concerns (separating control from possession). 
>> 
>> The human rights issue is to mitigate the often absolute sovereignty of the Issuer by making it obvious in both the technical and the regulatory sense when the Issuer is reducing the capacity or choice of the Subject through mandates like OAuth client credentials. GNAP, as opposed to OAuth, makes it very obvious when delegation is restricted without justification. As such, it will tend to keep the Issuers more honest and make them more transparent and easier to judge in terms of human rights.
>> 
>> Adrian
>> 
>> On Wed, Jan 5, 2022 at 4:26 PM Bob Wyman <bob@wyman.us <mailto:bob@wyman.us>> wrote:
>> Adrian,
>> I'm confused by your latest comments. Could you please explain how CCG's adoption of GNAP would facilitate "a focus on human rights as a design principle" (i.e. the goal you stated in your original message) Please forgive me if I'm missing something important in what you've said.
>> 
>> bob wyman
>> 
>> 
>> On Wed, Jan 5, 2022 at 3:57 PM Adrian Gropper <agropper@healthurl.com <mailto:agropper@healthurl.com>> wrote:
>> In this thread, my focus is the relationship between CCG and GNAP. RFCs are considered in the broader context of an Internet security layer such as Sam Smith and KERI are addressing. My proposal is that CCG will be well-served by adopting GNAP (and RAR) in as many protocol efforts as it can. If CCG does not outsource some protocol concerns to GNAP and other RFCs, then I believe other groups will bypass CCG-related protocols as we are already seeing in EU and ISO with mDL. 
>> 
>> The VC and DID work on data models and related registries is valuable with or without CCG protocol tie-ins. If I were to suggest a formal CCG work item, it would be to develop which specific authorization and authentication protocols should be layered on top of GNAP and RAR.
>> 
>> Adrian
>> 
>> On Wed, Jan 5, 2022 at 2:53 PM Alan Karp <alanhkarp@gmail.com <mailto:alanhkarp@gmail.com>> wrote:
>> RFCs have a Security Considerations section.  Are you suggesting that these groups include a Human Rights Considerations section in addition?
>> 
>> --------------
>> Alan Karp
>> 
>> 
>> On Wed, Jan 5, 2022 at 7:14 AM Adrian Gropper <agropper@healthurl.com <mailto:agropper@healthurl.com>> wrote:
>> Bob's are important questions in the context of our specific protocol work. I do not mean to scope this thread to general W3C or IETF groups or their governance. Bold is used below to link to Bob's specific questions.
>> 
>> I might also argue to limit the scope to protocols and not VC, DID, biometric templates, or other data models even though effective standards for these drive quantitative and possibly qualitative improvements in the efficiency of surveillance because a common language seems essential to discussing protocols. Adverse consequences of the efficiency of common interoperable language can be mitigated at the protocol level.
>> 
>> I'm responding in personal terms to Bob's questions. I urge all of us engaged in the protocol engineering effort to bring their own perspective on "Human Rights" and to advocate for specific technical solutions in specific workgroups. For example, I have chosen to focus attention on authorization for verifiable credential issue. I hope others will prioritize human rights impact of authentication protocols especially where biometrics could be involved.
>> 
>> The specific aspects of our protocol work that give rise to human rights issues relate to the efficiency of standardized digital credentials to human persons. What works for drugs in a supply chain or cattle on a farm can and usually will be misused on people. Also, transferring responsibility from an issuer to a subject of a VC is a burden that needs to be recognized and mitigated. With respect to the UDHRs, I would point to 12 (privacy and confidentiality), 13 (anonymity), 14 (limit the reach of DHS and other state actors), 17 (the right to associate with and delegate to others), 18 (associate with and delegate to communities one chooses), 20 (association, again), 21 (secret elections), 22 (anonymity), 23 (trade unions as delegates), 24 (burden of managing decisions in an asymmetric power relationship with the state or with dominant private platforms), 29 (duties to and scope of the community).
>> 
>> I'm suggesting that we formally address the issue of human rights as applied to the VC-API standardization process. I'm also suggesting that we use a process in VC-API that formally harmonizes our work with IETF GNAP.
>> 
>> Adrian
>> 
>> On Tue, Jan 4, 2022 at 11:45 PM Bob Wyman <bob@wyman.us <mailto:bob@wyman.us>> wrote:
>> Adrian,
>> Given that you're starting a new thread, I would appreciate it if you could do some context setting and clarifying:
>> What do you mean by "Human Rights?" Hopefully, you won't consider that a foolish question. The issue is, of course, that since Internet standards are developed in a multicultural, multinational context, it isn't obvious, without reference to some external authority, what a standards group should classify as a human right. Different cultures and governments tend to differ on this subject... As far as I know, the "best" source of what might be considered a broad consensus definition of human rights is found in the UN's 1948 Universal Declaration of Human Rights <https://www.un.org/en/about-us/universal-declaration-of-human-rights> (UDHR). 
>> Does the UDHR contain the full set of rights that you think should be addressed by standards groups? If not, are there additional rights that you think should be considered? 
>> In his document, Human Rights Are Not a Bug <https://www.fordfoundation.org/work/learning/research-reports/human-rights-are-not-a-bug-upgrading-governance-for-an-equitable-internet/>, Niels ten Oever refers to the UN Guiding Principles for Business and Human Rights <https://www.ohchr.org/documents/publications/guidingprinciplesbusinesshr_en.pdf>, which adds to the rights enumerated in the UDHR a number of additional rights described in the International Labour Organization’s Declaration on Fundamental Principles and Rights at Work <https://www.ilo.org/declaration/lang--en/index.htm>. Given that you appear to endorse ten Oever's report, do you also propose the same combined set of rights? (ie. UDHR + ILO DFPRW?)
>> Some have argued that the Internet introduces a need to recognize rights that have not yet been enumerated either in the UDHR or in any other broadly accepted documents. If this is the case, how is a standards group to determine what set of rights they must respect?
>> What specific aspects of the issues being addressed by this community group give rise to human rights issues? Also, if you accept that one or some number of documents contain a useful list of such rights, can you identify which specific, enumerated rights are at risk? (e.g. if the UDHR is the foundation text, then I assume privacy issues would probably be considered in the context of the UDHR's Article 12 <https://www.un.org/en/about-us/universal-declaration-of-human-rights#:~:text=Article%2012,interference%20or%20attacks.>.)
>> Are you suggesting that this group should formally address the issue of rights, with some sort of process, or just that we should be aware of the issues?
>> ten Oever suggests that "Those who design, standardize, and maintain the infrastructure on which we run our information societies, should assess their actions, processes, and technologies on their societal impact." You apparently agree. Can you say how this should be done?
>> The UN Guiding Principles for Business and Human Rights describe a number of procedural steps that should be taken by either governments or corporations. Are you aware of a similar procedural description that would apply to standards groups?
>> I think it was in the video that it was suggested that, in Internet standards documents, "a section on human rights considerations should become as normal as one on security considerations." Do you agree? If so, can you suggest how such a section would be written?
>> bob wyman
>> 
>> 
>> On Tue, Jan 4, 2022 at 9:05 PM Adrian Gropper <agropper@healthurl.com <mailto:agropper@healthurl.com>> wrote:
>> This is a new thread for a new year to inspire deeper cooperation between W3C and IETF. This is relevant to our formal objection issues in W3C DID as well as the harmonization of IETF SECEVENT DIDs and GNAP with ongoing protocol work in W3C and DIF.
>> 
>> The Ford Foundation paper attached provides the references. However, this thread should not be about governance philosophy but rather a focus on human rights as a design principle as we all work on protocols that will drive adoption of W3C VCs and DIDs at Internet scale.
>> 
>> https://redecentralize.org/redigest/2021/08/ <https://redecentralize.org/redigest/2021/08/> says:
>> 
>> Human rights are not a bug
>> Decisions made by engineers in internet standards bodies (such as IETF <https://www.ietf.org/> and W3C <https://www.w3.org/>) have a large influence on internet technology, which in turn influences people’s lives — people whose needs may or may not have been taken into account. In the report Human Rights Are Not a Bug <https://www.fordfoundation.org/work/learning/research-reports/human-rights-are-not-a-bug-upgrading-governance-for-an-equitable-internet/> (see also its launch event <https://www.youtube.com/embed/qyYETzXJqmc?rel=0&iv_load_policy=3&modestbranding=1&autoplay=1>), Niels ten Oever asks “how internet governance processes could be updated to deeply embed the public interest in governance decisions and in decision-making culture”.
>> “Internet governance organizations maintain a distinct governance philosophy: to be consensus-driven and resistant to centralized institutional authority over the internet. But these fundamental values have limitations that leave the public interest dangerously neglected in governance processes. In this consensus culture, the lack of institutional authority grants disproportionate power to the dominant corporate participants. While the governance bodies are open to non-industry members, they are essentially forums for voluntary industry self-regulation. Voices advocating for the public interest are at best limited and at worst absent.”
>> The report describes how standards bodies, IETF in particular, focus narrowly on facilitating interconnection between systems, so that “many rights-related topics such as privacy, free expression or exclusion are deemed “too political””; this came hand in hand with the culture of techno-optimism:
>> “There was a deeply entrenched assumption that the internet is an engine for good—that interconnection and rough consensus naturally promote democratization and that the open, distributed design of the network can by itself limit the concentration of power into oligopolies.
>> This has not proved to be the case.”
>> To improve internet governance, the report recommends involving all stakeholders in decision procedures, and adopting human rights impact assessments (a section on human rights considerations should become as normal as one on security considerations).
>> The report only briefly touches what seems an important point: that existing governance bodies may become altogether irrelevant as both tech giants and governments move on without them:
>> “Transnational corporations and governments have the power to drive internet infrastructure without the existing governance bodies, through new technologies that set de facto standards and laws that govern “at” the internet not “with” it.”
>> How much would having more diverse stakeholders around the table help, when ultimately Google decides whether and how a standard will be implemented, or founds a ‘more effective’ standardisation body instead?
>> 
>> 
>> Our work over the next few months is unbelievably important,
>> 
>> - Adrian
>> 
>> 
>> 
>> -- 
>> ORIE STEELE
>> Chief Technical Officer
>> www.transmute.industries <http://www.transmute.industries/>
>> 
>>  <https://www.transmute.industries/>
> 
> 
> -- 
> ORIE STEELE
> Chief Technical Officer
> www.transmute.industries <http://www.transmute.industries/>
> 
>  <https://www.transmute.industries/>