Re: [GNAP] Human rights perspective on W3C and IETF protocol interaction

Adrian Gropper <agropper@healthurl.com> Wed, 05 January 2022 19:46 UTC

Return-Path: <agropper@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FE593A0E43 for <txauth@ietfa.amsl.com>; Wed, 5 Jan 2022 11:46:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.398
X-Spam-Level:
X-Spam-Status: No, score=-1.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JlImcf8E_DTH for <txauth@ietfa.amsl.com>; Wed, 5 Jan 2022 11:46:20 -0800 (PST)
Received: from mail-qt1-f175.google.com (mail-qt1-f175.google.com [209.85.160.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76FB43A0E40 for <txauth@ietf.org>; Wed, 5 Jan 2022 11:46:20 -0800 (PST)
Received: by mail-qt1-f175.google.com with SMTP id v4so131515qtk.0 for <txauth@ietf.org>; Wed, 05 Jan 2022 11:46:20 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=gmWZPsh4VPSEqT+gzOIYvJW4SYVZBUsENArpBRsBCKg=; b=OdDB+8deSUYMrhTY7WEgDJ6F1EyRSKNrbLbb24R0xkhsdovGGy4G/mKF4KRrWF/Ysw cr19wE3VV01YCPElQ17xi9zdJmjhJilLwTROyO8lWmaHqs9Plslv1vtlKa+KhNMRY94t 4utNptyIjr2X4JUvUVYqp9aPr4ZQe3EwBe9dkVmD2K+x7PAPMFuvM942fR70dXC6pn2c i4VEX9id7pwyZGXmXBpweCC25e0Qna6DWU8M7g/WUSJGOwriGmKRA5jVGXTpnVFlJ95Q tqI6aFsCwlU+KNdWU80PXLzdcHs1zOoGLJtY37K2ANHqd2rwpUEt1/HsPwiEXgz5iIhF UVFA==
X-Gm-Message-State: AOAM530bic4CwleB7uudFMTccEEhTBx7xqA1QvxmEzApfA8EPwv3KIB2 AQSpZ8vVCwl1MbAL5o7wP7TQ4tSMBQwlhe1w5NW/h2+PLDE=
X-Google-Smtp-Source: ABdhPJywa75yFIDwuA+rUMtqP3z9jv5vXV/NNcwFiBZQ4EK6KR0NlS0rp8BikemWCqTe78F/DdINJh7EtQ8IQXqMsF0=
X-Received: by 2002:a05:622a:43:: with SMTP id y3mr50174594qtw.575.1641411979351; Wed, 05 Jan 2022 11:46:19 -0800 (PST)
MIME-Version: 1.0
References: <CANYRo8i=H3p23boH4OQ6sCXds8ADqaizwDHebE6-xMP2mZ5QEg@mail.gmail.com> <CAA1s49VWs_Qe9qryJOwWG4oHTS6Wa-6p6jAVSDT6Vqn4cwdUwQ@mail.gmail.com> <CANYRo8jUaP=9eX3HJWhFOmMCeaU7gkTQ9FdLg3=E61AUFQv8qQ@mail.gmail.com> <784A09BA-8761-4951-A962-33FC009120CB@openlinksw.com>
In-Reply-To: <784A09BA-8761-4951-A962-33FC009120CB@openlinksw.com>
From: Adrian Gropper <agropper@healthurl.com>
Date: Wed, 5 Jan 2022 14:46:08 -0500
Message-ID: <CANYRo8iqPAaGnjYsRQuq9Ympo2EZQKn65KwqmgKLsPpzcsUyaw@mail.gmail.com>
To: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
Cc: GNAP Mailing List <txauth@ietf.org>, W3C Credentials Community Group <public-credentials@w3.org>
Content-Type: multipart/alternative; boundary="000000000000f5997905d4db01b5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/bLiGWi3VBwlondtlaOQZtnXoWBo>
Subject: Re: [GNAP] Human rights perspective on W3C and IETF protocol interaction
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: GNAP <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jan 2022 19:46:26 -0000

I completely agree with Ted. Unfortunately, Holder is even more misleading
than Subject because it applies to the Issuer as well as the controller of
a VC. This is the problem with linking control with possession.

In the human rights context of this thread, we might consider ways that
Subject is verified. Is it though a biometric? Control of a private key?
Control of a legally mandated device such as an ankle bracelet? Control of
a device like Apple Wallet with certified biometric controls?

Choice of words aside, the linkage of control to possession in the context
of CCG is not a matter of ethics. Standardized digital credentials exist in
the context of state-controlled mobile driver's license credentials and
privately controlled $3Trillion wallet platforms. The NY Times describes
the tension between these sovereigns around the world almost every day. I
might stipulate that DHS and Apple are both ethical within the scope of
CCG. A verifiable VC issued as a COVID credential in New Zealand presumes
that a state document was verified and the mobile wallet used to present it
was certified. Otherwise, we're just engaging in security theater like much
of what passes for digital credentials today.

Translated to protocol work related to CCG, ethics and human rights are
different issues. Paraphrasing Heinz vonFoerster, we might say that the
ethical imperative of the CCG is to maximize the number of effective
choices on behalf of the Subject as they face the sovereign Issuers and
Verifiers and the equally sovereign private platforms.

Adrian

On Wed, Jan 5, 2022 at 2:04 PM Ted Thibodeau Jr <tthibodeau@openlinksw.com>
wrote:

>
> On Jan 5, 2022, at 10:11 AM, Adrian Gropper <agropper@healthurl.com>
> wrote:
>
>
> transferring responsibility from an issuer to a subject of a VC
>
>
>
> For the eleventeenth time, the SUBJECT of a VC has NO CONTROL
> over anything to do with that VC.  The only entities with control
> of any kind are the Issuer, the Holder(s), and the Verifier.
> In the wilderness of the World Wide Web, ANYONE CAN SAY ANYTHING
> ABOUT ANYTHING.  (This is not so different from the wilderness
> of paper-space.)
>
> I could Issue a VC today, with you, Adrian, as the Subject,
> which contains anything I care to say about you.  I could say
> that you, Adrian, are the 14th moon orbiting Sol III (a/k/a
> the third planet orbiting our sun, a/k/a Planet Earth).  This
> is not actually a fact, of course, but I may nonetheless Assert
> it, and I may do so in a VC, which simply allows anyone to
> Verify that I did in fact Issue that Assertion within that VC.
>
> I could Issue this VC with or without the knowledge of you,
> the Subject, to any Holder of my choosing, who may Present
> it to any Holder or Verifier of *their* choosing, without
> any alert to you, the Subject.
>
> There is *nothing* that the CCG nor the VCWG nor the IETF nor
> the UN nor the USGovt nor any other entity can do to prevent
> me from doing so.  The USGovt *may* pass laws that impose
> penalties upon me or others who make such untrue assertions
> in VCs, but, to date, they have not, and there would be some
> lengthy freedom of speech litigation if such were enacted and
> someone then attempted enforcement -- and this is the *most*
> possible path to such restrictions.
>
> Your various efforts will have much greater effect, perhaps
> even delivering the results you want, if you digest this,
> and work it into your various writings and excoriations of
> the various WGs and CGs and other audiences you address.
> Failure to integrate this reality into your output will
> only lead to frustration on all sides, and failure to
> reach any of your declared goals.
>
> I believe that some of your efforts have value.  (I don't
> know the totality of your efforts, so cannot say this about
> everything you will do or have done.)  I would like to see
> these benefit the world.  I do not believe that will happen
> if you continue to ignore the hard-won vocabulary developed
> by the CCG, VCWG, DIDWG, and related efforts.
>
> Be seeing you,
>
> Ted
>
>
>
>
>
> --
> A: Yes.                          http://www.idallen.com/topposting.html
> | Q: Are you sure?
> | | A: Because it reverses the logical flow of conversation.
> | | | Q: Why is top posting frowned upon?
>
> Ted Thibodeau, Jr.           //               voice +1-781-273-0900 x32
> Senior Support & Evangelism  //        mailto:tthibodeau@openlinksw.com
> <tthibodeau@openlinksw.com>
>                              //              http://twitter.com/TallTed
> OpenLink Software, Inc.      //              http://www.openlinksw.com/
>          20 Burlington Mall Road, Suite 322, Burlington MA 01803
>      Weblog    -- http://www.openlinksw.com/blogs/
>      Community -- https://community.openlinksw.com/
>      LinkedIn  -- http://www.linkedin.com/company/openlink-software/
>      Twitter   -- http://twitter.com/OpenLink
>      Facebook  -- http://www.facebook.com/OpenLinkSoftware
> Universal Data Access, Integration, and Management Technology Providers
>
>
>
>
>