Re: [GNAP] Human rights perspective on W3C and IETF protocol interaction

Mark Lizar <mark@openconsent.com> Thu, 06 January 2022 14:03 UTC

Return-Path: <mark@openconsent.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 420793A0CA0 for <txauth@ietfa.amsl.com>; Thu, 6 Jan 2022 06:03:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=openconsent.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6fnyJxoPw3G0 for <txauth@ietfa.amsl.com>; Thu, 6 Jan 2022 06:03:17 -0800 (PST)
Received: from NAM02-DM3-obe.outbound.protection.outlook.com (mail-dm3nam07on2098.outbound.protection.outlook.com [40.107.95.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C2E23A0C9F for <txauth@ietf.org>; Thu, 6 Jan 2022 06:03:16 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SEigteC8ElhnCujNvrJBetrxr5ScijSewnF73kCC0VP8vU0v4y3eiWy2LO414ZeNlg/5Pb3+6RZcHoBzJIAi1iUEsCDjTzpTHuiYJaGgqGahHS9q2w1givakxoPXMYMnmGME2GQnVp3C508JYP79bbndakYjfUTPQn95bgL50XvYHGq1XTSdjaKphhKTq57MfP1S40R9JbPGB3JFGZW1U6MZqoFAb9U5qGw8nlSUBsHvGZ02m5JWeHjUaNzG0KfLWq4zy3S5dXRpfkSaQWGLRHODHuaWhpH2MDawntRHKDvb2C2/PRo+xW7zQcJKa6YdWl+ibnGHl7U4qaUO89qrJg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=cq9HoLMrhFyg/5Vn4ckKAGDpuLcORuObyz0xqXCB81k=; b=dlqyUvH7DtxmMYgvZ1/iyXe63i9fnkhx4Q/FiGax0LFzAuf3nyNcO274TYeSh5q6Cm3bFLWaqm+bFiHz0D2gpo8PRq71Ba67ZX7lv2UG8TaysDDHxuR/r9Vs4eKNMp+DnFeS8FQi5R7WAirZsmdb5qMf/pqCahV172FseMyedbZSLkbsfvv+wVLStLVe+/oKreg/lUFws8BTbi1O5qEfOYBe7awhFkCnc1FKPifF5FlQnBGH5zPeCZoEBgE38wSJMpGCn3ox9z2O0982CKv6UA//H9/WagspmrVYCwreFKt1vtdrgCNADm45hFU+vDYgT4pxzVbPA8euLqhvWEmUBA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=openconsent.com; dmarc=pass action=none header.from=openconsent.com; dkim=pass header.d=openconsent.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openconsent.onmicrosoft.com; s=selector1-openconsent-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cq9HoLMrhFyg/5Vn4ckKAGDpuLcORuObyz0xqXCB81k=; b=j0MUxAJWGN2QEk8ugAqz6ZKFPDoMN6x/h22/G3MvQAQP6tI2aeAFkjYhsXh4yP3uiN7rbjhuObyfPCj0+JTfNmFpFgQRH2xuVdpEsNtMjdBl96eLrJNoNpvggH1EtfFp73S4j4Mxeu3lgydf5I8p4CJVncLbza3Qmevv7KseyXqs4rhP8baS4sewjcVBvnlZ5UiBrOiYMLgYF/NrrDOO58LtfnqhW8ScybUjkUo/PETaebTXgNcePKlQ9akFlnzhdCvUcDAtQzefD+94roJii4jcUEt1s+FpLGNoF5AwIS6TTqP8Fn9q0cg1BoQ8G1sV8gyewGK6R1RYpK4VBe7AmQ==
Received: from DM8PR14MB5240.namprd14.prod.outlook.com (2603:10b6:8:37::16) by DM8PR14MB5221.namprd14.prod.outlook.com (2603:10b6:8:28::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4867.7; Thu, 6 Jan 2022 14:03:12 +0000
Received: from DM8PR14MB5240.namprd14.prod.outlook.com ([fe80::e9b5:339a:d6c6:85e8]) by DM8PR14MB5240.namprd14.prod.outlook.com ([fe80::e9b5:339a:d6c6:85e8%9]) with mapi id 15.20.4867.009; Thu, 6 Jan 2022 14:03:12 +0000
From: Mark Lizar <mark@openconsent.com>
To: Justin Richer <jricher@mit.edu>
CC: Orie Steele <orie@transmute.industries>, Alan Karp <alanhkarp@gmail.com>, Bob Wyman <bob@wyman.us>, Adrian Gropper <agropper@healthurl.com>, GNAP Mailing List <txauth@ietf.org>, W3C Credentials Community Group <public-credentials@w3.org>
Thread-Topic: [GNAP] Human rights perspective on W3C and IETF protocol interaction
Thread-Index: AQHYAdhgr2Gtaq6Br0GnSoCTgrWa+KxT2n8AgACutwCAAE7QgIAAEd4AgAAIC4CAAAVBgIAADdI6gAD/EuuAAASCgA==
Date: Thu, 6 Jan 2022 14:03:12 +0000
Message-ID: <12ADDD1D-FE53-41E9-A804-E6E1B7FA438C@openconsent.com>
References: <CANYRo8i=H3p23boH4OQ6sCXds8ADqaizwDHebE6-xMP2mZ5QEg@mail.gmail.com> <CAA1s49VWs_Qe9qryJOwWG4oHTS6Wa-6p6jAVSDT6Vqn4cwdUwQ@mail.gmail.com> <CANYRo8jUaP=9eX3HJWhFOmMCeaU7gkTQ9FdLg3=E61AUFQv8qQ@mail.gmail.com> <CANpA1Z2WBT69AJ6ynsYCHuOAAoB7F3fn+ebtV3fjBdeYTT-D+Q@mail.gmail.com> <CANYRo8gnx0nFje=GfqUVUESkKpeJB4Ln3Pa2QYt_iFMkrPBsLQ@mail.gmail.com> <CAA1s49UdeVBgc+rzOEJ+LcAP8g4gXX9XnZH2m+4=oOcFy3AvCg@mail.gmail.com> <CANYRo8iDA-EGK589VdcNU8PMK2BQZwT19Bxsav2HSGwhyBL=4A@mail.gmail.com> <CAN8C-_+eSZCohY7QDC5La90=14=sjpo5pELOUqUdb7PhRzhXxw@mail.gmail.com> <A4FA7445-31A5-4B7A-BE30-EB47168F8ED5@mit.edu> <CAN8C-_+rMsFDCnbEn7KJhWA_ovFbJbpiviYR-wPr2MK756Z-Lw@mail.gmail.com> <3C82D2BD-EACC-41E0-BE92-9357199412BB@mit.edu>
In-Reply-To: <3C82D2BD-EACC-41E0-BE92-9357199412BB@mit.edu>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=openconsent.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 01aae691-b4bd-42d6-8199-08d9d11d46fc
x-ms-traffictypediagnostic: DM8PR14MB5221:EE_
x-microsoft-antispam-prvs: <DM8PR14MB522140D4AA06D91F11EAF6E1DA4C9@DM8PR14MB5221.namprd14.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: opb/tV/Zfckxq0boHlJh38Q2XwqLb3+YIPKrl5M7xrVTJvnnCc+KynliqVeb6F3/5J/pucETrwc9wb5d7sf5q/mHulv22BP+ZAKaSK2h0xDnYeJBmI4/AIwU01JEDMHubv7l8IZpeevQWpn9kOaoQfgROeZ30bZnZayDfKn+0NGFCGjr+Uq80WWExKS7Y8jkdf8WkVsHnrw54ROsgVB960ZwAG7aF36nsrl+ch8PaxKQG+I6Wwr6fLC7SKLguNnjodIxem1vwan0uXKURqTdtTuqZmMbcw12czXM4tnElRNc/RLaInK5+kR9DbqBXsNAu/Crg1fTAbU5Rjt1xaBzRFm6PbT3tt1yFUZoLmKzQVV/RIBZH6kYX+BuLJC7+YvC44P8MkPwy5oSzx4N9oseHr56T5ldu6PhPiIw47bfMALJYbW/pkjcmvFc/bT9PAjzLioQY7c8EV2Q81WfBhAz2292D4NKZPXcmR5EBmhxcMO88s5jrGa6OcWi89mA5wQknrt3uFFe3NRex6zL/tZkt2p0/xudjZBBCU5krol3/sVRHsm91+GAKeju9Wt8+biOaO/17rwzT4z8AzUGl3siPX9FJWrtjuS9GgZdfun6d7tWPRqsU1S56m62Ev/8eKSyo8NXlJjf3lUuVT34cbvR4S4mbnhc6aq6MPrlIiH/zsqHep/Z+FVQKGvEHo3mapl5lcAEHLdn+vR5TNqW2vK6JjP0gFzZqN+94juuXbtEAJGZ26GcxAClIvVCiSCjVb3v
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM8PR14MB5240.namprd14.prod.outlook.com; PTR:; CAT:NONE; SFS:(346002)(136003)(376002)(396003)(366004)(39830400003)(6506007)(53546011)(316002)(122000001)(54906003)(26005)(186003)(36756003)(33656002)(8936002)(38100700002)(66574015)(2906002)(38070700005)(86362001)(8676002)(71200400001)(83380400001)(64756008)(66446008)(66476007)(66946007)(5660300002)(2616005)(6916009)(76116006)(91956017)(66556008)(6486002)(508600001)(6512007)(4326008)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?utf-8?B?clIrWWk3RVN4N2VIQ0dTaWhBR2E3YUtiYkhGVzlNUG5RVXRJbGdJdlFUYnVS?= =?utf-8?B?Q3hHME9MTWRQNCsxczQwZ0Noeld0dTNHdno5Ulo0ZVA4K3dRd0l5RVAzbW9K?= =?utf-8?B?TTV0NDNEUUdFYmNYdWZ4ZUl3U0VLRkJCWXdjN3FoblpCYmVtNEZuUGcwMUx1?= =?utf-8?B?Sm1mZk1lUStvK2hoMFl6ZGRWdytpRndKdDV3Yyt0U2dhVnlQNk5PS3NKUTNQ?= =?utf-8?B?Rm5XTFdNNTRMakRQQlhuTnR4ejl2c1V0cXdLVkU0QjI2cXRyYzlhU08wcytF?= =?utf-8?B?Y0J5dytVK0thZWJCellqRjdVb05qYjI0aG9uRFlTVlFkL1Q2TzFqeTBwNGlh?= =?utf-8?B?ZVM4NS9lNjJWZnExaUFrdVF4YklOYWMwTDFqV2V1NzRHQ0w1cmZ4a05JdFNh?= =?utf-8?B?M2FRa2YzcGcxdzZYUkxTOSt1dUlBWnBzWXU1N1Vhb3dsOGJjT0VEclJqandZ?= =?utf-8?B?bXhxYWZ0Q2ZXTG9BZFB0V0l2YUlzck1ncFFQcW5nYjlZWDk1VmxEZlJDUG91?= =?utf-8?B?U2pGNkl2NEYrU3NzemxXa0lsaFpJVXNBZ0tVdUJRMFdCL2N1SFlaajRyOXdj?= =?utf-8?B?SzAzS0o3UUYvRy9HdzcwSm55REFRT0ZaSXVGSnRLY2Mxc3BUbWI2eU5SNTBM?= =?utf-8?B?TWk1QnRxaU0yOW1qTldrZXNXNVAzUnRVWFJBeGRCbnUzcG8zRjV3SSsvOW45?= =?utf-8?B?MGNKWjZnb3F2alE0R0ZhbGxMZFZQaXczaVpwamZBVStacGgzOTdnS2hJQTFw?= =?utf-8?B?S3N0US9scHNORUZsU1JlY09xR3F2S0Y4SUI3azc1eFZhWTBlZWdXa01sQU5P?= =?utf-8?B?aFEyZ3FvYmVXclJFb0YwREhvS2JxaldQWHVRMmsrb1lXNmJtNmU5SVRXLzdV?= =?utf-8?B?ay9xNGNHaUltdjZ4cFZVYXJhMHFLa0NlZzEvckpKeFBwVDVYdkNSVXZ3S0ll?= =?utf-8?B?NEFaTXpwZitYQVhUYmxYamN3WExoZ0NZb29TYnFUSjVWUXkzby9yMXIvNFo2?= =?utf-8?B?OHpDcXMxcjlKN3VBemNHb1Y3OHpjZGxsM2JEcUFSZWRtV2F1VzlOQmMyY0pH?= =?utf-8?B?SVpXaFNCQllWOFNwSkRzQ095ZGFHb2FaVnNqQ1J4bEdaREZzNXk2TWxiSTc3?= =?utf-8?B?Z1VWM3ZDaTFEUnlscjhlbVJVT3JORExaNXZTL1U1SlJ1aEhQdXdLU2RrTFgr?= =?utf-8?B?Y2hjK3Y2TUtGUXJKdFZ4dDRGNTY5Y21vN3BBN1N3V29saS82SlRYU2ROeXJC?= =?utf-8?B?c2UrdmNKb3YzZDU4Z041NG96Rm80cnJ5cVFGelpWbFJXVGlvVUhqcHJnZFJG?= =?utf-8?B?TkNOQ0VTT29mZ3h6dUFYQzM4M2xjb1RRK3hXaWdGcXlOUnJwMW5BbDZwUS9C?= =?utf-8?B?OS9uQWF4OWpiaDZFcjF3eG9FeWlCTFVLVStxQUllZ3l0U0JhSEkvYUNDaEtr?= =?utf-8?B?bytBbmpPK0VCcVhCSzU4VVlReTd3cHpmeDV6WHVhenl2ajhkV1N3VC96QnRI?= =?utf-8?B?M0lWNmhhSVEzOWo2UW9hT1ByYmlGUnI0TTNoOFBtTU44bE5ycjVVTEkyeWo1?= =?utf-8?B?c3p2cnVuNEVwU2U1QzZ4WVYrQzk1aUpMMFovMUw2RG11QVhXR3hzRldlKzZG?= =?utf-8?B?T1d2NFMwN05yenQvT0MzMk10ZDN2Mno4WlV2UVBPNkZyTTRBQ282TWtnQkxz?= =?utf-8?B?UkRRWUhMeGZhRitPRmRheWlIOUFDTjl1NGY2YnNUOUV2UVUxQ0J6aS8rMU9J?= =?utf-8?B?VEo1dnR3TEpabGdJR1pldHhPdldzbGkwYS9ZenAxSFZWdi9jc0JGVWNJTzZR?= =?utf-8?B?VSsvYy9PQThtdFBObStrQU1CQXo1VXR5ZE9aaG9hdSs3dFJOTFJJTTBqc2p4?= =?utf-8?B?ZTZMdzRBcDN3ZU1XckRKbkh6dzB4amdTaVNoN28zZ1ZqUVMrODlja294QkdY?= =?utf-8?B?ZGJ5RHV4empWbU5vV2hkRUVsVGl2TUkrRzdrZG5uNWlDVUI3WC9wdndMbUFF?= =?utf-8?B?WG5KQnVwYnJMamxwaHpLS3dQT014a0hWN1NvS3FhNmpXWVZrMEEyRWE1Z1dV?= =?utf-8?B?MnhOSldqRjN0UG8zcmRlUmMvdVkwd2VnYkpTWlpnV0I3L21JeTk0MVk4S0Fp?= =?utf-8?B?U2Z5ZVNKb1F2a2NYdll3ekVkczRrNmFFaHl4Z1JzRzJNcnZxL2FKcFUrTitk?= =?utf-8?Q?m7EvjM79Iq95quYS5eYQ6Dw=3D?=
Content-Type: multipart/alternative; boundary="_000_12ADDD1DFE5341E9A804E6E1B7FA438Copenconsentcom_"
MIME-Version: 1.0
X-OriginatorOrg: openconsent.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM8PR14MB5240.namprd14.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 01aae691-b4bd-42d6-8199-08d9d11d46fc
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Jan 2022 14:03:12.3439 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d6e4f995-32e4-4f49-9949-0abe865e4152
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: cckwfQg7h3sDCFvjTchE2+kwayBkPYdIpSDVClD9+WyuTtar8ENo3QRbwYWPlQ8Q98OWHK9sMfNxBOzLmhrXaA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM8PR14MB5221
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/nukUOL2uraguXj3xOeEdmC95r8w>
Subject: Re: [GNAP] Human rights perspective on W3C and IETF protocol interaction
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: GNAP <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Jan 2022 14:03:21 -0000

Hi List,

I have been mostly a lurker on this list as the majority of technical discussion doesn’t include ethics, human rights etc.

To this end, we are working on the next evolution of a project to Open Privacy Notice and subsequently consent with specifications based on international  ISO/IEC standards @  Kantara in the follow on from the Consent and Information Sharing WG, called ANCR WG. \

It is a project human centric transparency, control and rights access, or in short computational privacy law, utilizing these standards for creating Proof of Notice (records), for evidence of Consent (receipts), and we have an implementation with a rights Notary, and Controller State Change Ledger (Not block chain).

In this regard, receipts are easily tokens, signed by a rights Notary (GNAP end point), and can automatically be provided from a data subject client to a Controller, processor or the like.      A service architecture which aims to provide the capacity for micro-credentials to be used, and to enable strong independent authorization and autonomous rights access.  AKA, access to rights and data governance independent of the service provider and technology.   (Not dependent on it). I see GNAP enabling in this architecture what we refer to as decentralized data governance, using public rules/privacy law (which this architecture can implement with standards).

Perhaps, rather than a human rights section, there would be a human rights case study / example, to coincide with security considerations?  (A case study that is inclusive and not only the engineering geeks. )

Kind Regards,

Mark

On Jan 6, 2022, at 8:46 AM, Justin Richer <jricher@mit.edu<mailto:jricher@mit.edu>> wrote:

This is really the crux of the argument — the technology is never going to outweigh the trust and policy side of things. You could have a completely internet-wide fully-distributed system, like OpenID 2.0, and people would still make allowlists and blocklists to limit which sites they accept login from. The same thing already happens with DIDs — implementors are limiting to specific methods and resolvers, which immediately slices the “global distributed” network up into silos. This will always happen. The best thing that we can do is build a technology that makes it easier to connect and work on policies, regulations, and environments that encourage those interconnections to happen. It takes both the capability and the will to do so, and technologies all too often focus on the former.

This is at the heart of what Adrian is talking about, in my interpretation: we need to make sure that the technological choices we are making :enable: the policy and trust decisions to be good ones. This is what the human rights considerations work in IETF is trying to accomplish, to make sure that technologies being developed are considered in that light, in the same way that the security and privacy considerations have done in the past. I applaud and welcome this, even though it means more work for me as a specification author.