← @ChristopherA Twitter archive

Christopher Allen

@ChristopherA

…”We propose using an X.509 DID method or X.509 DID submethod in which the DID itself contains the fingerprint of the X.509 certificate used for signing the issued verifiable credential data.”

8/26/2019, 5:37:46 AM

Favs: 2

Retweets: 1

Christopher Allen

@ChristopherA

…”This could be a new DID method, or it could be a submethod with which existing methods could optionally provide a way to use existing X.509 certificates to sign credentials.”

8/26/2019, 5:38:20 AM

Favs: 2

Retweets: 1

Christopher Allen

@ChristopherA

…”Note that a VC can easily be transformed into an ETSI TS 103 171 3 compliant document so for instance a XaDES document by adding the X.509 public keys from the one that is used for signing to the PKI root certificate.…”

8/26/2019, 5:39:46 AM

Favs: 4

Retweets: 2

Christopher Allen

@ChristopherA

…”X.509 DID’s are a good way for entities that do not represent natural persons, so-called legal persons to refer to themselves in a verifiable manner using existing systems in place. These DID’s themselves are not considered personal data in relation to the GDPR”

8/26/2019, 5:42:18 AM

Favs: 0

Retweets: 0

Christopher Allen

@ChristopherA

…”Waardepapieren project in the Netherlands is aiming to use X.509 DID’s to have municipalities issue all kinds of valid proofs, not to be used for identification of a holder, in a digital way instead of issuing in print on specific watermarked paper as is done until now.”

8/26/2019, 5:43:47 AM

Favs: 1

Retweets: 0

Christopher Allen

@ChristopherA

…Though not technically part of the ActivityPub standard, one of the more powerful tools to avoid for this is authentication using HTTP Signatures, which is being upgraded to leverage DIDs (a different paper).

8/26/2019, 5:53:45 AM

Favs: 1

Retweets: 0

Christopher Allen

@ChristopherA

…”Due to these and other concerns over sensitive information leaking to third parties, we suggest that Followers and Following collections not generally be made public.”

8/26/2019, 5:54:41 AM

Favs: 0

Retweets: 0

Christopher Allen

@ChristopherA

…”In most ActivityPub implementations, an Actor's inbox is simply a URL endpoint specific to the actor, e.g. https://example.com/bob/inbox. While convenient, we propose that servers should be using Object Capabilities model by which Inboxes are a capability handed out by a server.”

8/26/2019, 5:55:49 AM

Favs: 0

Retweets: 0

Christopher Allen

@ChristopherA

…”We propose to extend this validation with a second layer of identity validation through the use of Pet Names. The Pet Names proposal presented in Rebooting Web of Trust 201817 has a secondary property of being able to be used as simplified trust mechanism.”

8/26/2019, 5:57:29 AM

Favs: 1

Retweets: 0

Christopher Allen

@ChristopherA

…”we are concerned that the transitive properties of block lists may have unintended consequences or be used as a vector for attack or denial of service. If services adopt each other's blocklists without review, they may miss out on messages that they might wish to recieve.”

8/26/2019, 5:58:36 AM

Favs: 0

Retweets: 0

Christopher Allen

@ChristopherA

…There are a number of other suggestions for ActivityPub in this paper and “the suggestions made in this proposal are meant to be used in conjunction with one another for maximum efficacy.“

8/26/2019, 6:01:15 AM

Favs: 0

Retweets: 0

Christopher Allen

@ChristopherA

…”Identity continues to be bedevilled by conflicting language and definitions of what should be simple and understandable terms. An understandable reaction to this is to define or catalogue the various terms, in the hope that confusion disappears and consensus emerges…”

8/26/2019, 6:07:36 AM

Favs: 1

Retweets: 0

Christopher Allen

@ChristopherA

…”…Yet even this has not seemingly aided the sector. Why is this? One possible cause is a focus on WHAT and HOW rather than WHY…Without a focus on WHY, we techies are left interpreting it from our own biases.”

8/26/2019, 6:08:52 AM

Favs: 0

Retweets: 0

Christopher Allen

@ChristopherA

…”Such a consensual approach should be obviously good, but I have a nagging doubt. When I formulated the 4 schools or types of identity (state, self, corporate, community), I was not thinking of *inclusion*, I was expressly intending to *exclude*”

8/26/2019, 6:09:52 AM

Favs: 1

Retweets: 0

Christopher Allen

@ChristopherA

…”without a strong narrative as to WHY, we are ungrounded. It doesn’t help to know HOW to build it if our foundations are sand. The castle of Identity, to be of any use whatsoever, must be founded on the strongest rock of understanding, of WHY”

8/26/2019, 6:10:58 AM

Favs: 0

Retweets: 0

Christopher Allen

@ChristopherA

…Privacy problem in content addressable systems: “Any data store can inspect & observe all contents, so privacy does not exist on this layer. This is even worse in a peer to peer system, because then the network cannot help spread content without being able to see all content.”

8/26/2019, 6:19:18 AM

Favs: 1

Retweets: 0

Christopher Allen

@ChristopherA

…”This ability to see the content you are helping to distribute is also a liability; a node wishing to be a good citizen and helping distribute content along the network may find that it is storing undesirable material in the clear. Sometimes it is best to know less.”

8/26/2019, 6:19:45 AM

Favs: 1

Retweets: 0

Christopher Allen

@ChristopherA

… Datashards ”come from chopping up & symmetrically encrypting content into uniform-sized chunks/shards are content-addressed "shard URNs". The shards may be distributed amongst storage & distribution providers without knowledge by those parties as to what the contents contain.”

8/26/2019, 6:21:18 AM

Favs: 2

Retweets: 0

Christopher Allen

@ChristopherA

…”Datashard capabilities come in two flavors (and two new URI schemes): idsc: (Immutable DataShard Capability) for fixed/immutable content. Builds on shard URNs. mdsc: (Mutable DataShard Capability) for mutable/updateable content. Builds on Immutable Datashard Capabilities.”

8/26/2019, 6:22:12 AM

Favs: 2

Retweets: 0

Christopher Allen

@ChristopherA

There is a lot more depth in this proposal, and I particularly like the use of ocaps for access control. This paper is one of about 9 different papers submitted about encrypted storage approaches, clearly the hot topic for this #RWOT9 design workshop.

8/26/2019, 6:56:47 AM

Favs: 2

Retweets: 0

Christopher Allen

@ChristopherA

…”a language-neutral AI-hard test that conveys narrative rather than semantic meaning. A flip, “Filter for Live Intelligent People,” utilizes four images. To solve a flip, the participant chooses between two sequences of these images, only one of which makes narrative sense.“

8/26/2019, 7:11:48 AM

Favs: 0

Retweets: 0

Christopher Allen

@ChristopherA

…Different approaches to sybil-proofing pseudoanonymous identies, what I call “Proof of Unique Personhood” has been a regular proposed topic at #RWOT, but never has risen to be a collaborative white paper. Hopefully there is sufficient critical mass to scope one at #RWOT9.

8/26/2019, 7:21:51 AM

Favs: 3

Retweets: 1

Christopher Allen

@ChristopherA

That’s all of my advance readings for today. 30+ to go for #RWOT9, but I’m on track to complete before we begin our design workshop next Tuesday in Prague.

8/26/2019, 7:25:57 AM

Favs: 1

Retweets: 0

Christopher Allen

@ChristopherA

…”The uniqueness of participants is proven by the fact that they must solve flips synchronously. Flips are decrypted at the same time world wide. A single person is not able to validate herself multiple times because of the limited timeframe for the submission of answers.”

8/26/2019, 7:12:36 AM

Favs: 0

Retweets: 0

Christopher Allen

@ChristopherA

…Use cases for attestations of human uniqueness include fair voting, free speech, serverless messaging, permissioned marketing, air drops, and UNI (universal basic income).

8/26/2019, 7:17:01 AM

Favs: 0

Retweets: 0