#RWOT9 begins in Prague on Tuesday, giving me 5 more days to share the rest of these quick summaries and my thoughts on the 50+ topics that have been shared as advance readings for our design workshop. github.com/WebOfTrustInfo…

TOPIC Establishing level of assurance with verifiable credentials and the need for a human centered design exploration KEY CONCEPT Previous generations of digital identity systems relied on trusting a single issuer. What if we rely instead on many issuers? github.com/WebOfTrustInfo…

…"we would like to explore the idea of establish levels of assurance, which will no longer be tied to single issuance processes, but also to a multi-source verification processes."

…"As verifiers are almost always also issuers, there is a common interest in keeping costs of such systems down, driving the development of open standards to cater to interoperability rather than differentiating on individual levels of assurance"

…"start the conversation around how could a distributed reputation system of issuers might prove as useful as their counterparts for centralized systems (ebay, amazon, etc..) and whether and how they can best be used when establishing levels of assurances"

…"to establishing a high level of assurance of verifiable credentials, the reputational distributed system needs to be reliable & robust against liar issuers but as well incorporate in the protocol the capability to ask for extra credentials if…(assurance level not) reached."

…"This network effect fundamentally shifts the power balance from centralized issuers, or federated identity managers, towards individual ID holders. The trade-off here is 1) the ease of compliance and 2) automation of services across contexts in an ever expanding ecosystem."

…"Putting the ID holder at the center of an identity system comes with great opportunity, but also introduces new risks and barriers to adoption. Many of these are non-technical and such, should be explored in multi-disciplanary way."

…"How to prevent the unwanted sharing of credentials in a case where there is a power difference between a service provider and a citizen that would like to have access to a service? Is there such a thing as freely given, informed consent?"

TOPIC Decision Making with Verifiable Credentials KEY CONCEPT "How to use trusted sources of data to learn about the ‘other’ side, or counterparty, and how to justifiably decide whether or not to engage…with the said counterparty."
github.com/WebOfTrustInfo…

…"Customer assessment forms a large component of the mortgage application process…The phases of information gathering and decision making are best not viewed as separate but as feeding one another in a cycle, until a final decision can be made with enough confidence"

…"Our motivation is the desire to improve current mortgage decisioning and ultimately the whole property transaction process resulting in property purchase/sale."

…"Areas we would like to see improvements in mortgage decisioning are as follows: speed & ease of use…transparency…minimal intermediaries…accuracy…collaboration"

…""From a decision requirement we can derive a decision strategy that describes how we can reach a decision outcome that satisfies the requirement. A decision strategy consists of information requirements and decision logic."

…"Multiple decision strategies can exist for the same decision requirement where some will be better than others in different circumstances."

…This paper goes on to detail decision making using Verifiable Credentials as well as support decision transparency. This use case is well thought out and I look forward to seeing how it evolves.

TOPIC Preventing Transferability with ZKP-based Credentials KEY CONCEPT Some claim ZKPs are unsafe because they can be transfered by also sharing the link secret.This paper presents how to safeguard ZKP credentials to prevent abuse. github.com/weboftrustinfo…

…The paper begins with a brief overview of what a ZKP-based credential is, then shares several different techniques to allow for adjustment of anonymity, vulnerability, and transferability.

…Techniques are "Richly contextualized presentation requests…Prevent Link Secret Reuse…Require Link Secret Continuity…Commit a DID to a Link Secret…Biometrics(strong disclosure, weak disclosure, permuted disclosure)…Provisional Anonymity…LinkSecret Bond…Financial Escrow"

…"ZKP-based approaches to credentials are undoubtedly imperfect, because they are young. However, there is no evidence, either anecdotal or rigorous, to suppose that ZKPs are inherently, uniquely vulnerable to trust problems. (there is a) long & rich history of clever solutions.

…"The best way to serve community interests with respect to ZKPs and credentials is not to fear them. It’s to embrace them, and get on with the business of making them better and using them well."

TOPIC Secure Data Hubs KEY CONCEPT "We store a significant amount of sensitive data online such as personally identifying information…The data that we store should be encrypted in transit and at rest but is often not protected in an appropriate manner." github.com/WebOfTrustInfo…

…There are other projects that are working on various approaches for encrypting data at rest "It is one of the goals of the Secure Data Hubs specification to find commonalities between these projects (and others) and attempt to standardize them."

…"The simplest and most straightforward (and correct) solution is to decouple the application from storage…One could argue that Operating Systems vendors were the first to get this right in the 1970s, 1980s, and 1990s. File systems of that era separated the storage between…"

…"… the application and the file system, enabling interoperability at a data file layer…only when global networked computing expanded that…shifted to siloed data away from the customer's reach, largely due to the business models that drove the expansion of the Internet"

TOPIC SolidVC: A Decentralized Verifiable Credentials Management System KEY CONCEPT "enables the unilateral issuance and presentation of credentials by anyone running the software locally, as well as verification of these credentials" github.com/WebOfTrustInfo…

…"SolidVC (is a) a decentralized implementation of the Verifiable Credentials specification that leverages various ontologies, protocols, and specifications of the Web to deliver a robust and extensible credentialing system."

…"SolidVC consists of a number of well-defined protocols for handling credentials. In this section, I will outline these protocols in detail. Setup…Request…Issuance…Sharing…Verification…Revocation…"

…"There are a number of improvements that I envision for SolidVC…One-to-many SolidVC-Solid account mapping, Extended RDF, serialization support, Issuer Discovery, Credential persistence, Credential expiry support, Command line interface, Overall extensibility"

…I'm glad that the W3C Solid community has representation at #RWOT9. It has the backing Berners-Lee, the creator of the WWW, and some really good web-based foundations that the more blockchain-oriented approaches lack.

That's all for today. Another 20 or so advance readings remain to summarize before #RWOT9 begins in Prague on Tuesday.