12B/ Where do We Work on Interop as a Community?

From IIW

Where do We Work on Interop as a Community?

Wednesday 12B

Conveners: Kai Wagner, Andreas Freitag, Hakan Yildiz, Euginu Rusu

Notes-taker(s): Conveners, and Charles Lehner

Tags for the session - technology discussed/ideas considered:

SSI; Interop; governance; Standards Bodies;

Levels of Interop:

  • structural level

  • syntax level

  • semantic level

  • organizational level

General:

  • Testing has to happen in the standardization process, not after.

  • Do we have a place for less technical groups to communicate interop

Useful Resources:

Places where Interop of some type is being worked on:

Between Market and Standards:

CCI - working on a vertical problem related to Covid Credentials

Government Funding:

  • US DHS Grants (this work is done publicly in the CCG @W3C per the terms of the funding) Videos of last interop demos

  • For European-based individuals/independents (incl UK), StandICT

  • ESSIF Interop (EBSI)

  • Canada - User-Centric Verifiable Digital Credentials Challenge (sister project to US DHS SVIP program listed above) - run by Treasury Board Secretariat of Canada (TBS) and Shared Services Canada (SSC) https://github.com/canada-ca/ucvdcc

Adjacent (Q: should we work on interop with initiatives that are not SSI centric, but play a key role in digital identity globally?)

SVIP Plug Fest Links

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps

https://id4d.worldbank.org/guide/interoperability - focused on government issued IDs

Where are we truly trying to solve the same problem? Example would be the potential overlap/alignment of WACI-PEx and some of the HL-Aries Interop Profiles.

“You MUST have a Choice of Policy Managers - Credential Issuers MUST NOT be able to impose the policy manager”

  • Credential Issuers are publishers of claims about Identity

  • Interesting - Credentials may be useful outside of a governance framework but may not be. Example: a valid credit card works on a credit card network for payment - it can also be used for other purposes (e.g. car rental company use CC as a proxy for “is valid human” sometimes). The credit card itself would be of zero use if the Credential Issuer was NOT imposing policy.

Excerpts of some discussions

Heather: I’m independent… don’t have corporate drive… happy to help facilitate work in CCG, but if consensus is that it’s better to do the work elsewhere, recommend follow some of the same beneficial processes as CCG…

… Interop happens where it makes sense…

Brent: difficult to say where introp “should” happen… various considerations… but there seems to be enough cross-polination between standards bodies… WACI-PEx… makes use of little bits of everywhere… successfully… that work began here! Incubated at DIF… A great place to come together is IIW. Maybe have a session about how to get the interoperators to interop?

Kaliya: I’m co-chair of DIF Interop WG alongwith D. Waite and Snorre…

[Sharing screenshot of table regarding interop - “current stack diagram”]

Need vision moving forward…

Andreas: thanks, there is some work like what we have been doing…

Paul: taxonomy of interop… standards require some testing to prove it’s valid… that interop is possible… I believe that must happen as part of the standards process… otherwise it’s too late…

… But other kind of interop: trade organizations give a sticker that you comply with a profile… (e.g. bluetooth)... involves a pool of devices that have to work together…

… I think that must happen outside the standards organization… It can be very sensitive… a lot riding on that interop sticker… “product interop” difficult to disclose in a public forum. Vs “standards interop”... different concept

Andreas: thanks… any other comments/questions/additions?

C. Lanaham: confusion about running program…. Until document about three flavors of verifiable credentials gave us clarity… that’s super-helpful, for that project at least…

Balazs: I work for DIF… To extend on what Kaliya said… from a steering committee level… there is definitely a search for an interim group hosted by DIF… the group wasn’t created as a DIF group but as an effort to work on Interop, to provide initial infrastructure needs… the name was added not because it’s a working group (not IPR protected) but to create trust for outsiders who might not understand it… Group has been meeting for the past 15 months, quite regularly… well-known… could go further with it…

… Question of what standards can do… DIF intends to be neutral on technology. Making specs on more established tech is possible… but doing full-on certification, giving the more wider approval, might not be in the framework of DIF… but if you would like to talk about it, there are many open ears… the steering committee is tackling this question… Reach out to me.

Lucy: To follow up on C. Lanaham’s point… the paper on CCI… the work we’re doing is also part of interop work… but very different from the technical community work… I had a session earlier about CCI sitting in between the technical communities and the mass market… Kaliya has been doing a lot of work communicating complicated standards work… My job is to communicate it to people who are not technical at all… I think there should be another category of organizations that have a position, like CCI, who could serve that in-between role. I notice there are special-interest groups within technical groups… that is great, but very technical-driven still… How can we have actual non-technical groups with people who are not from technical community, and also from mass market? They should play a role in interop.

Kaliya: Verifiable Credential flavors explained paper was possible in part because the year before I was funded to do private research for a client, and then a year later it became obvious other folks were not understanding these critical differences, and I wrote this for public…

… There is another paper that I was working on about exchange protocols - which lead to the WACI-PEx work being catalyzed (Killer Whale Jello Salad). WACI-PEx developed between IIWs and reached version 0.1 completed between the two events…

It seems there is a layer of what Lucy is touching on, that I did by accident with that paper, that is explaining clearly the choice landscape to create alignment among a broader range of stakeholders, so that more interoperability is possible, because more understanding is possible, so choices start to align… Different strategies for interop… but wonder if we can brainstorm key communications/documents, areas of articulation that can be helpful in the same way that paper was helpful last year.

Andreas: Yes… it would be great for everyone to come together….

Kaliya: I’m asking a different question… I think we could try to do that… but there is also an opportunity to write additional papers to help alignment happen that is not getting everyone into one room.

Andreas: At the end of the day, need an objective decision…

Kaliya: Yes… people read that paper and got alignment on objective decisions… More than one way to get alignment?

Andreas: but also a risk the group splits and makes different decisions?

Kaliya: the world is already split.

Andras: but just papers… it’s a good start, everyone can get an overview… but then the next step must be to agree on a way to go, to achieve real interop for SSI implementers…

… I work for Jolocom… I see the pain, because we have to decide which way to go, and we have no clue… Is it the interop where everyone is going, or will it just end up us using it?

Lucy: why you wrote that paper… to help the market understand… like how we wrote that paper on the Covid credential landscape…

… The technical community could consider this approach…

Heather: I like to get real. My real question is, what would be the deliverables for interoperability be? I’m thinking about it… maybe three things. First, the tech. A standard? Or maybe not a standard. I’m in W3C, a standards group… but I know there are other technologies… it’s an open world... not everyone is going to use everything. The tech being used. The beautiful theory in our minds the perfect world. Second, the implmenetation, where it gets hard and ugly… that beautiful philosphy we have gets challenged, we have to get real and make tradeoffs. The third thing: need documentation to support implementers(?). If we were a company, with a CTO, product team, sales, we’d have documentation writers, community manager… If we follow that path, back to my initial question, to be pragmatic, what are the deliverables, or the one deliverable, that we want to do interop? Figuring that out could help us make sense of it. If there’s multiple deliverables, maybe one gets done in one area, another in another area. Strength of W3C is it’s tech-centric, but it’s also a weakness… hard to understand it. What do we want to deliver, for interoperability?

Andreas: Thanks. I have an answer but will save it for later.

Richard: Me too. I work for Evernym… It’s very expensive to test interoperability.. I think it’s worth highlighting the drivers that make it worthwhile. I don’t see there being a single SSI interop standard…. First key: customer demand. Even though I want to test interop, it will only happens when it’s aligned… No vendor lockin, want assurance to interop with vendor X (usually someone large), and third to support some specific use case (e.g. privacy)...

… The thought leadership Kaliya asks about is super valuable…

… Deliverables: most customers just want an assurance (“yeah, I did the test”). Some want a demo, or a spreadsheet (what specific features are supported). Customers have asked me if there is a certification, but there is not a credible one… But if there was a credible one like with privacy-first, I could see us doing that…

Andreas: Then we have to decide as a community, do we want to have chat apps where people can’t talk to eachother, because of different apps (lock-in), or more like email clients (where anyone can write an email client)? That’s the decision… The customer cannot make that decision, because they’re not as deep as we are. We as a community have to decide… If we want the first world, we can stop here and everyone develop their own stack… Otherwise we need agreement. As far as I understand the community and Jolocom, we want the second one - real interoperability, everyone can create clients and they work together. If an issuer creates a verifiable credential, [any verifier can verify it]. That’s my picture of interop…

Richard: important to recognize that email has survived around Slack, etc. Creating choice for interop is valuable… But premature standardization is dangerous, we’ve got it wrong… not confident we’ve got it right now… I’m confident to see what we can get that production adoption with, and then drive those standards through the ecosystem…

Paul: I think the education and making simple explations of the landscape (Kaliya, thank you for that chart)... As an end user, it’s very difficult to understand what is possible, let alone interop… The way we are using the word interop may be different from how it is used in other communities… JSON-LD… two different standards… it’s a decision people made to go different technical groups because they thought one was better than the other… When I think of interop… Same data model… I see our case as a combination of the two… People are still vetting the technical approaches… That disagreement is because we are still trying things out… That’s natural… In the Internet, there used to be a bunch of internet protocols. Because this is a global interoperability challenge, like the Internet, this will sort itself out too… And community.... But if people are trying to interop but unable to, even using the same standards, that’s a standardization issue…

… In front of external audiences in the market, we’re all working together…

… But internally there are still differences of opinions…

… I’m a customer in this business, don’t have a stack necessarily in what’s better or not better.

… Documenting the decisions like Kaliya and Lucy [were doing] is very valuable for end users…

… Challenging for an end-user because we think we have to wait… But end-users want to commit and make purchases… But the understanding the fragmentation may be the best way to make a decision, if it’s in one place, to make own decisions.

Paul B: I agree with other Paul’s comments… There’s always the “11th standard”... people think they have better choices… we have to find the best technical solutions… there will always be different solutions… I would love to have a unified stack… There will always be different stacks… Maybe it would be good to approach interop from the level of incentives… Maybe it depends on what role you are in the VC data model? Wallet vendor may work with everything… but issuer can look at what fits best for their tech stack and use case. Maybe different people in the community have different incentives; this must be regarded.

Andreas: Interop: issuer is also verifier. As verifier, may want to use credentials from others, to speed up process… so as issuer are also incentivized to interop…

Paul B: I agree… the biggest strength that you can use multiple credentials… Makes it difficult for verifiers to provide multiple tech stacks… But there are use cases where I as the issuer don’t necessarily have to be a verifier… Government use cases… usually just providing “identity” not verifying it… may be restricted by regulations…

Andreas: Yes, and no…

TelegramSam: We have to have the same goals and requirements in order to unify on an approach to make that happen. One reason for interop… the community tends to align around philosophical goals… One is whether you believe that zero-knowledge presentations are worth the effort or not… one of the deciding things between communities. If you can’t unify goals, can’t agree on underlying technical stuff… How do we get interoperability to a goal(?) We will reach it in the community with like-minded goals…

Andreas: Really valid point. One of the goals for us: is it a competition? Or a market? Is it a goal of the community to decide on a stack?

Evan W: This seems like a lot of independent players working on this… but there are massive giants… Amazon, Microsoft, Google, cloud providers, big IAM(?) providers, that can shape how this space (standards) evolve… Probably Government projects going on too, all over the world large government practices in Identity. How do we feel about doing interop before they are involved or have declared themselves?

Andreas: I think it’s an argument to move fast and set a standard…

Hakan: What Sam said… having goals for interoperability… very true… many issues happening now in SSI and in how SSI is perceived… One is the fundamentals - public trust infrastructure - decentralized public key infrastructure - decentralized identifiers - have requirements, high availability, …

… But still have disagreement about things like BBS+, envelopes…

… Maybe it could be good to think of like an email client? Complete the same set of [features?] to be used? But what is the ground(?)... verifiable data registries… DIDs…

Evan W: I think that’s fair.

… I would observe IBM’s strategy… they did this long ago, for decades, waiting until the market is big enough before setting their foot in the market… minicomputers… then come in with massive sales, marketing and business relationships, to overwhelm… The pioneers rarely had a chance to survive that.

Andreas: cannot be closing statement… depressing…

Lucy: Covid credentials…. UCC(?) SMART health card, [...]… not strictly verifiable credentials, but some using terms of verifiable credentials. How they are doing interop… Something major, a bigger one showing up… those people will find a way… if IBM has something, and Microsoft has something, and the market is expanding and using it, they will have to figure it out for the sake of the market… DIVOC being adopted by entire nation states… they are doing interop by adding EU DCC(?) to their stack… and also doing VCC… What we’re working on is different paths, that are interoperable with eachother… That’s what’s happening in the market… IBM came to the space earlier on… The world would be different if we all backed IBM… sounds impossible… but can we leverage the big names, already having some market share?

Kaliya: I’ve posted a link to a series that covers the main credential types being used globally…

Lucy: that’s DIVOC… but also…

Kaliya: India… this post writes about it… One reason those folks even know about it is that I went to India two years ago, and met the folks who created India’s national ID standard, and told them about our standards. Human-to-human communication early on, an important strategy to consider.

[break]

… Can our groups collaborate more, at least in an information-sharing sense?

Heather: I wonder if we can bubble this up to our governments… I wonder if we can look to Tim Bouma or Diyak(?) or SVIP Anil, or Oliver R(?)... European organizations that fund things… Those governments have a lot more power than those of us in the room, to enforce regulation, comply with GDPR… and the ability to put money where their mouth is… I don’t know how many of us in this room have deep pockets…

Lucy: Conversations in chat… Implementers trying to do the right thing, to serve the market… Can we shift our energy, to help… get it to market… technical pieces that need to happen in the open? Whether for interop or not... Let’s just see who is doing good work, who can get our tech to be used by more people, look at what they need to get there… it must be developed in the open, I think everyone agrees with that here.

Andreas: Yes, thank you… But still… The people doing interop need a place to align and discuss technical stuff… I haven’t found this place/foundation… not every 6 months but every 2-3 weeks… moving in directions, can we align or not… SSI is still small…

… Can we agree on a place to meet? We have so many places to meet…

Hakan: Kaliya is chair of DIF Interop group… Times are good for European…

Aaron(?): And a mailing list…

Andreas: but aren’t there stakeholders involved?
Kaliya: what do you mean?

Andreas…

Kaliya: … I would love to come to your group… 70 different entities collaborating in Germany, that’s amazing… You should keep doing that, but consider how to connect with other interop efforts.

?: It’s an option… we’ll use that as an update opportunity. Especially because of the current setup that allows anyone to join…

… DIF working group might be a good place to have… that conversation…

… This major challenge of feeling like there is not one place to speak to all the players via one mailing list…. Feels like we’re missing something… Nobody can be blamed, it’s cat herding… but IIW, many players meet. Maybe we can make DIF WG more attractive to others?

Kaliya: propose you come to DIF Interop… I’ll post about it to CCG… It’s not IPR protected, only talking about things people are working on at other places. If we identify a problem that needs solving, that it needs a container…

Andreas: Yes…

… Thank you for this lively conversation! The topic is hot and urgent. Thank you for your input and participation.

Zoom Chat documentation – including links to a lot of the mentioned articles

20:18:57 Von Kaliya Identity Woman an Alle:

Maybe we can work on a list of different places where interop is happening - maybe go around the room and hear from these different efforts.

20:19:03 Von Kaliya Identity Woman an Alle:

Also we need a note taker

20:19:06 Von Kaliya Identity Woman an Alle:

and are we going to recrod

20:22:22 Von Kaliya Identity Woman an Alle:

can you share the slide deck link?

20:22:53 Von Paul DIetrich an Alle:

it session 1 C

20:23:01 Von Andreas Freitag1 an Alle:

https://jolocom365-my.sharepoint.com/:b:/g/personal/andreas_jolocom365_onmicrosoft_com/EYOzZpPMjjZPoLBSzKIqgOIBCPjURAqD58_ku67Eoz0pOQ

20:26:18 Von Bart Suichies an Alle:

Are we considering bodies like EBSI and ESSIF as well?

20:26:29 Von Bart Suichies an Alle:

or, say, ISO ;)

20:26:31 Von Kaliya Identity Woman an Alle:

put them on the list

20:26:50 Von Bart Suichies an Alle:

do you have a link to the notes?

20:27:13 Von Bart Suichies an Alle:

oh never mind https://docs.google.com/document/d/1tiwNrtL6qODC0wehBqU7TW2F0olJSHld5wHHXcR4850/edit

20:27:24 Von Charles Lanahan an Alle:

In addition to US there's also https://github.com/canada-ca/ucvdcc in Canada

20:27:38 Von Charles Lanahan an Alle:

done within the various domains of these groups but focusing on W3C VCs

20:27:47 Von Charles Lanahan an Alle:

(dids and dicomm)

20:28:00 Von Kaliya Identity Woman an Alle:

I don’t think ISO cares or likes VCs and it is so secretive and closed - its hard to interact with it

20:28:36 Von Charles E. Lehner an Alle:

David C is in ISO? and likes VC?

20:28:39 Von Bart Suichies an Alle:

that's the thing with interoperability.. you don't always get to choose your standard ;)

20:28:46 Von Bart Suichies an Alle:

https://id4d.worldbank.org/guide/interoperability

20:28:58 Von Shannon Wells an Alle:

VC=Verifiable Claim or Verifiable Credential?

20:29:09 Von Darrell O'Donnell an Alle:

@Bart - actually in this case we get to pick 5 or 7 from a mixed bag

20:29:23 Von Darrell O'Donnell an Alle:

@Shannon - Verifiable Credential

20:29:26 Von Charles Lanahan an Alle:

Verifiable Credentials mostly but also claims were used in the UCVDCC project and the US DHS project

20:29:34 Von Heather Vescent an Alle:

I can make some comments re: W3C and SVIP and also interoperability desires btwn US & Canada & Eu based on a recent panel.

20:29:38 Von Kaliya Identity Woman an Alle:

ID4D is about getting government records digitized and focused on “government issued ID” almost exclusively

20:30:32 Von Bart Suichies an Alle:

so - interesting question: where does interoperability end? Jus tbecause we might not like how other systems are working shouldn't (imho) render them outside the discussion of interop

20:32:21 Von Bart Suichies an Alle:

note on the DHS funding - the work being done at the CCG is not an explicit term for the funding. Provable interop with the cohort members is however.

20:33:02 Von Bart Suichies an Alle:

the fact that it's done in the CCG has much to do with existing relationships towards CCG by the majority of the cohort members

20:35:34 Von Darrell O'Donnell an Alle:

+1 Heather

20:35:51 Von Kaliya Identity Woman an Alle:

I posted the video to the last one

20:37:44 Von Darrell O'Donnell an Alle:

+1 open, no mandatory fee, IPR clearance, low conflict…

20:38:03 Von Heather Vescent an Alle:

Thank you for my long knowledge share

20:38:21 Von Kai Wagner – Jolocom an Alle:

Thank you Heather

20:38:32 Von Hakan Yildiz an Alle:

Thanks a lot for sharing it with us. Was quite a background information 🙂

20:39:20 Von Heather Vescent an Alle:

I can give more color, if you like, but don’t want to hijack this meeting.

20:39:31 Von Heather Vescent an Alle:

+1 Michael’s point about vendor lock in

20:39:47 Von Heather Vescent an Alle:

Here is a highlight of three of the questions that I asked: https://medium.com/in-present-tense/three-governments-enabling-digital-identity-interoperability-bbcfc60c3a80

20:40:15 Von Heather Vescent an Alle:

Here is the SVIP Demo day Vimeo playlist: https://vimeo.com/showcase/8833272

20:41:07 Von Charles Lanahan an Alle:

https://github.com/canada-ca/ucvdcc

20:41:19 Von Heather Vescent an Alle:

Here’s the SVIP demo week announce, you’ll probably be interested in the blockchain ones: https://www.dhs.gov/science-and-technology/svip-demo-week

20:42:25 Von Heather Vescent an Alle:

Here’s the SVIP post event page with all their links: https://sri-csl.regfox.com/post-svip-demo-week

20:46:33 Von ChrisKelly (DIF) an Alle:

Thanks Kaliya

20:46:49 Von nembal an Alle:

)

20:48:05 Von nembal an Alle:

+1 on Paul

20:48:45 Von Darrell O'Donnell an Alle:

+1 Paul - on a related note, I held a session yesterday about Premature Interop/Premature Standardization

20:48:58 Von Brent Zundel an Alle:

+1

20:49:02 Von ChrisKelly (DIF) an Alle:

+1 Paul

20:49:23 Von ChrisKelly (DIF) an Alle:

+1 Darrell's session was also useful on this

20:49:48 Von Paul DIetrich an Alle:

Kaliya, I saw you copy the link to that spreadsheet but didn’t see it in the chat. Were you intending to share?

20:51:27 Von Kaliya Identity Woman an Alle:

its in the notes document “current stack diagram”

20:51:41 Von Paul DIetrich an Alle:

Thanks

20:53:05 Von Balazs Nemethi (DIF) an Alle:

balazs@identity.foundation

20:53:53 Von Bart Suichies an Alle:

So, who's willing to let go of some of the interop work in favor of a more coordinated approach? ;)

20:53:59 Von Lucy Yang an Alle:

https://docs.google.com/presentation/d/1n6OirMXMJN43PM7VpvypHMecV0J0ILvf0hAZSrPzBDE/edit?usp=sharing

20:55:28 Von Charles Lanahan an Alle:

second that for sure

20:58:27 Von Lucy Yang an Alle:

@Kaliya, you did the paper because the market needs to understand it. So that is a market driven approach we are using at CCI

20:58:40 Von Paul DIetrich an Alle:

Agree there, understanding the standards landscape will help the interoperability process and efficiency

20:58:45 Von Juan from Spruce an Alle:

Threw in another funding source for the Europeans (particularly independents and academics):

http://www.standict.eu/standicteu-2023-5th-open-call

20:58:57 Von Judith Fleenor(ToIP) an Alle:

+to clear communication to non tech people are needed, so they understand the questions to ask themselves the right questions about InterOp

20:59:30 Von ChrisKelly (DIF) an Alle:

seconded Judith

20:59:58 Von Bart Suichies an Alle:

Interoperability comes with opportunity costs of not getting to market, competing with worse alternatives.

21:00:01 Von Kaliya Identity Woman an Alle:

what other topics should paper be written about

21:00:26 Von Bart Suichies an Alle:

@Kaliya - a framework for decision makers..

21:01:20 Von Bart Suichies an Alle:

Interop could be a metric for decision makers. But I feel it's more a means to an end. The end = no vendor lock in.

21:01:25 Von Bart Suichies an Alle:

at least for buyers

21:01:30 Von Juan from Spruce an Alle:

^ INATBA is pretty good at framing things in a policy-oriented way

21:01:37 Von Bart Suichies an Alle:

for users, it might be different

21:02:04 Von Kaliya Identity Woman an Alle:

can you post that good INATBA paper - in the resources section Juan

21:02:06 Von Juan from Spruce an Alle:

Policy-makers that impose firm constraints on funding around open-source, and/or open-standards, and/or guardrails against vendor lockin, make this a lot easier

21:02:32 Von Kaliya Identity Woman an Alle:

the scenarios it paints are great.

21:02:34 Von Juan from Spruce an Alle:

@Kai might be able to get the link faster than me ;)

21:02:55 Von Juan from Spruce an Alle:

these notes are great-- could be a PDF on the dif interop repo unto itself :D

21:03:09 Von Charles Lanahan an Alle:

I thought one good paper (or series of papers) would be a very high-level description of protocols/specs/what have you. That kind of covers

1. The security context the protocol/spec/what have you operates under

2. What they envision as the future if their protocol/spec/what have you will look like (to them) if their protocol/spec/ what have you gains hegemony

3. How difficult/easy that will/won't be based on the current state of technology

21:03:18 Von Charles Lanahan an Alle:

focusing on particular areas

21:03:51 Von Heather Vescent an Alle:

Great thanks.

21:04:46 Von evanwolf an Alle:

interop means trusting those the others trust.

interop means winner-take-all business models can dominate.

interop sucks resources from other features and scale.

21:05:38 Von Kaliya Identity Woman an Alle:

de-gartnerifying analysis :)

21:05:59 Von Charles Lanahan an Alle:

For example. In our project people focused on did:key and did:web because it was a least common denominator among the various tech stacks that our teams had chosen.

1. The context is that we just want to implement software that will work with other current web 2.0 protocols/specs whatever today. Its easy to implement but it gets us to using dids, didcomm, VCs

2. it was chosen mostly because it was the easiest to implement in the time and with the money available. If it gains hegemony the web will operate much as it will today but we have the potential to move to more advanced did methods at a later date.

3. Right now that's pretty good for short term interop but long term it doesn't really gel with the greater SSI community because its not very secure, private, anonymous etc...

21:06:04 Von evanwolf an Alle:

interop is vulnerable to a massive player redefining de facto standards

21:06:05 Von Bart Suichies an Alle:

+1 on richard's point.. most customers just want the shiny certification sticker

21:06:07 Von Bart Suichies an Alle:

  1. iso

21:06:32 Von Darrell O'Donnell an Alle:

My working thesis that any sticker would be premature and turn into a “don’t use that one” mark.

21:06:43 Von Darrell O'Donnell an Alle:

it is just too early

21:06:45 Von Bart Suichies an Alle:

for sure

21:06:52 Von Darrell O'Donnell an Alle:

that sticker will stunt our growth

21:07:02 Von Kaliya Identity Woman an Alle:

what I think I heard is that the Customers of SSI have to care about Interop - and that will drive it to happen.

21:07:17 Von Bart Suichies an Alle:

I'd go one further, is that too much focus on interop right now is coming at a cost where we cannot go to market..

21:07:28 Von Kaliya Identity Woman an Alle:

we have to get to market -

21:07:33 Von Bart Suichies an Alle:

to andreas: or do we never want to have a chat-app at all, because we cannot agree on interop?

21:07:34 Von Michael Shea an Alle:

that sounds also like a very effective way to stunt the market

21:07:36 Von Kaliya Identity Woman an Alle:

CommonPass will eat our lunch with SMART health cards

21:07:44 Von Darrell O'Donnell an Alle:

governments are shifting to open source on areas where “digital sovereignty” is at risk - e.g. UK - https://www.gov.uk/guidance/be-open-and-use-open-source#how-using-open-source-will-help-your-programme

21:07:47 Von Heather Vescent an Alle:

I think there are some problems with being driven from a customer motivation only… because they are profit driven, and that concerns me that the B2B customer really has the values of user privacy and data protection in mind.

21:08:27 Von Heather Vescent an Alle:

+1 Andreas

21:08:52 Von Lucy Yang an Alle:

@Bart, I think it is a matter of short-term and long-term interoperability strategy

21:09:24 Von Heather Vescent an Alle:

But the standards community is more open than technology being built by a private company.

21:09:41 Von Darrell O'Donnell an Alle:

@Lucy - long-term interop testing and conformance is crucial - right now it’s helping guide change and that’s good but not converging necessarily yet.

21:09:51 Von Richard Esplin an Alle:

@heather You make a good point. We can guide our customers to focus on privacy (which is getting easier year-by-year), but at the end of the day, we have to stay in business.

21:10:18 Von Bart Suichies an Alle:

@lucy - true, but there's also a foundational point: we can be directionally in agreement, but operationally competing. Why not let the market decide on what the de-facto standard might be?

21:10:18 Von Lucy Yang an Alle:

@Heather, the idea is to understand what they are thinking and what they want to achieve and build things in a way that help them achieve goals without compromising the principles. And agree with Richard, a lot of guidance needs to happen.

21:10:43 Von Heather Vescent an Alle:

@Richard, right! And I don’t fault your corporate perspective. But it is not the only one, and it contributes to a capitalist perspective that is not necessarily supportive to human existence.

21:11:13 Von Kaliya Identity Woman an Alle:

right now folks are keen to do JSON-LD but finding it hard - like walking on broken glass … so that doesn’t seem like a recipe for success unless we really focus and make it substantially easier.

21:11:22 Von Lucy Yang an Alle:

@Bart, you are assuming market force will lead us to a good place, which is a very dangerous assumption.

21:11:33 Von Balazs Nemethi (DIF) an Alle:

+1 lucy

21:11:52 Von Richard Esplin an Alle:

I absolutely agree that there are some solutions which, though potentially lucrative, should not be brought to market. But solutions have to serve the market to survive.

21:11:57 Von Bart Suichies an Alle:

nope, rather the opposite: I'm assuming that focusing on interop for the sake of interop will never let us get from our current place to begin with.

21:12:02 Von Judith Fleenor(ToIP) an Alle:

+1@lucy

21:12:21 Von Darrell O'Donnell an Alle:

@bart - agreed, we’ll end up interoperable and not adopted anywhere meaningful

21:12:23 Von Bart Suichies an Alle:

And this is coming from an incumbent view where I see 10/15 year vendor-locked-in contracts being pushed

21:12:37 Von Heather Vescent an Alle:

@Richard, there are other paradigms…. broad governments infrastructure investments that do not care about what the market wants. They are the backstop to market failures.

21:13:00 Von Bart Suichies an Alle:

the SSI community has a decision to make in that sense: we can be PGP if we don't compromise on our ambitions. Very valuable for 7 people.

21:13:02 Von Heather Vescent an Alle:

So both paradigms must survive and co-exist, and they can and be very supportive of each other.

21:13:02 Von evanwolf an Alle:

If we are talking interop, are all the players who can (and are likely to) shape this space here at IIW?

The biggest IAM vendors (Okta et al) and cloud API services (msft, goog, aws) seem missing here. Same for US federal government, and proxies for the billion-person regions.

21:13:31 Von fundthmcalculus an Alle:

https://xkcd.com/927/

21:13:43 Von Bart Suichies an Alle:

I'd like us to go to market with better solutions, in the realization they are (nowhere near) perfect

21:13:58 Von Darrell O'Donnell an Alle:

@evanwolf - they are well served by OIDC and looking at OIDC as the solution.

21:14:20 Von Bart Suichies an Alle:

the conversations I'm hearing is about how this is all 'conceptual' , 'not seriously in production', etc..

21:14:40 Von Richard Esplin an Alle:

@heather Agreed. Government investment plays an important and valuable role in shaping the commercial market. But my interop efforts are going to follow those trends, instead of trying to set those trends.

I've tried to set those trends for three years, and it hasn't been effective.

21:14:42 Von Lucy Yang an Alle:

@Bart, that is the approach we have at CCI. We still need to talk about interoperability, but it doesn’t have to take up our whole day.

21:14:48 Von Bart Suichies an Alle:

which might not be entirey true, but it's a very real dynamic

21:15:05 Von Heather Vescent an Alle:

@Richard, fair enough.

21:15:08 Von Judith Fleenor(ToIP) an Alle:

+1 @evanwolf… I’ve been wondering that about the traditional IAM vendors as well. At least Ping was here yesterday… but their view of what a VC and InterOp is is very different that this conversations.

21:15:34 Von Kaliya Identity Woman an Alle:

David Waite that I co-chair the interop group at DIF is from Ping

21:16:18 Von Kaliya Identity Woman an Alle:

Okta isn’t really “engaged” in any way that i know but they are on the edge of the community - Vitorio from Auth0 was here presenting the OAuth 101 session.

21:16:50 Von Heather Vescent an Alle:

+1

21:16:54 Von Michael Shea an Alle:

@PaulB You have assumed that Gov are not going to verify other kinds of data that are tied to a DID/VC. Cross border shipping of goods is a good example of where they will be in a verifier role.

21:17:04 Von Richard Esplin an Alle:

+1 Sam:

I'm feeling good about the BBS+ approach in Good Health Pass. Previous standards provided fundamentally different technical capabilities that prevented us from accepting them even if the DHS pushed them.

21:17:18 Von Kaliya Identity Woman an Alle:

mDL was built by issuers for issuers.

21:17:36 Von Juan from Spruce an Alle:

^ They're pretty aligned already

21:17:43 Von Paul DIetrich an Alle:

+1 Sam. Goals are sometimes driven by end user requirements. For example B2C versus B2B might need totally different requirements which lead to different stacks/solutions etc.

21:18:17 Von Kaliya Identity Woman an Alle:

who isn’t in this room - MSFT

21:18:24 Von Kaliya Identity Woman an Alle:

they are definitely doing “something”

21:18:45 Von Kaliya Identity Woman an Alle:

(they are at IIW) but they definitely have their own path/strategy

21:19:10 Von Hakan Yildiz an Alle:

Maybe we should create a IIW level goal setting for the SSI interop

21:19:30 Von Kaliya Identity Woman an Alle:

WACI-PEx was motivated by moving faster together to be the killerwhales to kill the otters.

21:19:41 Von Richard Esplin an Alle:

MSFT have been participating in TOIP Good Health Pass. That's part of my optimism.

21:19:53 Von Michael Shea an Alle:

@Kaliya, I like otters!

21:19:53 Von Bart Suichies an Alle:

as did IBM

21:20:33 Von Kaliya Identity Woman an Alle:

MSFT was not involved in Good Health Pass (they drove the competing SMART Health Cards) MSFT is definitely not in ToIP

21:20:33 Von Bart Suichies an Alle:

+1 on sam.. think you need to dive deeper as well on that one - what's the incentive design for the community and the individual (orgs) that are part of it

21:21:39 Von Kaliya Identity Woman an Alle:

what they (MSFT) do understand is developers and their needs - and SMART cards do that in spades - cause JSON blobs are EASY

21:22:40 Von Darrell O'Donnell an Alle:

SHC is “good enough” for the job right now. It met the market with a solution that filled the urgency need. Privacy commissioners are starting to push back and say “won’t do that again” but that’s going to take time.

21:22:42 Von Juan from Spruce an Alle:

nothin' easier

21:22:47 Von Kaliya Identity Woman an Alle:

IBM was very involved in Good Health Pass and was a good actor there - doing their best to have the better privacy preserving version win .. but the technical details don’t matter.

21:22:47 Von Heather Vescent an Alle:

LOL, yes, I give up. Everyone will do their own thing and there is nothing we can do about it.

21:22:51 Von fundthmcalculus an Alle:

+1 to MSFT understanding devs.

21:23:14 Von Bart Suichies an Alle:

To the earlier point on product-thinking: Do we have joint metrics for success as a community? (as in x million credentials issued, xx million users, etc)

21:23:21 Von Heather Vescent an Alle:

Those who want to do introp will, but many others will not, and a whale could completely overturn all smaller efforts.

21:23:52 Von evanwolf an Alle:

IBM (1940s to 2000) used to wait until a market was big enough (about a billion dollars annually) before entering a space. Then would overwhelm the pioneers with better sales forces, scale, business operations, and brand trust.

Today there's a chance for small players in a new space to redefine things and get scale before incumbents can respond (Zoom comes to mind).

21:24:21 Von Kaliya Identity Woman an Alle:

more about DIVOC - https://www.lfph.io/2021/10/13/divoc/

21:24:56 Von evanwolf an Alle:

The point of interop in a nascent space like this is to reveal our hidden assumptions and to converge on better architectural and governance choices.

21:25:08 Von Lucy Yang an Alle:

https://www.lfph.io/2021/10/12/global-covid-certificate-landscape/

21:25:21 Von Darrell O'Donnell an Alle:

DIVOC = COVID backwards too

21:27:01 Von Judith Fleenor(ToIP) an Alle:

+1 Human to Human communication!

21:27:10 Von Heather Vescent an Alle:

If you are interested in other standards orgs - Andrew Hughes is doing a presentation on mobile drivers license using ISO standards.

21:27:30 Von Balazs Nemethi (DIF) an Alle:

+1, there is a change DIF will come up finding ways to speed up certain test suit developments. :)

21:27:40 Von evanwolf an Alle:

"IIW Opens Hyderabad Embassy"

21:27:43 Von Judith Fleenor(ToIP) an Alle:

What time his Andrews session, I thought it was early this AM.

21:27:45 Von Judith Fleenor(ToIP) an Alle:

??

21:27:53 Von Darrell O'Donnell an Alle:

Andrew is doing Part 2

21:28:05 Von Darrell O'Donnell an Alle:

1:30pm PT - Room A

21:30:31 Von Kaliya Identity Woman an Alle:

what is wrong with the DIF interop

21:30:33 Von Bart Suichies an Alle:

The great thing about SVIP is that is was a forcing function.

21:30:35 Von Kaliya Identity Woman an Alle:

we meet every week!

21:30:41 Von Heather Vescent an Alle:

I can offer the CCG at the W3C.

21:30:43 Von Hakan Yildiz an Alle:

Nothing its great 😄

21:30:49 Von Sandeep Bajjuri an Alle:

@evanwolf: I am surprised to see the name of the city I come from. What do you mean by IIW opens Hyderabad Embassy

21:30:57 Von Heather Vescent an Alle:

We have a strong track record of technical discussions.

21:31:01 Von Balazs Nemethi (DIF) an Alle:

Indeed, Interop WG meets every week

21:31:14 Von Balazs Nemethi (DIF) an Alle:

Let’s repurpose accordingly!

21:31:21 Von Balazs Nemethi (DIF) an Alle:

(Yes there is mailing list)

21:31:26 Von Juan from Spruce an Alle:

ALL?

21:31:27 Von Heather Vescent an Alle:

No, not all stakeholders are in DIF.

21:31:27 Von Lucy Yang an Alle:

Probably finding one place to discuss this is as difficult as finding one standard for interoperability : )

21:31:32 Von Heather Vescent an Alle:

And also DIF doesn’t do standards.

21:31:38 Von Bart Suichies an Alle:

D +100 Lucy

21:31:48 Von Heather Vescent an Alle:

SVIP interoperability doesn’t do their work in DIF

21:32:06 Von Bart Suichies an Alle:

like companies, communities also ship their org-chart

21:32:15 Von Juan from Spruce an Alle:

^^

21:32:24 Von Heather Vescent an Alle:

+1 to Andreas inviting everyone to *your* meeting

21:32:30 Von Bart Suichies an Alle:

you cannot be a community about decentralization and expect to align on 1 standard :)

21:32:31 Von Michael Shea an Alle:

+1 to DIF group

21:32:34 Von ChrisKelly (DIF) an Alle:

https://lists.identity.foundation/g/interop-wg/

21:32:36 Von Hakan Yildiz an Alle:

+1 as well

21:32:37 Von Kaliya Identity Woman an Alle:

DIF interop group does not “do” standards development

21:32:54 Von Kaliya Identity Woman an Alle:

SVIP is mandating standards development for key interop things that is happening at CCG

21:32:59 Von Kaliya Identity Woman an Alle:

which is great

21:33:01 Von Kaliya Identity Woman an Alle:

all needed

21:33:09 Von Juan from Spruce an Alle:

VC-API, for example, NEEDS IPR

21:33:15 Von Juan from Spruce an Alle:

API design is very patentable

21:33:29 Von Juan from Spruce an Alle:

but interop PROFILES, testing harnesses, etc don't

21:34:07 Von Juan from Spruce an Alle:

SVIP defines interop as a royalty-free, common, open API

21:34:22 Von Kaliya Identity Woman an Alle:

So - lets have you come and present in the next few weeks.

21:34:30 Von Bart Suichies an Alle:

Well that's sorted then ;)

21:34:38 Von Charles E. Lehner an Alle:

Thank you for the session. You might want to copy-paste the chat log into the notes

21:34:42 Von Richard Esplin an Alle:

Thanks for leading a lively discussion!

21:34:43 Von Juan from Spruce an Alle:

BART ON DIF INTEROP

21:35:08 Von Balazs Nemethi (DIF) an Alle:

To get an introp wg invite, shoot me an email to balazs@identity.foundation

...