Home < Rebooting Web Of Trust < 2019 Prague < Weak Signals

Weak Signals

Transcript By: Bryan Bishop

Weak signals exercise

Group 1: Decentralized

Decentralization is a means of preventing a single point of control existing.

Group 3: Cloud

We picked a term preventing decentralized identity. The one that resonated for us was “cloud”. We equated the “cloud” with the idea of centralized convenience and value creation that businesses and individuals look at the cloud as a great place to be because it’s cheap and convenient and all of your dreams are answered in the cloud. You can buy anything you want, and host all your services. What’s not to like? To like decentralized systems, people have to get past the cloud. The problem is that the cloud is too good.

So what does that mean? One of the places that cloud fails because it’s centralized is in trust. As a trust transaction cost, there’s an opportunity for an economy around trust. This is a business incentive to not be in the cloud and be decentralized instead, which lowers the trust transaction cost. This means more business models for cooperative capitalism or ergoditic economics which deals with the survivability of your utility theory decision making, and this also plays into generative identity, which is the idea that the internet was originally designed to be an hourglass shape where there was a narrow waste band for protocols and watching edge content on either end. We need to build trustworthy secure system. The internet always had the problem that its connectivity meant its vulnerability. With decentralized identity, we can solve the vulnerability and main the connectivity and generativity of value.

Group 4: Identity

Everyone has their own definition of identity and it varies by context. We didn’t really attempt to come up with a holistic definition for identity. We started talking about it as an emergent property, like digital machinery has an emergent property per use case of a group of attributes. These attributes really only make sense in a context. Define what identity means, which should be easy if you know what your use case is. We also talked about identity in another way, incorporating the notion that identity is the total sum of all self-identities as well. We also talked about pets and dogs and learning names and associating names with things.

Group 5: Trust

We picked an unambiguous term that everyone agrees on, which is trust. What we came up with was trust like high trust, low trust, no trust, complete trust. It’s the degree of certainty in systems and people. Human-developed systems are trust centric. That’s the basis of it. It’s a degree of certainty in the behavior of technical systems, and of individuals and all the ambiguous layers.

Group 6: Decentralized

We also came up with decentralized. It seemed a big enough problem and we came up with it on our own too. It’s very much a branding name that is thoughtlessly thrown about. There’s no good understanding between distributed and decentralized. Also, decentralized is absolutely not an absolute. There’s two different definitions.

  1. Politically decentralized: a system whose goal is to maximize the number of entities that have to act badly to corrupt a system. A system achieves a level of decentralization, not an absolute.

  2. Logically decentralized: a system that seeks to minimize the number of entities that have to agree on any one single decision.

Group 7: Interface

We picked the term interface. It’s the thing that the rebooting web of trust community doesn’t understand and handwave about. Some subcategories include technical interfaces like APIs, GUIs which I think are pretty much not understood at all. We need to envision the application in our mind. Also, workflows- how do government employees use these tools and what are the workflows people go through? Once someone uses an interface and use it for a little bit, they will assume that is the only interface ever possible ever. Look at browsers and Mosaic and how hard it is for people to move past an interface once they see it. Like the little blue links.

Group 9: Self

I misheard you and thought you said “dorkflows” instead of “workflows”.

We wanted to dive into the definition of agency and got stuck. So agency connects to trust and all of these different things. We couldn’t do it. We realized agency is really about self. Self-sovereign identity has had big conversations about identity, sovereign, but never had a discussion about self.

So self is a subjective perception of where one’s agency begins and another one’s begins, where consciousness emerges and persists and thus is able to sense, perceive, interpret, decide and act.

Another one is qualia, which is a perception of self. We have a debate going on about whether or not organizations have qualia.

Group 8: Identity and fiduciary duty

We had two major discussions. We talked about identity and that Identity is unknowable and a moving target, but some people are trying to reach it asymptotically even in our minds to “know you better than you know yourself”. We did have that conversation. Small i identity is some sum or some part or collection of assertions that one subject makes about another. So you can have, sort of, a factorial of however many assertions are made about a subject. That’s the number of identities a subject can have.

The second one we talked about is fiduciary. Can the community please use the legal definition of fiduciary? Fiduciary duties in a financial sense exist to make sure that money managers are acting in their beneficiary’s best interests. It’s the legal obligation of one party to act in the best interest of another. The obligated party is a fiduciary. It’s someone trusted to act in the other’s best interest. We want this term to be used as it is defined. We need criteria by which this definition is used in the community.

The fiduciary needs to be suiable, an actual entity or organization. If they are not suable, then they are not a fiduciary. You can’t sue software.

Group 10: Compliance and pairwise

We had a tie. Of the two, the one that we think is having the least amount of conversation is compliance. Specifically these decentralized verifiable credential frameworks- how do they do compliance with international standards like GDPR and national standards like the US NIST standards? How is compliance going to help and hinder adoption? It also has to rely on legal terms in order to define compliant better.

The runner up weak signal we discussed was we want to see more conversations about pairwise vs public. Various communities have emphasized that they want to be able to do pairwise ephemeral identifiers per relationship, but this also needs to be balanced with the use cases for stable public personas that are discoverable. Both are important, and we want to see discussions about best practices on how to balance both.

Group 2: Delegation

We went for delegation. It’s related to fiduciary, but less in the legal sense. Delegation is the assignment by some authority to another party to carry out some activity. Delegation is given and originated. It’s also contextual, and it’s revocable.