 Hello there. Hi. I wonder how many people we're going to get today. Oh, are there fun things happening today? Summer. Well, on the east coast, the first full day of summer is rainy and cold. Oh, really? It's actually, it's actually a stunning day in Ireland. We've had very good weather for the past two, two and a half weeks, which is exceptional. Wow. Normally like this. But I also was stuck in meetings till 2am last night. So dear. Wow. That's a day. Are you getting, are you, are you able to get away anywhere this summer? No. It's a small company. We have somebody who's going on maternity leave. So I will be working. Can you take your work to the beach at least or, you know? Yes, I can do my work as long as I'm on US. Governance. So yes, I could. Okay. Cause that's, that's what I did. You know, I actually, I used to love June because fire, you know, we friends had a place in fire island. Kismet. Oh, lovely. And it was, it was like 200 a week. And nobody was out there. So I would just go out there for three weeks at a three or four weeks in June. And well, three weeks in June. And it was great. It was, it was just, it was beautiful and tranquil. And so I'm missing that, but hopefully fingers crossed next week. I'll be there. For the July weekend. Amazing. And it's like an extra long weekend. Yeah. Well, there's, there's, there's, there's an awful lot of logistics required. To be, to actually execute in order for that to happen. In terms of the elder care stuff. So. Yep. Well, I, I am rooting for that to happen. Me too. All right. We can give people another minute or two. I don't know. As you said, how much we're getting here. But we'll see. And if nothing else, we can go through the white paper. Yeah. In a very productive, small working session. Yes, exactly. Let me just updates. I was working on the notes. Feverishly messaging. For right, Jones. I, I've got it here. I've got a feeling like the, the, the, the, the new system of connecting to the meeting might be like, I just, I, I was, I got in through Helen's, you know, I'd looked up Helen on the, on the calendar and so, and then copied from her, just clicked on her meeting invite. Cause my one seems to be stuck in. H land. Yes, agreed. Even I had issues. Into the zoom today. I could not agree with you more. It's a little hard to. Find like, where's the calendar, even if you just go to hyper ledger, like the calendar of events is kind of. Hiding when you. I hang on. We've got to check this. My cardia meet. Simon is struggling. Hold on one second. Sure. You want me to put it, I can put it in the cardio chat. Yes, please. I did it on Slack. So if he's there, then. He will find us. I know that's not our official tool anymore, but. Yeah, I got a feeling last night. Knocked out a few people on the. In mountain, in on mountain. Oh, there we go. We've got Ken. Hello. Good morning. Good morning. How are you, sir? Tired. Oh no, no, that actually wasn't. Yeah. No, it's easier for them. Easier for the, yes, it was. Japan. Hi, Simon. Welcome. Hello. How are you? I'm tired. Yes, I hear, I hear there's a tiredness spreading among the team. Okay. Alrighty, I think we probably have who we're going to have for today. And we have some. Team editing we're going to do. So I'll, I think I can start recording. Unless it's already recording hard to know. Nope. I think we might already be recording. So. Excellent. We can jump in to. Today's housekeeping. Let me share my screen. Alrighty. So. As we have discussed, we've moved all of our housekeeping things over to the hyper ledger official toolkit. So here we are. These are the meetings for today's meeting. Welcome June 22nd. Cardia meeting. We have on today's agenda to discuss the Cardia white paper and make appropriate edits and updating to that. And I think we're on the move right now. That we're a part of the hyper ledger family and have been working on sort of repositioning Cardia in this space. We also need to just briefly cover the antitrust policy, which is hyper ledgers antitrust policy. We're not talking about explicit business opportunities here. But speaking more generally, if anybody has concerns, please let Ken or myself know. encourage participation from all people, all participants, and that this is a safe space for ideas and discussion. If anybody has concerns with that, again, you can reach out to Ken or myself or through Hyperledger directly. So, as I mentioned, today's agenda, we've had a series of really wonderful guest speakers, and we hope to have more come and enlighten us about the work they're doing in this space and how it may align with the work that we've started here at Cardia. But today's session is really to revive that white paper that we wrote at this point, I don't know, a year or two ago? It's been a while? Might feel like two years, but it was a year ago. A year, okay. Well, it's ripe for review, and so we're going to dive into that and then outline our sort of coming goals as we enter the summer period and what we want to do with all this wonderful information that we've been gathering. Is there anybody that would like to introduce themselves today? I think we have a small crew and mostly familiar, so if you want to say hi, please do. Otherwise, we can jump into it, I think. Okay, let me share my screen. Excellent. So, I'm sharing it in Acrobat because it's going to look a lot easier on the eyes. Problem with Google Docs is it automatically sizes to considerably less than the real size and then people struggle to read and then they say, the font's all wrong and why are you making it so small? And it's because Google has rendered it at 56%. So, this is not something that can be edited necessarily, well, it can, but I wouldn't advise editing directly. I will take notes. Okay. So, broadly, the goal of this is to brand as Hyperledger, well, we needed to brand as Hyperledger, but also to, you know, a lot has happened in the last year. We've, and the text needed a refresh, additional elements needed to be put in, and so here goes. So, one difference to the past, white paper is the credits have been moved to the front. And we've also credited, we've tried to do a better job on crediting, so. Excellent. And does this include, in the credits do we need to include, I guess it's more history, the life cycle that we've went from Linux Foundation to. Yes. Well, Linux Foundation, public health for its encouragement, initial support of the cardiac project, and in particular, Jim Sinclair and Jenny Wenger. Is there anything, do we need to say more than that? I think that adequately covers the past, and then the next paragraph covers the Hyperledger foundation for pulling us into that. Excellent. Okay. Moving on to page three. So, this is an overview. It's not, I don't think it's, it's not significantly, I mean, there's some tweaks, but it's not significantly changed to the, versus the previous overview. Again, it notes the move to Hyperledger labs. This calls it machine readable governance rules at the very last paragraph is where I see that. Do we need to update that? Do decentralized ecosystem governance? I mean, if you're not in this, maybe machine readable governance means something, but we've like branded it now. So, I'm not sure I'm remembering correctly some other thing, but until the specification is formally, I think, adopted by the Diff, then decentralized ecosystem governance is in some kind of limbo as a term. Okay. And I think this is lower case machine readable governance, right? It's like the fact that it's being done by the computer neutrally potentially. I think that's fine. I just wanted to call it out. Yeah. We're about a week away from ratification of this, of the first draft of the Oh, really? First version of the machine readable governance. So, I think just need to take that into consideration if you want to line up with that or not. Maybe we need to, maybe we leave it in this page and then I don't know if we talk about machine readable governance anywhere else. We may want to transition and explain that, but that it's now under, you know, that it's under the Diff and things like that. There's a lot. So, one of the things is there's the section on machine readable governance slash Dgov has been updated. Okay. So, we get to that imminently. Anything else on page three that, okay. Well, that's just the contents, mission and background. This is the text here has been tightened up over the previous version. I think it looks okay. Can we pause for a second and just also establish the goals for reviewing this? We want to sort of shift to hyper ledger because it may be received by an audience now for the first time as a larger audience and get some excitement going. Those are the two goals. Well, also bring it, you know, bring it, you know, renovate in light of the previous year and with fresh eyes on design and communication. So, new graphics, et cetera, et cetera, which build on changes that have taken place over the year so that it's a fresh coat of paint with some additional, with an additional extension, couple of extensions. Okay. In the second to last paragraph on that side, it talks about to adapt and function for sharing and verifying multiple kinds of health data. I think put insert in there including consent. Okay. Otherwise, people might assume that it's just clinical data. Gila, what's your thought as a medical professional? What do you think? I think that's fine. I think that makes sense. And I don't know if we want to add more than that because we haven't delved into those use cases extensively yet, but I do think the consent conundrum is a well known problem. Well, yeah. And I mean, I suspect when we have a worked out how to deal with consent, we will need to do a version three of this with an additional, with a section on that. But I suspect we don't have a huge amount to say about how that is technically soluble at this point. Okay. Mark, I count, well, that was a question more so than a statement. I think adding a mention is fine, but you're right that more elaboration will be needed when we fully flush out a consent use, like a consent capture and release use case. So this has been expanded a little bit. That's good to me. Yep, agreed. I'm sorry. I'm taking a couple of minor notes. So this is new. Again, it sort of illuminates a section that we had. So this is an addition. And the message this is delivering. The thing is that for medical, most of the data will be personal data regardless of its source. So this one is less. There are some organizational credentials that are indicated, but the type of data that we're dealing with generally pushes towards making the personal data really large and the other data really small. So acts this graphic? Well, I'm still confused about exactly what the message is that it's trying to convey. Is it saying that a verifiable data could be any one of those little dots? Yes, verifiable data point. Yes. And the left half of the diagram up to people, organizations, machine sensors, connected data makes much more sense for Cardia than the right half of the data. Okay. So just remove the right half of the slide. Yes. The part at the bottom, the interoperable preserving and all that, that makes sense too. And you could just get rid of the bubbles at the top of the side and move the interoperable and other stuff as attributes of the data or descriptions of our qualities of the data. And one ledger right equals, I'm not sure. Unlimited digital identities holding that data off chain and verifiable credentials. So you kind of contrast how much has to go on the ledger in some ledger systems, ledger systems, all the data goes on the ledger. And in Cardia, the keys go on the ledger and all the data goes to the off chain wallet. But that isn't clear. Okay. For those of us looking at the slide for this first time, I would say I missed that memo. Okay. That's a really good feedback because that helps. I think we need to show the dots off the ledger if that's the point, right? Put the personal PHI dots on this page. Put the ledger on the left underneath the one ledger right and then say all the rest of the data is off ledger. Put one dot going to the ledger and all the rest going into the wallet is that kind of captures what? Yeah, exactly. You're trying to say that you do less on the ledger when we're talking about this because it's decentralized and it's held by the holder. But all these dots are sitting here on the ledger. I mean, it's just that I don't get the point of the one ledger right equals all these dots. Yeah, you don't see the one ledger right dot anywhere or the ledger anywhere. And so you can't see that the other, this big cloud of dots is off the ledger. Right. It's pretty. I like the idea of the slide, but it didn't deliver the intended message. Sorry. That's okay. That's what we're here for. So this is again, slightly changed, mostly the same, but more tightly edited. Oh, this is fun history. I'm learning new stuff. So are you telling me you didn't read the first one? Arpanet. I don't think Arpanet was in the first one. Is there any value in that second column? It's talking about email as a central identity. Is there any value in mentioning the security there as well that like that email provider in theory has access to all of their stuff because it's centralized and housed by the that third party? I let others adjudicate on that. Yeah, the fact that it is stored in a database by the provider makes it subject to tax and disclosure, you know, internal and external. Right. It provides the access to the email provider to observe all your data and also makes a target for hackers. Okay. I love that. Well, you in the second paragraph already make the database and attract the target for crime, but the key is other point is that the data is also available. Email provider is a unique statement. Right. Do we define federated identity? An authenticated login to a user profile on one platform enables, do we need to do any more explanation of that or do we think our readers will connect those dots? Should I just say, I mean, should I say such as Google or Facebook? Yeah, Google email, using your Google email to log into a different thing to something totally unrelated. I don't know how to phrase that better, but something using your Google email to log into other services. Yeah, just so that there's no room for gaps in interpretation there. Okay. Moving on. Move on. I think we, in the first column of comments, I think we need to be clear, because we still have an issue, there's still an issuing, right? There's an issuer of the credential. Why is that different than the federated one? And I think adding a sentence or two to highlight that it's like issued and now in the ownership of the holder to then reuse in a disconnected way, except to verify that trust. I don't know that that's explicitly clear. This is kind of good to do, but after a long time, fresh set of eyes, maybe it gets into it in the second thing. I wasn't there yet. Second column. I think in the second paragraph, if we said any governing authority can issue a digital credential to the holder or something like that. Yeah, something like that. Just to the holder makes it clear that the data went to them. Yeah, because it does get into it a little bit more in the second column, but I think that transfer of the handoff, it wasn't clear to me in that section over there. It's reiterated in that we know, we can know that it was issued to the traveler in the top right paragraph. That kind of goes over it again, but I think a hint of it in the second paragraph. Sure. Yep. Okay. Thanks, Trevor. That's my question. W3C, did com don't go in the same parentheses? They need a comma. W3C out of there. Yeah, I'm not sure why that was there. The did com is fine. I'm good with this page. Okay. I like this page. Sorry, what's the digital twins? So smart cities and robots, those are the digital twins? Digital twins are sort of a replication of infrastructure in digital form. So if you have something that's not very intelligent, it doesn't have any capabilities. It's an in and out of an object. You can create a digital twin to represent it in the digital world. So if you have a box of goods, it can have a digital identity assigned to it and location or movement or even though it's not capable of itself interacting digitally. Very big in industrial uses at this or it's a growth area in industrial uses. Right, because you track like product lines and things like that. I think ultimately you're going to have digital twins of operating rooms and you name it, you can have a digital twin of it, but so it's definitely a big thing coming. I think we have a more missing a word. Sorry, I jumped ahead a little bit. After agents, because they manage information flow between parties, have a fiduciary. I think it's and have or that have parties and have is missing a word in the middle or in the agents paragraph. Yes, and have. Okay, I'm moving. Anything else on this page? Mobile agents enable connections with mobile devices. Mediate that should be mediator agent, shouldn't it? Yes. Gotcha. I'm good with it. Not a triangle anymore. Do we need to put the labels we defined the participants in this? Do we need to use that language? Who's the issuer, the holder, the verifier? Those labels aren't here. They're partly there. So you have issuer agent and verifier agent. You just don't have when you where you say at the top cloud or mobile holder agent that would kind of. I can put I can we see it. I okay. Yeah, I can rework that to make that more explicit. I think it's it's if you had the holder agent in the cloud or mobile holder agent, then I think you'd have all three. Well, I was going to put holder under patient issuer under public health authority and then verifiers over here. Yeah, that would make it. I think you can leave the agents because I think that's the helpful too. But having that clear would also be good. So this is the one that's going to need some re-editing in a week or two. As a second, this is the two pages here on governance. Should we change in the fourth paragraph, the benefit of machine-readable governance, instead of as the science, should we change as the requirements or regulations changed just to make it a little bit more neutral? So one of them is to indicate that as the data from the research says it needs to be 24 hours versus 48 hours. That that's that part of it. The regulations are the ones that say you have to have a test or a vaccination or whatever. And so the two kind of play in tandem. So how do you express that that part of the the science part of it in another way? If you wanted to use another way? I will say scientific evidence for requirements. Yeah, that would do it too. Right. So I see a problem there. So I think we have to introduce the concept of decentralized ecosystem governance more explicitly in the final paragraph to make for this next to make sense. Okay. Agreed. And maybe it's just, you know, as this concept has become more adopted, it's been rebranded. I still think there's some value in referencing it as machine-readable governance. And so getting rid of that entirely, I don't know that we need to do that. But we should probably explain it and then introduce its other name in this universe. Yeah. Number one, should that be encoded? Publishes encodes? Oh, that's, I see the problem there. I think just publishes. Okay. Yes, that sounds good to me. Move on. Yeah. Find that second paragraph a little stumbly. All right. What was that? Which paragraph? The second one. It seemed, it's like a little circular. Perhaps it could be simplified. Like is a URL or web address, maybe if that goes in parentheses? I'm not, I think it's trying to say that. It couldn't be a comma there for a start. For something with an IP address, basically it's going to have a unique, each one will have a unique did. No, I think it's a compare and contrast kind of thing. It's the, if a device has an IP address and the digital identity begins with a did. Okay. Okay. I'll rework that. Yeah. It just needs a little wordsmithing to simplify its goal. The third paragraph I think approved by the World Wide Web is actually recommended. Okay. Is there official language? Kind of a nuance, but it will make the World Wide Web people happier. I think there's like four synonyms there in that second paragraph to your point, Kila. You could just, you know, website and web address is a little bit extra redundant, but you could just say IP address, comma URL, comma or web address. Because all four of those are synonyms. Well, the web address is a synonym for URL. Is it not? Yeah. I think it's an IP address is a type of URL, so IP address is of a different layer. But if you just said IP address and a or a URL, you can simplify the complexity a little bit. Yeah. Maybe also not if because it's missing the like second part of the if that thing, then the next thing. I missed the then the next thing part. I don't know. There's something about that paragraph. I've moved on. Trevor's made note. Are we still on this page? Yeah. I guess we are. Yeah. Sorry. The mobile agents instead of can or create unique third from the bottom on the right, it should say can create. They don't have to. They probably should, but they're not obligated to. Gotcha. Nice. Nice writing though. So I borrowed this from other documents we've created. Yeah, this one's okay to me. That last slide. Maybe this is just a nitpick, but like you have APIs are insecure. The third bullet point on the left side. Oh, and the next one. Just a definite. Oh, yeah. Yes. Well, sorry. I interrupted you. Say that again. I'm just going to say I wouldn't I wouldn't make that claim because I think just blanket saying APIs are insecure is not accurate in my opinion. So I don't know if you just delete that whole bullet point or maybe it's just a API can be insecure. Yeah, I agree with Steve. So we're going with APIs can be insecure. Yes, you have to do something to secure them in their raw state. They are not secured by default. They have to do work to make them be secure. Yeah. So maybe APIs require additional security layers and we're saying that that's inherent in this in the didcom solution. Yes. So figuring out how to and I think there could be a little like maybe aligning some of the language across the two, like the bad things and the good things so that they're more directly like checked off. The next bullet point after that also you might want to change it to say could can be insecure or maybe or something. I think that Sam was pretty adamant that the if you're going to have an API to a mobile device, it is fairly inherently insecure. There's not a lot you can do to fix it. The fact that servers do interesting things to secure their APIs and is kind of a well known process to address the security concerns. But it's hard to do that on the mobile the other way around. So if I want to talk to you, if I want to contact your mobile device, there's not a good API based way to do it securely. Okay. I don't have any comments on this one. I mean either my big gripe on this slide is that there are two periods after parsed on the fourth point. Oh, good. Nice catch. I've seen a whole bunch of little things that I've taken notes on, but that was good and missed that. I wonder also in those heavy text slides that we did at the beginning, do we want to make any mention about like C cryptographic signatures and privacy section? Maybe yes. I know that's a little bit of like stringing things together throughout the document, but it may be helpful because if people are getting lost in the words, like this picture goes a long way. Yep. Okay. There might be a better way to lay this out. So the schema is more clear. I think there is. Yeah. And maybe we get to it, but I haven't seen it yet. Is the schema relationship to the ecosystem? The end must be revocable is not true. They don't have to be revocable down in the fourth paragraph. First line. First line in the fourth paragraph. They don't have to be revocable. So I'm going to redo this slide because this doesn't really work. This is version two of an attempt to make it work, but move on. Yeah. So this is all this is all being redone or created and you some in the point one part of it. I think we need to emphasize the paragraph two and three are done once and not done right now. It sounds like that happens each time a patient comes through the process. Okay. Yeah. I would put the second and third paragraphs as item zero and say that this happens at the very beginning and set up in configuration. And then steps one, which is the follows its KYC process and two issues, the thing three are the normal things that happen. Do we want to? Sorry. So these are all basically one as opposed to one, two, three. No, I'm saying that the second paragraph it writes a public did. It adds a credential schema. Those two paragraphs. Okay. Those are step zero and they only happen one time at configuring or set up and that items, a public health authority, the issuer sends and scanning the QR code. Those three items go one, two, three every time a new patient shows up or does something. A number two, though, do we it's very specific. They send an email. It doesn't have to be email. It also doesn't have to be sent to them individually. It can also be a generic QR code where they can like register. How about the issuer connects with the patient to issue the credential or the issuer provides a QR code for establishing the initial connection. It doesn't have to be a QR code. Fair could be a link. Okay. I've got that. And then following the QR code or invitation URL will create a direct link or encrypted link. Yeah, because it's not, we're not yet at the credential part. We're at establishing a connection, I think. Yeah. I also think there's, it's very vague on the verifying the person using the app is the same one. There's like a lot there. So I'm not sure I follow what you're saying. Well, there may be an identity step in there where they're asking them to prove their identity. They may have, if the implementation pipeline is that or connection pipeline is that I human vetted you. And so I know you are, I'm only offering this link or, you know, onboarding method. That's step one, right? I vetted the person. Okay. So I'm only going to give you the credential because I've already vetted you. Three doesn't happen or two and three don't happen unless one's. So we're saying the vetting happened up front. So how does the issuer server verify the person using the app is the same one that registered as a patient? It doesn't. It already knows it is because they sent the invitation to that person. Okay. So then that goes away. And number three, second sentence. Okay. There's an assumption of based on step one, that being done. Sorry. I'm not sure what has to happen to three. Number, the second sentence goes away. After connecting the issuer server verifies that that sentence disappears. And we are at time. We were having so much fun. I lost track of it. It looks like we're just about two thirds of the way through. Well, yes, we are two thirds of the way through. Excellent. So, but we will need to discuss because, um, yeah, there's some substantial things. Let me just quickly. So we pick up this the next session. We certainly can. Yep. Rather than having you just try to blitz through it. Yeah. Yeah. No, I agree. Trevor, if you have a link for this, I can put it in our notes and encourage people to go review the second, the last third. Let me update. Let me update it before sending it out. Okay. Let me make all the changes that so the changes can be reviewed as well. Excellent. All right. Very good. Thanks, everybody. We'll see you in two weeks in, which will be in July. How exciting. Thank you. A fabulous day. Bye. Thank you.