 at here. So the first thing, the first couple of things, one is that we at the Hyperledger community work with the Linux Foundation Rules, one of which is, of course, antitrust policy. We go by the antitrust policy. The other is the Code of Conduct, which says that even when you disagree with people, you are not disagreeable. These are the two operating principles. Other than that, we are completely open. Everybody's welcome. And that is the message of this group. So I had prepared a short set of slides to guide our conversation today, but I'm more interested in hearing from people about what they would like to see here in this group in the coming year. We have had some fantastic presentations last year, so I'll go over some of them just to remind everyone what we started and what we had here last year. The other thing I want to say is that Miguel has raised his hand, so I'm going to let him speak. And anyone can interrupt at any point. That is the other. Oh, I'm breaking up. Okay, sorry. Yeah, I thought maybe it was just me, but you've been kind of cutting it out. Maybe because I'm turning my head away from my webcam. I don't know. Or maybe it's my internet connection, which is probably choppy. So based on all this dust, maybe we should go down the list and ask people to speak because if my internet is bad, it's not a good thing that you won't be able to hear me anyway. So it might be better for other people to speak. So I see that David is here. David Boswell, who is a community architect in Hyperledger. So one of the themes of this meeting is how to present what we already have, the resources that we already have to others. Okay, so that's. Hey, I heard you mentioned my name, so just to introduce myself quickly. Hey, everybody. My name is David Boswell. As we've been said, I'm a staff member at Hyperledger. I just wanted to dial in and hear what the group was planning for the year. And again, just to see if I could support it. Now, I didn't hear everything you said because you are chopping up a little bit, so I don't know if there is a specific question for me or not. I'm happy to answer it. Well, one of the things that came up is how can we better present our materials to the group? Okay, yeah, I caught half of that. I'm sorry, I'm just not hearing. Maybe if we type in chat or something, I can respond. Okay, so the question, please let me know how we can share our resources. So is this share our resources within the group or more broadly to the whole community? Because I think there might be different strategies for both. So just by the way, I don't know if my audio is coming through or not, so if people are having a problem hearing me, let me know. Okay. So for broadly, one thing that we've been talking about recently is making better use of some of our channels. So for example, last year, we were experimenting with live streaming virtual hyperledger meetups, and that's actually been really effective. It's, excuse me, that's something that might help. It's helped us connect with more people. The YouTube platform is our YouTube channel is growing pretty quickly. We have over 12,000 subscribers and we've seen, for example, live streaming a presentation helps connect with a lot more people, like up to 20 more people at a time, you know, in real time, see the presentation there. So we're playing around with, you know, how do we roll that out more broadly? Again, it started off with virtual meetups. Now we're looking at doing presentations that SIGs are doing. So anyway, that's a thought that's just come up in recent discussions. As far as sharing within the group, I have to admit, I'm not that familiar with what's been done within the identity working group in the past. I mean, if there was, you know, if somebody, you know, wanted to share what the strategy was in 2020, I'm happy to, you know, talk through, you know, maybe ways that we could, you know, tweak it or take some best practices from other groups. Like I said, I was here just kind of learn more. You know, I admit that I don't know a ton about what the group has been doing. And I see somebody else is asking, yeah, maybe if we're talking about, you know, a 2021 strategy for the group, maybe wrapping up or maybe starting with, you know, a wrap up of 2020 activities and strategy could be useful. I see that Michael also asked for that in the chat. Yeah, I'm not hearing any talk right now. I see some chat. I don't know, is anybody able to maybe do a recap? Hey, David, it shows you being on mute, my friend. Yeah, I was just saying that I, you know, I was, it seems like it would be helpful for me and maybe some other people in chat too are asking for maybe a recap of both what the group has done in 2020 as well as maybe a recap of the charter. Like I said, I don't have a lot of history of the group. So it's hard for me to make recommendations about maybe things to do differently. And I see other people in chat are saying a little bit of history would be helpful too. I don't know, maybe we lost Fippin. Yeah, I think he's having some audio problems. Yeah, yeah. Does somebody else have some of that history of the groups they want to share? Can you hear me at all or no? A little bit. I mean, at all, yes. Yeah, it seemed like it chopped a little bit, but I heard, I wasn't hearing you for a second, but yeah, I'm hearing you now. Okay, I'm going to make sure that that link is good off that presentation. And then I'll also put in the chat, in the chat, the link to the identity working group Wiki. Are people able to hear me or no? Still no. It's really cutting in and out. I hear you some. Okay, sorry. Well, some. All right, I'm going to put in the chat. Maybe I'll share my screen and I'll run through it what I can. Yeah, this isn't really working. Yeah, I understand. All right, presentation link I sent. I'm going to start sharing the screen. If you can hear me, it's great. Otherwise, we take it from there. The charter has the material. Otherwise, you know, we call it a day for me anyway, and you guys can continue. I wasn't expecting this. Yeah, and Vivin, if it's helpful for me to show up at another call to talk through maybe 2021 plans. Yeah. Sorry, that didn't mean to interrupt. You know, so I can try to share the screen and work through it, but I don't know whether it's going to. So can you guys see my screen at all? Yeah, I see your screen. Yeah, we can. Okay, so it's basically, you know, this thing is for everybody for you to be participating rather than anybody else. So I think it would help if people go through this, go through why they're here. And some of you have participated in this quite extensively. So it might be better because then you can talk about what you have taken away from this group and what we can share. So should I be calling on people or how does this work? I'll be happy to pipe up. Jim St. Clair, first time coming to the meeting. I'm active with Dan in TOIP as well as several of the Diff working groups, and I've been making an effort for 2021 to get more into the hyperledger SEGs and working groups as well. I'm from LeMedic. Our focus is patient-centric identity management and part of Providence Health Systems in Seattle. Let's go down the list, if we can. So can jump in, I guess. My name is Chris Patronakis. I am a postdoctoral researcher at SIRT, which is Greece's largest research institute. I'm representing the Pharma Ledger Horizon 2020 project, in which we are leading the technical efforts for identity management, and we are looking towards the technical solutions of artists to business. My name is Roland Forre. I'm the CEO of the company Small Business IOC. We are working on hyperledger ND and hyperledger areas on supply chain environment related to other goods and the identity. I'm Michael Hermione. I'm a self-sovereign blockchain architect. I live on a cattle ranch in Alberta, Canada. My project is the Trusted Digital Web. I've been around the whole SSI decentralized identity thing for about three years now. Time to time I get very deep in terms of my contributions and times like today I'm just working around. I've just recently published a white paper called SSI Public Data Usage Licensing that may be of interest to this group. Public Data Usage Licensing. I'll drop a link in the chat. Thank you. So what are the themes of that particular paper? So the overarching scenario in general when you know from the early days of SSI and I go back to Joe, I forget, Joe A's. He had some principles of SSI, but there's a whole idea that you would present your identity that you'd have your own self-sovereign identity and that you would present that identity to a website or to an application and that you would control how your identity is used, how the identifier is used, how that application could attach identity. There's kind of this nirvana scenario, but I've never seen anybody actually act on it. So this white paper talks about how Alice, a user, might present a personal data usage license to an application in terms of what she's choosing to selectively disclose to that application and then in turn the white paper looks from the application side. Bob's app will have a set of roles that's also defined by a similar set of claims in terms of personal information it needs and depending on what Alice is willing to disclose, she is able to have certain roles within Bob's application and vice versa. It's a little bit long, the white paper, but it's an easy read. Great. I've seen your name and your contributions because I am a lurker. The other thing I'll pitch because it's very top of mind is I'm investigating a file format, a serialization format for verified credentials. And it's kind of related to this idea of how do you present your identity or how do you present a credential to another application. Yeah, and so there's an active discussion going on in the CCG mailing list. I can post a link there. Thank you. Yeah, like I said, I'm a lurker on the CCG mailing list. You can hear me better now, I hope. Yeah, we can, yeah. Yeah, because I did reconnect. So hopefully that makes things easier and better. Yeah, that's a lot better. So Stefan, I think you should go because you made a presentation or two, especially from the European perspective. And I'll go back to the slides to show the various places that we have had these presentations. But Stefan, please. Okay. So my name is Stefan Mui. I'm a financial consultant working for the Digital Transition Matters. I've experienced in my background. It's certainly in compliance and legal issues for the banking sector. I'm currently working on identity proofing, well, remote identity proofing specifications for the Etsy standardization organization. In fact, we just released a couple of a few weeks ago a draft to that effect. I'm also working on a new assignment for the European Commission on KYC Portability, which is not directly related to, I would say, decentralized or SSI schemes, but certainly is somehow related to that topic as well. And that's something I've been involved with the European Commission work for on that theme, wider theme for a couple of years. And this is relevant because you may know that there's work I'm doing currently to revise the EIS framework and make it more consistent with the latest trends in the identity arena. Beautiful. Alfonso. Hi, thank you for everything. Hi, everyone. I'm Alfonso Grobella from Merida, Mexico. I came to this group interested in IoT for smart cities, in particular solar panels. And then I became quite interested in SSI, still learning. I am part of the Hyperledger new Latin American chapter and a co-chair of the learning materials and development working group here also at Hyperledger. Happy to be with you learning every day. That's a spirit. Dan Bachenheimer, who's of course been a stalwart contributor to this group, and he has made a presentation last year, which I call out in my slides. Anyway, Dan, please go ahead and talk about your interest and what we should be doing going forward. You know, that is the key theme of this meeting. Are you around, Dan, or... So, let us go down the list. Gary DiGrucio. Basically, I saw that you just joined and we are just going down the list of participants talking about what we should be working on for the next year. And I had a presentation ready, but I had some audio problems. Looks like the audio problems have gone away, but basically, what are you working on? That kind of thing. So, actually, I've been on something of a hiatus since the summer. I'm actually just getting back into participating with the group, so I'm still trying to come up to speed on what's going on. Oh, beautiful. Okay. Jim is already gone. Alfonso, David, Chris. Now, Luca Boldrin, who's another person who has contributed to this group. Yes. Hi, everyone. My background is on certification authority and PKI stuff. My company is mostly trust service provider in the hiatus framework. But we are working since a few years, at least, five years, of course. In the self-sovereign environment, we are developing from there. We're very much connected to the hiatus world, which Stefan mentioned before. And we are now looking forward to what's happening with the new mood of integrating identity with payment systems with the concept of central bank digital currencies and the like. I'm fond of this group and I try to attend, even if I can't make it very regularly, because of the diversity of the amount of different topics which are addressed in quite transversal with respect to other fora. So thanks, Deepin, for keeping me down. All right. The next person, I think it's Charles. No. Anyway, I think everybody is gone, so gone over why they're here. So I'm going to try to go over the slides that I had prepared. It looks like I'm in a better shape now. So the roadmap slides. The first call that we had, not the first, but one of the first calls that we had was with Kim Cameron, who's a legend, obviously. But his main theme was how people are, the personal digital transformation is happening and how that is, you know, it is a process. It is not something that is going to happen like the crack of a whip. It is going to happen slowly. And he's had, you know, his views are also in that slide, and that slide will be, you know, this slide has links to all of the recordings that we have had. And then we had a talk about the data protection regulation. Stefan mentioned some about Europe. We also had people from India talking about it. And in one of the slides, following slides, I will show how things have changed between 2019 and 2020. Then the next one is Dan's known traveler digital identity, which has all these elements in play, which is, you know, the serialization format, the semantics, the way in which these things can be presented and so on. Then we had several sessions on contact tracing and anonymization in the first days of the pandemic. And people were kind of upset saying, you know, what does this have to do with identity? But slowly looks like more and more people are drawn into this. And there is a whole session today at WHO, like Jim mentioned, vaccines, credentials, initiative or smart vaccines or whatever it's called today. And European, this is the next one which Stefan talked about. And one of the main things that happened last year was, of course, the creation of TOIP, the new group in the next foundation. Then we had a presentation on cactus with identity focus, also a presentation from the Global Legal Entity Foundation with roles in the enterprise. Another one was the universal wallet concept, which also had a very interesting presentation. Then vaccinations and COVID credentials, then MPC securing the enterprise using unbounce technology, then on consent management's semantic working group from TOIP. Now there's three groups in TOIP dealing with semantics. Well, I should probably not say TOIP, I should say TOIP because Jim Jordan is very particular about that. And the state of SSI, which had a membership of 65 people in this call that was given by Drummond, and he's going to come back next month. Then biometrics, which is a big topic, and how does biometrics coexist with SSI? And Cary, which is a digital key management solution that is top of the mind for everyone today. Two things that I want to say is that somebody had asked what is the charter of the group? The charter was to talk about all identity problems in or identity solutions in a hyperledger. And we have to say that identity is one of the foundational concepts in blockchains. Many of these talks have nothing to do with DLTs or blockchain directly. But in the end, they all come back to the idea of a global witness, which even in SSI uses some form of DLT. This is just a screen showing the comprehensive data protection laws in 2019. And I just wanted to show you the transformation that happened and looks like China started out a new law for data protection of its citizens. But I do not know how effective that will be because the government is engaged in surveillance according to many. We have no real idea. The other place that things changed was in Egypt. In Africa, there are some places where the privacy laws are being enacted. In the United States, as you know, that kind of a comprehensive privacy law is not there, and it probably will never be enacted because there's a very strong pushback against that kind of a situation. Although in country, it is a federated system, so there's lots of different ways in which the laws can be enacted. Jim, you have something to say? Oh, you just touched upon it, but I was going to comment in general that number one, the HIPAA privacy law is going through a notice of proposed rulemaking, which will probably expand the context around patient consent and patient access. And to your last point, obviously, California already has the CCPA. They're going to the CPRA, and there's about, according to the legal newsletters I follow, about 14 states. So it wouldn't surprise me if the Biden administration started looking at something federal that would harmonize privacy laws because the problem is probably going to come up that different states have different laws that mimic GDPR or have similarities to it, which will make it too hard to operate without federal guidance. Yeah, I think GDPR was a very important law because of the fact that it is not only protecting European citizens, it is protecting citizens elsewhere. Because of the way the law is enacted, most global companies have to comply with the law, which means that they enact similar laws, I mean similar protections, even in the countries that do not have such a law. I don't know what the Canadian situation is because here in this map, it shows that Canada is blue, which is a comprehensive data protection law has been enacted. I don't know too much about it, and the whole of South America seems like it's got some solid protections the Russians have, and so does Australia. So in order to comply with all of these, obviously the move is towards giving the data back, control back to the citizens. And so to recap, some of the things that we talked about here, one of them is the make the material accessible and searchable, which was the first point I opened with, although I couldn't be heard. We have a paper that is about identity and blockchains, and it has been stalled for a couple of years now, because we felt like the landscape was changing so rapidly that we did not have a way to keep up with it. So things looks like things are shaking out, and there's more clarity. I think the whole point that a personal digital transformation is underway, where people who are even so-called digital natives are slowly realizing the deleterious, the bad effects of over-sharing and the lack of protection. So it is not just the older people who are used to a more personal data protection, but also everyone else. And I think that that's what Jim was talking about, that he was talking about specifically about the healthcare system, but unless there's a comprehensive law that protects everything from financial transactions to healthcare, to various other forms of data gathering and misuse. Of course, that goes directly to this whole vaccines credentials and interoperability situation with the smart vaccine certification certificate. And we also work with the Digital Identity Foundation. Dan, you had something to say, please. Well, yeah, to your previous point, yeah, you mentioned biometrics before in the same thing as what Jim was talking about with health credentials. We see a lot of federal and state in the US and other countries banning the use of biometrics for various reasons. And yet GDPR, as you were saying before, covers that as not just personal data, but sensitive personal data, just like health. So I just was bringing that up in the context of what you're talking about in terms of comprehensive laws to protect all PII, including health, including biometrics and others. But that was it. Yeah, but since you are the biometrics czar of this group, I would ask you to say, what are the prospects? Because the problem is, it's two-edged, right? One is biometrics are seen as a kind of a nuclear option, meaning if you lose that and if somebody can spoof that, then they really can't take over somebody's identity. On the other hand, that is linking someone very definitively with their biometrics. So you have the two sides of the same of this coin. And I'm wondering whether you can say something more about what's happening there. Yeah, you kind of said it, but when we talk about health credentials and identity credentials, right now the US CDC provides you the little white card that sometimes they actually fill in your name, first name and last name, and then it would say the date and what vaccination you got. But it's not bound to an identity. Even if they filled in my name, it's still not bound to an identity. Now, there's all this activity, as you're saying, like the WHO is doing today. Now, we do have folks representing this, but in general, the other health credential activities that we see out there in the news, they really either don't think of identity or think of it in passing, of how you bind the identity, both when you are at the lab getting a test or getting a vaccination, how do they identify you? So that when you then get something associated with you, perhaps it's you, and then you go and travel and present that vaccination or that test result, how do they know that it was provisioned to that person? And not their brother or not somebody that they paid to take the test for them. And one of the most secure ways of doing that is through biometrics to bind an identity claim, including a health credential, to the presenter of that claim. Now, then you talk about the ability to potentially spoof a biometric. There is that potential. In ISO world, we published 30107-3 that talks about presentation attack detection. And there's algorithms, techniques to detect presentation attacks in face, finger, iris, voice. Is it foolproof? No, but there are methods to detect it. Anybody that says anti-spoof, I discount right away because you can detect spoof, you can't have software to not have somebody attempt to spoof you. They will attempt, and the best you can do is detect it. Anyhow, there's movements of more privacy enhancing biometrics that do matching in the hash domain. And we'll see more about that. You're giving up a bit of performance accuracy in that case to get more privacy. And in some cases, that's going to be acceptable, especially in humanitarian cases. Launching nuclear codes, you probably don't want to lose performance in terms of accuracy or border crossing, but there's other things that low financial risk transactions could use that. Anyhow, happy to answer any questions, but that's a quick brain dump. Yeah, I mean, you know that we had that presentation just a couple of weeks ago on biometrics and SSI. I think that the carry thing there is sort of not correct there, but I wanted you to have that separate. But anyway, going back to the biometrics and SSI, is the use of biometrics and SSI contradictory or? No, not at all. Not at all, right? And KVTI, you mentioned that before. KVTI.org, go and watch the little video, read up about it. But basically, it's another, your biometric identifier is another verifiable claim where packaged into a verifiable credential that to have that seamless travel experience, I selectively disclose certain information, let's say, to my airline. We selectively disclose it to the departure boarder agency, the rival boarder agency, the security agency, maybe my car rental agency, but let's focus on my airline. So I have as an attestation, my wallet, my boarding pass information, and my passport information, including my biometric, the only biometric that's required in all a KO 9303 documents, the e-passport and data group two is an ISO compliant photo. So that is a biometric, it is included in a verifiable credential called an e-passport today. We have the same thing in KVTI. So what is that by me? I could share selectively disclose ahead of time my boarding pass information and some of my basically passport information, my photo, my first name, last name. I share that with my airline. Now I'm getting ready to board this A380, you know, 525 people. I don't have to take out my boarding pass, my passport. I walk up to the boarding gate. It captures my face. It does a 1 to 528 to 525, I guess, search. It says, oh, yeah, that's, I recognize his face. It is Dan. I've updated my manifest that he's biometrically bored. I have a more accurate manifest. And that's an example using biometrics in SSI. Now where GDPR comes into play is I and 525 other people shared my sensitive personal data with that airline. They have to protect it. They have to tell me how long they're going to use it. How are they going to protect it? When are they going to delete it typically within 24 hours? If they share it, who do they share it with and all that kind of crap. So GDPR does apply, maybe not to my, you know, to my, or maybe differently to my wallet than it does to the airline, because now the airline has, at least for a certain amount of time, PII, including biometric information for a bunch of folks. Yeah, I mean, you mentioned two things which I think is important, which are important. One is, I do, I do believe, I do not believe, I subscribe to the notion that Ian Grig said, and which, which makes sense, which is basically identity is an edge protocol. That means that the more nodes, the more things that attest to my identity, the more difficult it is to spoof that identity. Because there are, let's say, if you use a palm veins or a gate along with something else, then it is pretty sure that, you know, I am the person who I say I am. Of course, the other other part is, you know, the presentation, you know, the what is, what is needed in order to identity proof. This is what Stefan was talking about, which, of course, the NIST also goes into great detail about what is needed for identity proofing, which, of course, makes it legal to use multiple methods and strengthen your proof, you know. So it's very difficult to spoof somebody if you're using multiple methods that are different domains, including biometrics. But in the end, biometrics, we spoke about this briefly, which is do you store that information directly in the, you know, in some kind of a data space, or you store a hash-based sort of a matching pattern that cannot be reversed. And you said that for recoverability, sometimes that data is stored. But with all the stuff that has been happening in terms of people breaking in into all the honeypots, all the different places where data is being stored and being able to get that data out, the movement towards personal digital transformation that Kim Cameron was mentioning is leading to decentralization, leading to ways of storing data on the edges in a way that can be one recovered to revoked and presented. And since decentralization would prevent a large-scale thievery of this data, then that's even better. So the next thing here, you know, which is financial use cases. So these are the themes for 2021, and people will be showing up and talking about some of these. The financial use cases for digital currencies, I've mentioned because I'm involved with the digital currency global initiative, and I had forwarded that to the identity working group and the capital markets working group so that people can participate directly in that and digital currencies as you know are our hot item right now, especially with cryptocurrencies and everything else going haywire. But this is about developing standards for digital currency interoperation, and I believe that identity is one of the pivot points for that. Going down the list, we have capabilities versus access control links, which, you know, I have linked to that paper that actually is W3C, I believe was who have hosted that, and we want to talk about that. The last item solid is Sir Tim Berners Lee's effort for having pods. So we'll talk about that, and also about Kerry as a DKMS. And obviously, a lot of this work is already going on in, you know, different places, but we want to, you know, we want to talk about it in the context of hyper ledger. So the one of the last things I would say is that there's a hyper ledger global forum happening, and if you have any ideas for a paper for presentation, please present it to the program committee, and hopefully they will choose your paper. And I will send out that information as well on the mailing list. I think that's about it for now, and I hope this has been useful, even though I started out with a bit of a problem with the audio. Anyone else has anything to say, including David? You know, please, please go ahead. Yeah, thank you. It was helpful to hear more about things that have happened and things you're planning, for example, that paper. Again, if there are ways that this group is wanting support, you can reach out to me. We've done, we have published a couple of papers, for example, for some specialist groups. So, you know, there's a process we could follow. I know some other working groups of published papers as well. But anyway, thanks for letting me listen in and, you know, let me feel free to reach out if there are ways I can help what you're wanting to do this year. Yeah, thank you. Thank you. Bye. Bye. Thank you. Bye.