 I just want to welcome everyone to this meeting and wish everyone a safe situation here in the middle of this global pandemic. We are going to focus a little bit on certain aspects of mitigation, but before I go there, I want to talk about a couple of things dealing with the administrative aspects of this. One is the antitrust policy of the hyperledger, and we know that we should not be engaging in anything that is against the antitrust policy. If you do not wish to adhere to that policy, please get off the line because that is one of the two things that we have to adhere to. The other aspect is the code of conduct, which means that we treat each other with respect and when we are disagreeing with people, it is okay to disagree as long as you are not insulting or you treat each other with respect, otherwise we cannot have a civil conversation, so that is the second aspect. I am going to look if Drummond is already on the call. I will have him start off the presentation. I think he is, and so is his colleague from London, I think, so Drummond, can you take it away? Can you hear me, Drummond, first of all? Looks like Drummond may not be ... Yeah. Certainly, if you come off of mute, yes. I can hear you. I am sorry. I am just a couple minutes late, and I am happy to dive into it. I do have a couple slides, so I assume what we want to ... You want to get up to speed on us. What is going on with the CCI Credential ... COVID Credentials Initiative? I am interested in that. Yes, definitely. That is why ... Can we present a little bit of background on that, or do you want to dive into it right away? No, no, no. Well, I mean, that was mostly what I was going to do is just provide some context. We have ... I am looking at the call ... Kelly Cooper is one of the leads for one of the four work streams that has been put together there, so she is someone else who can also provide some background on that. So very, very happy to ... But I can provide as much context as I can, and then we can just ... There is an awful lot going on in the space very quickly, so I am just happy to try and get folks up to speed with what is happening. I have already been on two other calls about it or related things this morning, and so the space is evolving pretty rapidly. So, let's see. I do have ... Let me share these slides quickly. There was a ... Let's pull this up here. Is this ... Are you seeing this? Yeah, I have. I think before we go there, what is ... Why should there be an immunity passport? I mean, I think that's the first question. Got it. Let me go to the next one because I think it does summarize. I think Coindesk actually did a pretty good article, a pretty good summary of the whole thing, which is why I am just quoting from that. So, the basic idea of the relevance is that if we are going to both deal with helping slow the growth of the virus and at the same time start to re-open the economy or restart economic activity, then we need a way ... Go ahead. No, no, no. Go ahead. I am sorry. I just want to check that I am recording. Yeah, no, it looks like you are. Anyway, that having ways to prove things that are relevant to certain activities that basically enable employers or governments or healthcare providers and, of course, all of us as patients, potential infection vectors, it's just suddenly obvious to many people. It's never been easier in my entire life to explain what I do than to just say, hey, we need digital credentials to help people stay safe and companies stay safe and prove things about relative to COVID and the different activities, and it's almost easier to rather look at this to look at, okay, I've got two highlights in here. This is a quick summary of the 10 specific use cases that I am not on the involve with their four work streams in the CCI initiative, and one of them is use cases, and I just took this list from the documentation of the use cases team. There may be someone here on the call that's part of the use cases team, in which case they can talk to that, but you can see every one of these is a different contextual credential, and there are many different issuers involved here. Some of them, of course, are healthcare facilities or labs, if you're talking about proof of immunity or vaccination, but others are actually issued by employers that, in fact, you are an essential worker or that a particular environment has been deep cleaned. It's just a whole spectrum of credentials that are needed, and in the context of COVID, it becomes very clear that it's very valuable for those credentials to be digital. They can be issued quickly. They can be revoked quickly. They're portable with you, and they're strongly verifiable via the cryptography, so they're very difficult to fake or defraud. This initiative is truly an SSI community-wide initiative. It wasn't started at any particular organization or any particular company. As it happens, Evernim, as a SSI digital credentials company, was doing work with several of our customers on healthcare-related digital credentials, and those customers immediately with the COVID coming up started talking with us and wanting us to work on the COVID credentials. We were already doing this commercially, and then the CCI initiative really started with Tony Rose at Proof Market saying, hey, he was actually focused on a different set of use cases at Proof Market around agriculture supply chain, but he quickly said, hey, I should refocus on the need for COVID-related credentials, and we should collaborate as a community to develop an interoperable set of credentials and a governance framework that would go with them that could be used everywhere, or at least be something that different jurisdictions can specialize from a generalized governance framework. Who would be the issuers? Have you actually got this initiative out in the open, or is it still in development? These are under development, so the initiative is totally public, open to anyone. There's no, in fact... Yeah, I understand, but in terms of adoption, in terms of making a difference in the next, let's say, four to six weeks, right, where are we? So there are issuers that are very interested in this. The one, even though I can't go into any details, but I think folks are aware that, and they have been public, the NHS in the UK has been working on a doctor's passport credential for quite a while. That's why they suddenly said, hey, we need to now figure out how we're going to deploy this and get it relevant to the massive work that they're having to do to deal with COVID. So that's one example I can cite. Others of the Evernim customers, I can't name, they really are very strict that they don't want to say anything until they have something ready to deploy and they've adequately tested it. Will they be working with local public health officials? Because it looks like most of this stuff will make a big difference, especially in the beginning, in a local setting. Yes, I don't think they have any choice, right? These credentials will not be relied on unless they are blessed by regulators at whatever level they need to be, which is part of why the governance framework aspect or work stream, the four work streams are use cases, then tools intact to actually implement it, the governance framework called the rules work stream, and then the coordination communications. And as I said, I'm primarily trying to help convene the governance framework work. Kelly is a co-chair. Kelly, you should maybe say a few words about, I just talked with, just got off a call with Chris Raskowski, who's also the other, one of the other co-leads there. I don't know if you want to share anything about the progress of that rules group. Right now what we're working on is limiting the idea to what we are focused is governance that resides on the sovereign foundation network or another like network. So the governance has to do specifically with credentials. In the use case group, we're taking a look at the use cases that Drummond mentioned, and really focusing on creating two sets of guidelines to make sure that as people go forward with use cases, that they're not doing so from behind a keyboard, that they're engaged in the ideas of the users in the multiple use cases. The way that those two tie together is that the governance group is looking at credentials that then different locales apply to their own legal initiatives, whether that have to do with HIPAA or whether that have to do with GTPR. And so with GTPR kind of feeds a little bit into the NHS use case. So use case is as much, how is it that we can go forward to quickly move through this instead of get it tied up conceptually? Yeah, that's what I'm really asking, meaning most of the solutions have to be rapidly deployed and worked on and you know there have to be both local and global scale. I mean local trust, so have you guys identified any local communities where you're actually, except for the healthcare worker mobility thing? The most important one would be proof of immunity by exposure or by vaccine. I suppose that will affect the most number of people. So vaccine of course not yet, but immunity by exposure is what most people are talking about. So is there such an effort and actually solutions out there to do this or are you still in the sort of thought process stage? I would say that we're not in the sort of thought process stage because we have much more aggressive deadlines, timelines and deliverables than say a typical hyperledger working group would have and there are a lot more people that are involved in the process. I'm adding to the minutes some of the documents that are going on. We're meeting regularly people are bringing ideas about their individual communities and what it is that their individual communities need. We have not identified a particular community that we're building this to because it needs to be broader than that. Instead what we're doing is defining and documenting a core set of guidelines that then people who attend the meetings of which there are many can apply in their context and can at the same time as they are working together to apply in their context locally can say hey we forgot about this this needs to be contributed etc. So the pace of the group is much faster than the pace of the working groups or of the oh yeah of course you're building real solutions we are we are only exposing them or like talking about them because we meet every two weeks it's not it's not a cadence that can sustain a real solution right. So Drummond is there anything else we need to talk about here or I mean in terms of concrete stuff or is it basically. Yes it's a good question now again you're hearing from Kelly and I who are primarily associated with one of the four work streams which happens to be the rules and governance work stream. Obviously you know from the standpoint of hyper ledger the tech and what they call the tools and tech work stream is highly relevant as well and you know that I'm happy to you know tell Brian and everyone that it's I mean Indie Ursa Aries this is a great chance for it to shine the interest has never been higher and in particular the privacy preservation characteristics of zero knowledge proof credentials are really recognized when you come to these use cases to many of these use cases. So that I don't know again I'm presenting now so I'm not looking at it if there's anyone here from that is involved because there's like more than 150 people now involved in the across the four work streams there may be someone here from tools and tech or from use cases or from coordination if you are you know please speak up. So this is Kelly again I'm also in the use case group and what we're trying to do is to Vippen's point and that is narrowed down so that we can consider all of the players within each of the use case there's a lot of complications having to do with the legality and the regulatory issues so I'm adding into our notes some of the documents that are addressing these in a regular basis and then these teams meet once per week. There's also an overarching draft of a website that went out I would say that all of the ideas so far have been yes that this will involve Indy, Eroha, Ursa etc. However because it's an agnostic group people are saying you know bring kind of whatever it is to the table and in doing so some ideas from other contexts are coming in that can help to fine-tune and narrow but for the most part it's it is a hyper ledger you know focus with the idea that let's bring kind of the best of all because we don't have a lot of time. Yeah I mean that's great. I'm sorry I didn't mean to interrupt. Go ahead Brian. I kind of a quick tooling question which is how are you envisioning the last mile of this to health care workers, to citizens, to people who need to check credentials like and really this boils down to the wallet question and do you think we're going to need to to reach out and get companies like Google and Apple involved in this to get to that last mile in a meaningful way? Tools group have hardy conversations going on back and forth. There's no one that is saying that this is going to be exclusive of Apple or of Google and what's happening right now is they're defining kind of the privacy. The other issue that comes into play is keeping as much off-chain as possible and how is it that we can coordinate and work with the major players so there there's no thought that the people who we sometimes roll our eyes at of the world are not going to be involved in this instead the idea is more of assuming there will be levels of partnership with these groups or with these nation states in order to collaborate in order to partner and in order to scale what are the things from a tools perspective from a wallet perspective that really need to happen and so for example in the use case group we're taking a look at kind of the primary path which is no errors positive outcomes etc but then we also need to discuss what about the unbanked and we need to be able to do this in paper what about when we when there's guardian issues involved when we're talking about incarcerated or refugee camps and so we're really looking deep into the privacy if you have any interest in the tools aspect of this I encourage you to join the tools group even as an observer because the email that go back and forth and the discussions that take place in the meeting are the most detailed and rigorous and potentially could lead to the most progress in in wallet ecosystems then we've had in the last year yeah I want I want to strongly uh second that of Kelly it's it's like the um shakedown test for verifiable credentials and um one of the things so so Brian the uh as I think you know the Aries project established the Aries interop profile 1.0 um and that is what the uh the wallet implementers are all either implementing or working towards implementing for interoperability um and uh we are I said we everdim's one of them by the way that the the link you see up here is simply everdim's doorway into the initiative there's many of them out there so um this happens to be a slide that I was uh presenting yesterday so I have it handy but you can uh if you just want to connect with the initiative you can come in through any of these doorways Kelly is probably putting other ones into the notes all the key links you need if you want to join any of the work streams um but I would say all of the current um I call Aries compatible uh wallet um implementers are involved that I'm aware of uh at this point um everdim street cred uh uh transmute um uh uh isattus IBM um so everyone wants to be able to provide a wallet if this results in waking up um you know our friends at Apple and Google to recognize that they you know uh I think most of us believe that you know digital credential uh uh you know interoperable digital credential capability is going to work its way all the way down the wallets into the OS I think it's inevitable over time if this is what spurs it happening will be great um you know there's there's a huge amount of work to be done here and uh I don't know how you know obviously that's not something that's gonna end up being you know producing uh usable credentials the next you know four to six weeks they just have too much work to do I have folks around here sorry I missed the first a few minutes is there a link to the uh notes that's being taken with the links yeah yeah so far we can you post that on chat and hyperlegia please no it's it's it's there in the emails that were sent out to your group as well okay so the notes are very much there and of course Kelly as I know will be taking extents notes and also dropping all the different links in there so obviously this is also a call to our group if anyone is interested to go and join these uh the CCI work now drumman do you mind if I take this on with uh now going to the COVID apps stuff or do you want to talk a little more how does this work I just wanted to answer a question to provide background I know one thing I'll say is that um the whole area of I was just on a call this morning with the MIT uh SafePath folks about contact tracing and I know you're going to talk about that vipin and that uh the CCI initiative has not been focused on contact tracing just on credentials and they sort of seem like uh at least the conclusion of the call with the MIT folks was they're they're they're you know flip sides of the coin they belong together and they're very interested the the MIT SafePath initiative and working with CCI and vice versa so uh ball back over to you so drumman can I ask any question on your slide this is a stupid question I'm sure when you looked at all those credentials that I think the third one said proof of need for test yes so the problem and this goes back to the earlier comment about sorry uh sorry to interrupt um we you know you can ask uh drumman any question you want I'm sure he'll respond um I just wanted to uh move this meeting along because you know I know that for example uh the CCI initiative itself can be talked about for you know maybe five meetings and still we are not going to talk the topic so could be uh Jim if you don't mind so I'm going to just talk about the you know about the contact tracing stuff because uh that's what you know we have been uh I have been focusing on in in terms of looking at the technical uh details along with uh prom and other people in the uh in the architecture working group we we are we are talking about that but you know it may not have direct relevance to the the blockchain right now but uh there are places where it could come together so if you don't mind can I start talking about that sure I'm done I'm fine thanks sorry uh okay now I'm going to uh I'm going to present that slide deck let me see share screen see my screen can you see my screen okay so I don't want to go into the details of this uh just talking about contact tracing we did um we did uh talk about it last last meeting there are it's a it's a controversial subject people don't uh think it um you know there's privacy aspect to it started off in Singapore with uh traced together already had some aspects of uh privacy inside it and the rationale is that if we are able to scale it in a decentralized way locally into the population and if there's adoption uh in the population hold on a second um in the population that it would uh gain you know it would actually make a difference in uh uh removing the uh complete shutdown right which is what everybody wants so I don't want to go into the r0 stuff so the second phase has to involve some kind of a trace and isolate usually contact tracing has been done by hand for uh diseases like syphilis uh diseases like hiv other diseases like uh tumor losses uh and that is a classic method for um used by epidemiologists the point is that there are a couple of problems with using that at scale in our country and in many other countries first it needs huge numbers of um trained personnel uh Massachusetts is right now hiring thousand uh people for that uh to do uh personnel trace and track uh the other is you know various other places are doing that same thing uh or the classic epidemiologists are suggesting manual track and trace because that's what they're used to in fact there's a study by john hopkins people which is in that in this link that says that we need hundred thousand people trained people in the united states to do personal track and trace the problem with this approach just relying on that approach and it costs about three billion dollars which is not much compared to the amount of uh money that has been already spent or his being a couple of problems with this approach one is the typical um you know typical it is not like a typical disease in the sense that if you look at this that this is from the uh PPP that's the european initiative for the app usually typically you say that i am you know so there is infected and contagious no symptoms and infected and contagious uh actually known to be infected so with this disease uh what happens is uh you know we have either this scenario this scenario uh we can actually look at who's actually identified as contagious and um say something about it uh and trace them but the app provides a future proofing that means like even when the people are not contagious if they can be tracked and traced and contacted then you you achieve uh you know and and they can be isolated then you achieve scale the second point is that not many people recall casual contact uh which you know i mean in the case of a sexually transmitted disease obviously people know who they have been sexually intimate with and they are uh they will share that information with uh with the contact tracer but not really in this uh case so the things for uh the the the arguments for contact tracing um using an app which uses bluetooth are compelling obviously there are privacy issues and obviously there are scale issues but there is rapid development in this area and most of the uh most of the major initiatives are converging on the solution so let's go and look at the actual solution right so it's just to just to add to that with and i guess the uh interesting point about this disease is that a good 20 percent of the infected folks are asymptomatic as well yeah that that's what i've tried to show here that's what they tried to show here that is they are asymptomatic which are pink and then there's the red right garden garden so what they are saying is if the asymptomatic people can be contacted before they uh realize that they are infected then they can be isolated and hence contain the disease that's that's the idea that's the point garden that uh can not be achieved unless you have scale unless you know your so-called proximity uh contact that so let's go yeah and you know it becomes important especially you know if you're talking about uh the healthcare workers and so forth that's been a big risk because some percentage of them might be infected and asymptomatic and if they take it to nursing homes and assisted living facilities that's going to be pretty bad so yeah i mean i don't know whether this uh this contact tracing app can stop that the main thing that can stop it is testing uh which we don't seem to have a capacity yet uh but contract tracing is also not going to work without testing so i mean both of them have to be there so i'm just calling out a high-level comparison between the various uh effort and in in this the standout is this uh safe path right which uh which um uh druman just mentioned they are using gps and google maps and i don't know how effective that will be in contact tracing because that can own that can allocate sort of a casual contact which may not pass on the pass on the disease but the important thing to notice that most of these things are out there dp3t which is a under the ppp umbrella which is a pan-european uh privacy preserving proximity tracing umbrella it's already got something out there the tcn guys have something uh you know everybody has actual solutions out there but and if we include google and apple uh with our also racing uh skepticism so we'll talk about how these various uh various efforts try to preserve privacy okay all day all data all storage is on the edges so basically the key this is from the apple thing so there's like a tracing key and it generates a daily tracing key and then a rolling proximity identifier even though the names are different different uh applications this is kind of how the whole thing works that tracing key or the unique per user key never leaves the device the uh rolling proximity identifier is what is transmitted to the outside uh the idea is that the rolling proximity identifier or whatever it called in the different uh initiatives are what can be derived are what are transmitted are broadcast and uh during the sharing phase if you ever get infected then you only share the tracing key and the tracing key is used to derive all the rolling proximity identifiers the attacks are also you know detailed in the documents that i linked to uh there are there is a huge resistance to the apps as i had mentioned and this seems to be common across every place that means more surveillance will linger after the epidemic can be easily hacked and so on so all of the initiatives are very sensitive to to these uh major causes so they all promise that the app itself will be dropped after the uh epidemic is over the second thing they say is that every 14 days or whatever there's a setable parameter that those uh uh you know the keys that are stored in the contacts phone will be dropped so it is a it's data is ephemeral um and after the infective phase is over i after the infection has been reported um the person who's reported the infection uh can choose to roll another trace another key another secret key uh especially in the tcn application so challenges are like it needs to achieve scale and needs to be promoted locally uh and has to be independently audited and should be open sourced and privacy concerns should be addressed head on um so i have just put like three initiatives and how the keys are generated in the three broad categories like the broadcast key uh you know how it's derived from the uh secret i mean the shared key which is then only shared on infection and how that can be used to generate the broadcast key so that you can detect yourself like suppose there is a person who comes close to you and stays close to you for whatever period of time like 15 minutes is the recommended time within six feet and that data being broadcast is captured on your phone now that person finds out later that they are infected and it is within that period that they have been in proximity to you then they upload their data to the uh to a central service that is only this key not their broadcast keys and along with the assertion so this might be a place where a credential may come in useful because this is a place where the public health official has to sign saying that this is the actual infection to prevent trolling and so the details are sort of different the tcn coalition which is backed by zcash and others uh including the uh stanford university guys have um you know a key derivation and they use a public private key pair and then sign their uh their report using the uh the public key which can be then checked if need be uh you know a private key sorry and then they can check that using the public key that that is actual report coming and there is a memo field which can contain an attestation uh but in the ppp the uh there's an activation key that is that activates this secret key i mean this shared key uh but in all of the initiatives the things that they have to take care of is one how do you broadcast this information from the server to the phones that are interested in that information usually by broadcast using port so there is no uh recording of who actually got it uh second limiting that data so that it has to be either through sharding for for local or uh you know some some way of sharding uh and also only like in this case for example only one key of the t the first date of suspected infection is needed to generate all other keys and then also to generate these uh uh broadcast keys so data limitation is important so you know blockchain of course can help if it's if the central server is substituted with the blockchain but you know there's a lot of concern among people uh about privacy and obviously google and apple the main advantages for them are they that they they can embed it into their operating system and hence push out that update and get it into lots lots of phones but then they need to also partner with local uh local public health officials and allow auditing so that they're not using this information in you know pushing out ads or whatever it is so that's and and the other uh point that i did not mention is that all of this only uses minimal minimal data so there is no nothing other than just the uh 16 byte key that is broadcast this is also because of the limitations of the bluetooth uh broadcast system anyway there were nine things on the nine or ten chat messages that i haven't looked at so uh i don't know whether there are any other can we can we ask questions now yeah of course um so of all those projects are there any that anticipate use of distributed ledgers there are um you know there are some proposals that say that the central server can be substituted by distributed ledgers so that it's not under a single single server uh in germany for example they are saying the single server would be housed in a uh neutral institution fritz habler institute i think or some one of those so the other choice would be to uh do it in in you know a distributed ledger so what we want is a partnership with the local authorities uh where that particular solution can be housed in a distributed ledger so so we have to be a little mindful about what value a distributed ledger actually adds here right um you know of course we're all dlt blockchain enthusiasts uh but there's a tradeoff here right uh if privacy is the primary consideration then replicating that information across multiple administrative domains does that really achieve privacy certainly it improves availability it improves distribution of control but it also involves multiple folks having you know even when we are trying to minimize the private information you know we've got to be see what real value we get from using a dlt versus a server okay so i stopped the share yeah go ahead well yeah the the note that i put in there vipin is this is a very interesting conversation but uh as druman already pointed out um this the contact tracing is a separate can of worms then identity then self sovereign identity yes they can be related in terms of attestations in your wallet but going back to the last question is there distributed ledger technology you know envisioned here i would hope that it is envisioned for the identity portion and that if you're tracing and and and things like that yes there's a lot of privacy concerns because now you're weakening your your whereabouts but that's separate from um verifiable credentials that um that would presumably leverage blockchain for the yellow pages for the you know basically for for the verification of the validity of those verifiable credentials of the proofs of uh health or whatever proofs that i need this year proofs that i um i'm a healthcare worker all those proofs should be verifiable credentials should leverage dlt the contact tracing is a different can of worms so i just to be a little bit careful here because we're going down the um there are solutions that are being deployed they are being deployed successfully and broadly right now without digital or digital ledger technologies underneath them so we know that the dlt technologies are not necessary i think that's the wrong question i think the right question is if we bring dlt's into it what are the additional capabilities that we can offer um and i think um you know this point of decentralizing identities and being able to decentralize credentialing in order to allow credentialing to be more scalable and more verifiable those are benefits we can add but let's be careful about doing the we gotta have it in order to make it work hopefully it's fair enough yeah yeah i think the point is yeah the point is is that we systems are starting to emerge um and those systems do not have any dependencies on blockchain um so um i think we can go through this exercise and say what can we what benefit can we add in these spaces and i think we've got a whole plethora of technologies we've got you know avalan and fpc and pdo for doing private computations for what we've got um identity very strong identity um uh offerings that has some very nice characteristics for being um kind of scalable and decentralized and verifiable that way what are the other things that that the dlt technologies can bring that that and i'll be very specific you know as hyper ledger what can we bring to this um that adds value beyond what we're currently seeing deployed well the main thing to note here is that the server itself is um does not possess in most cases anything that can reveal the uh that can reveal the identity of the people who are infected or the people who are uh who have been notified that they have to test themselves that's so the server does not contain information that can do that the point is will will there be an achievement of scale uh so so the privacy really does not enter the picture if the protocol is preserving privacy in a very uh robust way where the uh uh where decentralization can help there is by having smart contracts or some other kind of uh intelligence checked the uploads uh in a uh distributed way and also disseminate information in a distributed way so that's that's the only place where i find that uh distributed ledger technology can help uh whether it's you know in the end it's local but in a place like new york for example where there are eight million people maybe one central server is not enough to notify uh uh people around that there is a problem uh so that makes sense yep i think you're right in a sense you know distributed ledger has benefits in terms of availability um certainly you know the new york argument that you're making is good to you if you need the scale uh in terms of uh having a centralized server there's probably alternate ways of achieving scale but certainly blt is a strong way of dealing with that issue so the privacy argument uh you know i mean they they they have uh done some kind of crypt analysis of of these systems and i have the link there of uh henry valence's uh analysis but i think it's too preliminary uh things are evolving and the main point is like axel is saying that okay you know singapore only achieved 20 percent and they were not able to prevent the lockdown maybe not in this two three weeks but you know people will be more inclined to download these kind of apps or at least use try them after being confined in their houses for weeks on end but it has to be done through a credible and trusted interlocutor otherwise nobody will download these apps there's everybody fanning the flames saying that these are all like privacy busting apps and all kinds of other stuff so you know so i know i know the time is short in this call i you know i want to suggest that maybe um you know we we've we've focused more in this group on the credentialing uh types of opportunities than contact tracing i think contract tracing is going to be really important um i think it's the kind of challenge that needs uh apple and google you know working together as they are on this um it's not clear to me yet that in the short to mid term there's a need for dlt technology um there are opportunities we see but i think we should be very pull oriented on this rather than push you know when somebody says we need a neutral ground for recording you know hash uh data that you know can be shared widely or whatever like then step in to respond but i'm feeling like from all the contact tracing stuff i've been seeing it's an it's not an appropriate place for us to push and say we have a unique way to solve a problem unlike on the credentialing thing where i do think the groundwork that's been laid by the self sovereign id community does provide a unique way to a unique solution to what is going to be a pretty big problem and i'm really glad to see that having been broadened beyond just test results you know to all these other use cases where identity and credentialing are going to be important in the fight um uh so i think tracking the contract tracing stuff is interesting but vip and i don't know if you plan to make this like a major theme for the next no no no it's it's done i'm done with that i only brought it up uh last time because it was interesting from a identity point of view and privacy point of view and this time uh you know i'm just noticing that these efforts are really taking off and hopefully they'll make a difference obviously it cannot be just that there have to be multiple efforts focused on various aspects in order for this thing to be successful there you know technology is not going to be a solution so the trust aspect of things the trust framework the trust architecture uh that that you know drummond and others are working on is very important i think there is an interesting question what happens after the contract tracing app tells you you've been exposed right and tells you it was at this time in this date and you say to yourself well i was in a public place then i was uh you might be able to say i was in an uber car and so my uber driver might have been that person um but i i think answering you know providing some sort of solution to what happens next when you know rather than just saying hey this app tells you you've been exposed now you have to sit for two weeks in in isolation um i that's going to be a hard thing to sell to people if they aren't able to like you know themselves figure out what they did or who who it was who gave it to them and that's where there's some thorny issues around identity and maybe a dlt solution but um but i think i think i maybe i'm speaking for out of turn here but but i do think that most of the rest of us i i think want to be thinking about the credentialing challenge or if there's other yeah but i think the credentialing challenge is uh the problem with the credentialing challenge that i see anyway is there is no solution yet that can achieve scale and there is nothing concrete yet that um that is being pushed out you know i i may be wrong completely wrong but i want there to be such a such a thing obviously and we have been working hard on these things wallets are definitely very very going to be very very important because you know you can think of even this as a kind of a wallet but i get your point brian that we are definitely not going to be discussing this stuff in the next meetings okay well it is definitely useful i think to explore i don't want to drag this out yeah yeah i mean you know you make a good point and i i had thought this is it you know after this we focus on either the credentialing aspect or you know other aspects whatever comes up in the next couple of weeks we let's see okay so if is anybody involved just to see extremely briefly i could just point out just one small thing um about identity uh there's a real point with these apps like they don't necessarily need to know who you are it depends really on what you're building to do but if they're just supposed to be able to notify people that you know they should either get a test or they should say stay at home or whatever it doesn't have to be binary yeah it's all opt-in or yeah yeah well they don't really need to know who's who so you don't even need a real identity layer you just you know you just need to be able to get a message to somebody you don't need to know who they are so it's identity and it's sort of very very loose term you just need to not identify somewhere just want to say that it really depends on the goal and the design will flow from there sorry this was the actual one yeah like brian said i mean if you you've been out only once you know in the last two weeks and you know where you went and who you met with obviously you know that that is the person who was infected so you know it all is contextual but in the end it it relies on people to be civic minded and to be uh you know to do the right thing but i don't know i mean is that is that what we observe um right but i think what i think what's being said is uh what drum and kick the meeting off with with the COVID-19 credential emphasis on credential initiative where that in that case uh identity is important um what we're saying what's being said now um on this separate contact tracing it's not necessary to formulate an identity you don't know that you don't need to know that it was Dan you were next to you just need to know that some schmuck that had the disease was next to you no it may not be a schmuck that's the whole point that drom was making yeah you you don't know that you have a disease right no no yeah uh yeah i don't want to go in circles here but i think that what we're saying is the focus in the identity working group should be on identity and credentialing and and that's that's what we're saying and i just wanted to say in in that regard what's coming up in the next weeks and i know brian's involved is certainly with id 2020 where we're focusing on that area uh of it and there will be um some position paper there some other related uh output and i think one of the things that that i i find you know in terms of identifying and having these attestations to prove something in other words to prove um i have some sort of health uh record whether it's positive or negative i have proof and that's where these verifiable proofs are one of the dimensions that i think um would would help um is we did this with known travel and digital identity how do we tie that proof to the individual um and there's things such as biometrics that can do that and that's another attestation that i personally think should be part of that um that credential that um when i got this test again positive or negative when i got this attribute whoever that official is that signing that package of information off that package of information should have a biometric to link me back to that attestation to you know so that uh it can be cryptographically certified that the information including biometric is accurate and then i can associate it with the human the only other thing i think is important here is that um yeah what i again i think what drum was talking about is you know to to make this all work in an ecosystem we it does have to have this governance model who who's to say who's trusted in this ecosystem who's to say what um uh and again he mentioned sovereign what is is is contemplated for this what did methods are we going to use to make this work if we have to stand something up and my last point and it was in your last presentation is we can't trust paper you could have a verifiable credential cryptographically signed on paper it doesn't have to be in a phone you could have the same cryptographic integrity with a barcode that's printed out on paper you still need access to um to check the signing certificate and then we and this is where we break away from decentralized identity because presumably that that credential um uh you know is in a public key decentralized public key directory that it's that that it's um uh so that you could you know look at these paper certificates and go to a single place to verify that it was um cryptographically signed correctly and then still um it has its integrity but i think those things we need to look at short term in terms of identity yeah yeah i agree um i agree um that this was more of a general presentation or how we can get involved and what what can we do in uh in terms of uh privacy and other aspects and uh and uh i had invited uh drummond to speak on the uh on this cci initiative because i i know that that is the most important thing and that's why he let off the um let off yeah thank you all i mean it wasn't uh by uh you know i mean i the only only thing i'm worried about there is the uh is the readiness of these to be widely uh disseminated and scaled and that's why i'm interested in your uh uh reference to id 2020 and because i know that uh that the coda connected me and said that they are working on the credentialing aspect so uh i'm more interested in getting involved in that as well if you know it looks like brian dropped off but yeah i know that there's a another um discussion on that coming up this week so yeah i'm happy to provide an update i'm still here but we're at time so i want to respect respectful of no i mean you know we we sometimes run over for 10 minutes so it doesn't okay yeah so is that that's not a public meeting is it id 2020 right the the meeting is not but uh but the end results will will be public yeah yeah okay uh all right uh i think uh ram or mick if you have anything more to add i think it's a good discussion and you know we should start figuring out uh the cci obviously is uh you know the main you know low-hanging fruit but we should look at uh other aspects mick and i were kind of exploring to see whether besides contact tracing are there other uh things along the same lines where we can actually see the benefit the way i think about contact tracing it's kind of reactive but can we have these kind of uh you know and the have other metrics which are kind of measuring social interactions based on this kind of proximity detection methods which can provide value even in that symptomatic case and so forth and uh you know we continue exploring those to see whether there's anything we can do there we were looking at pdo like technologies as well because some of these the information that we'd be collecting is very uh potentially privacy sensitive yeah um so anyway um this will be you know i'll keep an eye on these these tracing apps but not as much uh because i was interested for a personal reason you know i want to get out of my house in new york city and so uh that that was one of the one of the reasons so i i wanted to bring that to the group as a privacy preserving uh you know aspect of things remaining anonymous is also part of identity according to me but i guess not too many people um buy that argument but anyway no no that is a key part of identity is that that right to and that's why we keep uh um you know keep uh private deeds private right well not only remaining anonymous but also at the same time contributing uh knowledge and uh you know some something to the common wheel so to say um where even that anonymous contribution makes a difference right okay and and in the sense that it's also decentralized uh edge device computation you know so these are the two aspects that that i thought were powerful because of the scale and the network effects well thanks thanks vipin for organizing this uh um thanks a lot and uh we'll see you soon stay safe all right thanks all right folks if no one has anything else we are very past the hour anyway so yeah yeah thanks thanks vipin for leading the discussion yeah very good thank you thanks uh stephan good to see you okay bye bye bye