DIF APAC call
6:55AM Apr 23, 2020
I'm doing all right.
A long time here. Well been busy with the COVID-19 response work, man. How thinks and talent? Are you? there?
I am I am quarantined in Buenos Aires we cannot get back home.
Oh, man, I'm sorry to hear that. Yeah.
I'd like to hear a little bit too about everybody's COVID
response. So give folks a chance to get on. Sign on here. And then
I've got some notes to tell people but I'd love to hear what everybody else is doing. Uncle.
Yeah. Yeah, yeah, I can share about the the project that we are doing. It's open source. Sure. It's called lockdown. It's a it's an application that tracks all the countries.
Jean Jacques? Yeah, yeah.
Yeah. So at this point, that's pre release, maybe in future Should we? If we get more developers then we could do it more granularly by region level. Right now it does at country level, right? And track some of the technology, stuff that restricting civil rights in the country's transgressed together, and few other places. Yeah, I had a quick question for you. Why are you using zoom? Can we use jitsi?
Yeah, we probably could. diff diff has the zoom infrastructure that we've been using for most of their calls. So we just have piggyback off of that.
Cool. Okay. Yeah, because I'm really not comfortable anymore. Keeping zoom on any of my cars.
Actually, like there is an open discussion because in some places of the verge zoom is not really available. What What did you just did? What? What what service? Did you suggest that because we are now actually looking into like, looking into other artists, we have members in China and in China, it's zoom is not an available service.
trended. Ah, no, no,
thanks. Okay. We will look into that as well. Like, there are some things that we need to look in privacy's one, but diff is generally running all the meetings publicly. So like, for like the meetings are limited. This is not about like, the recording, not better if they got out. And this is just more on who is at the cause during the causes is a issue for us. But yeah, I understand your concerns. Thanks.
It looks like a pretty light turnout this time. I think everybody's been busy with the
And also I'm not sure if there was a little goof up with the time zones when the calendar was pinned to one of those time zones that changed.
daylight savings so then we moved it moved it back. So it was was at the same time for Asian timezones. But I think that that made a hiccup this this round, but no real worries. Give people a few more minutes.
Let's see we have
Japan. Japan's joining us.
I'm jealous of all of you back in Asia. It's four in the morning here in Buenos Aires.
there are no real flights operating yet.
There are some but they are few and far between.
all we hear anybody want to want to say hello, I see winds here from cinema. He's got some presentation to give
a little bit later.
we'll give it one more minute here.
All righty. Well, it's looks like a pretty
looks like a little bit of smaller crowd this time. With a everybody busy with COVID
if we could, since we've got a little bit of a smaller group, we could kind of run through and say hello to everybody. My name is is Eric and I am normally based in northern Thailand but I am quarantines here and why no series and unable to leave right now.
And but we're still managing to get this
Get this call out. So I'd love to hear, see who else we have on the line. And we can just kind of go down the line real quick if you could just say hello and where you're calling from, and, and maybe what's going on with COVID for for your community. That would be great.
Hi, I'm Shana. I'm based in Singapore. Actually, we are currently more or less have a lot down here.
What do you do by essential?
Everybody's looking to Singapore for a information and experience about the contract tracing.
Kind of a link that is pretty relevant. One of the links inside in invite, which may deter people from downloading the trees together.
Yeah, yeah, both endpoints. I guess
let me put the let me put the link in the chat to the the agenda document here. And if people want to edit and add some links to that, that would be fantastic. And feel free to put them in the chat to if they have any links to share. I would very much like that. Yeah. So does anybody else wants to say hello there? So archy we were just talking you were, could you tell us a little bit about what you're doing?
Hey, hi, my name is Aki. I'm an open source technologists based in Cambodia. I'm currently helping with an open source project called lockdown. We are trying to track all the countries that are under lockdown and various restrictions on moments and hopefully By the end of the month, we would love to release it.
So will that be kind of a, like a map, kind of a clickable map where you find out what people are? What their lockdown statuses?
That's correct. I'm going to put in the link in the in the chat. It's going to be online map application and the color coding to, to show the regions and various various measures and restrictions.
Fantastic. All right.
Shameless plug. If any of you are developers and want to contribute, we really need
So anybody else I can convince to say hello and tell us a little bit about what's going on with COVID and COVID response where you are
from Tokyo computer
you can go to
Japan first please go for it. Okay. Yeah.
This is Dixon from Tokyo.
I think this weekend studying from tomorrow. This a you versus virus, hackathon. And this several of the coven and applications already asking for engineer and designer and everything. So if anyone's interested, please join and then check it out. And also I think Taiwan hobbies is planning to join as a team to
all those wonderful and
sorry and nothing will decode. I think tomorrow
I forgot I forgot that except the mighty operator white paper will be out soon for official reasons. And it talks about information banking and everything related to the ecosystem created by my data group that's
the my data my data operator paper is going to going to come out
Yeah, I think 2020 years or something
wonderful. And I saw some messages from you in the my data slack I've been meaning to get to my internet has been out for about two days as well. So even the COVID is having all sorts of strange impacts on people. The the problems we're having here is the the ISP staffs are mostly still in quarantine. So they're experiencing lots of outages here and when this areas that are just due to the reduce staff that everybody is operating under. So it's it's impressive to see the depth of how the COVID quarantine is impacting kind of every aspect of operations.
Okay, fantastic. Thanks.
Peter. You were gonna say hello.
Yeah, I just wanted to say hi,
I'm on lockdown here in Bangkok, no flights in or out.
Cities doing well though, just
wanted to share also that I respond is working on vaccine at the station. So we're looking at more in the near term, not the immediate. We've been involved with several pharmaceuticals on clinical trials for vaccine candidates, and how to provide credentials for those individuals receiving the vaccine.
It's quite interesting work.
who are who are you working with? They're in Bangkok,
CDC and Red Cross. Fantastic,
fantastic is a no Finola, who
Dr. Wynn will be giving us a little talk a little hint a little bit. fishing together something with the Ministry of Public Health, I think, later this week or like tomorrow or early next week.
it is a big challenge.
End of everywhere.
So who anybody else want to say hello can jump in and introduce yourselves?
the from a research opinion from FEMA FEMA be presenting today about potential
fantastic and the rest of The fit of a team there
that's a Bangkok it's it's a Yeah, it's a nice time of day for you guys.
So let's, I will go ahead
and share this up so Okay, so so then kind of moving on so yeah the just to kind of issues it's kind of a light to light meeting I know everybody I know in this community is pretty much 100% right now on on COVID responses and kind of there's a couple of major efforts that are going for our community one is this COVID project initiative, which I've put a link in there, and there's a website around it. And that is a that is a, it was started by evernham kind of out of the the sovereign community and it has now about 60 or so participants. It has, it has and it's it's kind of a Shannon edge test is that that similar to the the pet PT Cova credentials is a little bit broader. They're, they're looking at the credentialing. So the the issues of how do you given attestation about as Peter mentioned about a vaccine, if somebody has a vaccine, how do you record that digitally to somebody and how they they move it? How do we capture these test results that people have? There are a set of use cases that they are working on. So there there is a group have five, I think it's five total workstreams now and one of them is is is defining use cases. So they're looking at everything from an immunity passport, which has gotten talked a lot about to cases like, how do you how do you establish somebody's credentials in a care facility? So in an elderly care facility when somebody is nurses, doctors are coming and going,
how can you
manage their exposure, track their exposure, track their testing history, digitally. So there's a wide range of use cases that they're looking at. And the the technology by and large for COVID credentials is tending towards the hyper ledger. And sovereign hyperledger Indian sovereign environment which just kind of represents its origin but it is a cross cross platform technology. They also have a Slack channel at fight the virus slack comm which is pretty active. So I just put that in the slack there as well. And it is it's a lot of ideas. A lot of ideas being exchanged about how digital credentialing Is there anybody else here is familiar with that maybe? Maybe Balazs you could say a little bit about COVID creds and how that relates to the dif effort.
Good afternoon, everyone, or whatever time zone you're in. And so there is a setup for cross collaboration between Different IPR protected groups such as w three, CCC, G and they've uncovered creds and we are looking at like creating a mechanism to effectively work across different initiatives and organizations. And tomorrow there is going to be a call with the leaders of these initiatives to kind of like agree on what can go where and what is the most efficient way to sort of create alignment and and agree on points that has been politically hold back or discussed in different voices. So that I would say like, that is the most recent one I can say. So tomorrow there is going to be some revealing probably diff is going to support the CCI calls because of their size. That's also going to be in tomorrow's call. And as as, as it was said, it's primarily around credentials and schemas for the long term like antibody travel and testing, not particularly in the track and trace initiatives like BP, all the others that were listed. Yeah. And if there are any questions, I'm happy to answer.
Fantastic. Speaking of contact tracing, so, uh, yeah, that's a great point. I w is coming up. So I intend, I suggest to everybody, if they can go to go to that it's going to be the first virtual conference. I know they were one of the first conferences in our community to do To make the call to go completely virtual, and you can sign up there, Shannon put the link in, which is the 28th 29th and 30th. And they are, they are, what they're doing, they're having the same format of a regular II W, where those morning meeting where people will get together virtually and establish topics that they want to talk about. You can also mail in those topics or discuss them through this links on the event bright page, you sign up when you get your tickets. So So there'll be a regular morning opening introductions and topic building where you pick the agenda. Then there's a series of sessions that each run for an hour that will you can join into for for to discuss particular topics. There'll be a closing session at the end of the day. And then because of the time zones and To accommodate people around the world, there'll be a series of additional sessions. So it's the morning session will be timed. I think it's around eight or nine in the morning pacific time. But the the last sessions the last three sessions are more convenient to our time zones in a pack. So there's there should be Yeah, like Christina mentioned that the the main the main schedule is not so APAC friendly but there shouldn't be some sessions. The last two sessions of the of the day should be available around two to more friendly to us and we can put a link in there if somebody could, maybe Balazs if you could grab a link to that schedule, just put it in in there. I think that's a great thing to to note, I'll leave my screen share open So, so that's a great note for IWC coming up and then COVID is going to be a fan a huge discussion in there. So CCI
CCI is is is the COVID credentials initiative is is kind of one of the larger initiatives. That's that's going and it is looking primarily around credentials. The my data has has had a massive outpouring of effort. And this is around the contract tracing. There's there's a lot of discussion of of all aspects of the code response, but where I think my data is shining, the most is in the contact tracing. And there's a link there to I think it's a paper called unified research on privacy, preserving contact, tracing And this is a wonderful resource that lists all of the the the active contact tracing apps, there's about 40 or 50, as well as links to international standards that are starting to emerge. Europe has taken the lead on this as well. And there is a there there are EU contact tracing reporting guidelines for this. Does anybody familiar with what's been going on with the PPP, that's the pan European privacy, preserving something tracing? I believe. Shannon, do you know are you have you been watching that? I understand that they may have removed the the
the privacy preserving part.
No. My dad was just reading about
Eric Eric Which bodies leaning standardization on conduct tracing? Is there you mentioned is there a standardization efforts happening with tracing or did I misunderstand you
so so so pep, pep PT and there's another link in there the TCM the contact tracing coalition are two different groups this one and this this one
yeah and there's a big one in Switzerland on I keep forgetting the name Yeah, sir several
Ah, fantastic. Yeah. So there are a couple of Coalition's the EU in in the my data channels somewhere in in this this unified research there are some links to to some of the the EU guidelines and I'm not exactly sure where who is leading that I don't know which organization is leading it but I believe There are links to it in here. So this is, uh, this this unified research on contact tracing. This is here's the European Commission's guidelines and algorithm for contact tracers right here. Okay.
So this This document is a living document from my data. And it's a particularly good.
Yeah, I've seen I've seen it, but it's just so long. And I haven't noticed that part. So it's good. You pointed out and yeah, I just know, the Japanese government's working on the guidelines, like our team is waiting for that. Because, you know, they've built a separate privacy preserving, contact, tracing it up, but then the government is forcing us to collect phone numbers for Yeah, because, you know, there's Google apples thing happening, but in zand, if you want to, you know, have your local medical authorities use it, you have to adapt it to your local situation. And in our case, you know, medical facilities are Using numbers as internal identifiers so that's apparently a must and just like you know, sidestep but it's a ministry of finance this drafting these guidelines isn't just like an absurd part of Japanese government, but that don't let me go into this. So yeah, thanks for the heads up.
That's That's really interesting. So that so in Japan is the Ministry of Finance that's involved in the contract to tracing effort.
Minister of Economic sorry, yeah, yeah. We have the government we have the Minister of house we have the Minister of economics and they each do like one third of all this and you have to talk me talking to all three so it's been going very fast. Take me with a grain of salt.
It's it's all of these governments have been adapting it you know, at really lightning speed. So So one thing that is impressive and we usually we all experience, government as being a bit slow and bulky so it is kind of impressive to see them straining to, to move as fast as they can. And because no, they do have the responsibility of getting it right. And that that can be difficult at a high speed. Does anybody else have any any insights on what their local government is doing? as well?
I'd love to hear so.
if you think of something that that you can share with a either just some information or or a link, I please put it in the
please put it in the chat or bring it up because,
yeah, I think Taiwan, like one of the startups numbers, the I think right now, this time in the morning, they're giving their pitch on their applications to find the COVID to the Taipei which is the biggest city in Taiwan. You missable so that's why I didn't see Sherry here. But now we can always ask her to give information and link to the information in this document later on.
Yeah, and feel free to send something to the mailing list. Because I know in my data, there's been some requests for, for what is going on, but it's been particularly hard to get information the EU is very has been very forthcoming about information, but I think in a lot of the rest of the world, part of is just because people are tremendously busy and focused on the frontline efforts. So
but that's wonderful. Thank you.
yeah, so so.
So the contract tracing, contact tracing, I included a paper here, this light blue touch paper that somebody gave somebody passed to me and I find this a particularly
insightful paper for discussing some of the limitations of contact tracing. So, so when we talk about contact tracing, it sounds ideal. And but the data that's coming in and I'd love to hear from the Singapore example, but I, it sounds like it's still only 12 to 20% coverage of the population. And then there's there's also some other kinds of problems that that show up. This lists about six or seven for all kinds of cases. Like if you're at the store, you've got a if you're in one aisle and somebody is in another aisle, you're not really sharing the same air. But the Bluetooth can't really tell that and there's so there's there's some challenges to figuring out difference between that kind of contact versus sharing a public transportation ride on a bus station, or on a train a train car, which is going to be a lot more exposure producing. So, Shannon, did you mention anything about did you have? Did you know anything about the Singapore response? The coverage, I forgot where I saw the number, but it was 12 to 15%. I think
it's not very high, because our contact racing ideas, they were not able to source with a source of those patients who got the COVID-19 pump, and it takes up a very high percentage of it.
It's not that much in that sense.
So one of the projects that I'm working on is is it's it's coming out of some larger consultancies like KPMG and Deloitte working with Columbia University. And what we're looking at is something that we're calling okra or online COVID risk assessments. So this is looking at the the Chinese kind of app model, where you you get kind of a running assessment of what your your COVID exposure, the risk you post others and the risk that others pose to you. But it combines it combines test results, it combines contact tracing with other sources, and they look at contact tracing in this as as a very coarse grain signal very much like traffic congestion that you get from Google. So it can give you some estimates as to Real Time risk. But the reality is that there's there's the contact tracing is not going to be the super strong solution that we had kind of hoped hoped for it to be. As I think Singapore is finding as well. So it's one of those things that we can do. But it's not clear that it's going to be as useful as we'd hoped. This Twitter link here
is from my data, it's a call the fourth
recording of the fourth call. And Jonathan cam from Australia gives you the last part of that. A really nice presentation a technical presentation of what the Apple and Google API's do what they do and what they don't do. So
So in this paper, this ID 2020 paper that came out, this is by the ahead of it 2020 with Harvard AI is a good,
a good, a
good source of information about credentials and how how they should relate to our kind of public policy. And so one of the things that we're getting in about 30 minutes, I kind of like to turn over, unless people have more information about COVID COVID credentials
or the COVID response.
I'd like to turn it over to to finish them up. And we, what, what we're what we've been looking at in the credential community, there's kind of two large, two large approaches to credentials. One is what they call kind of zero knowledge proof which is is popular in the the The hyper ledger indie and the sovereign community. And then the others is the W three C, standard credential format, which is you can think of that as just signatures over claims made by an issuer. So So the difference is one is more amenable to later term flexibility and pulling out individual and exposing individual pieces of data. And the other the W three c side kind of captures more of that document centric, here is a copy of my driver's license. And then right kind of in the middle are attribute based credentials, which phenom is using that kind of combines the two. So with that setup, I'd like to turn it over to to cinema. And tell us a little bit about what you guys are doing with attributes. Based credentials.
Hi, are you hear me? Yeah,
quite so do you see my fishing net full screen? Oh,
Hi. We can sorry. Right.
minor technical problem.
looks good on this end.
Can anybody else?
Right Do you see it as was when my presentation activity potential foreign price isn't
and we can see properly in the interface. Okay. Okay, so PowerPoint.
So thanks, Eric for the introduction. So as Eric mentioned, that there are two approaches. For the credentials and asking him Are we trying to take the best our foresight will be combining the BTC approach and hyper ledger India port and we combined them together as our solution. So to do myself My name is Dr. Woodcock salon and currently a research engineer at cinema. Working as a cryptographer. Before I begin my presentation, let me ask everyone a question. So let's say you want to go to a bar and get a drink. If you're quite young and looking, sometimes you'll be asked to present your ID card to show that you are above drinking. But when you keep it your card to the bartender, the bartender will see everything in your cart is the name address are the numbers, etc. Is it really necessary for the bartender to learn about your name, address, or your ID number, when the only thing the bartender needs to know is whether you're above the drinking age. To body digital identity, we need a solution, a solution, a solution that give the user the ability to disclose, or hide, or maybe any information is confidential. So an example of going to about a user should be able to only review it and hide everything else, and perhaps also redeem his space. To simplify your system a little, we can consider a five attributes credential, to five attributes with name, nickname, address, data, birth ID number. So first, the issuer, for example might be the government, the government give you a credential, and then you keep the credential in your mobile phone in identity wallet, and then you present it to the bartender, as perhaps in the follow up QR code. We'd add to basket ensure you'd be able to hide everything And then all these shortages of birth to the budtender. But the bartender needs something to check whether the credential is valid. And to check that the credential is valid, he needs signature. So the issuer or the government needs to sign dutifully on the credential. And then when you present the credential, you need to also assign yourself a signature so that the verifier know that it's you and not anyone else presenting your credential. Right. So let's talk a little about digital signatures. One way to do digital signature is by using public key infrastructure. So first, we should assign his private key on the credential and then send the credential with the signature to the user ID volume. Then the issue will also need to put the public key into some public storage, for example, in blockchain users also when you said want to present his credential to a verifier. You also need to sign in credential with his pride his own private key will be another signature and then send his public key to the blockchain. The verifier then can take the key, the public key from both issuing and Hoover to check that the presentation of the credential is indeed valid. But there's a problem with attribute based credential. So let's say the user wants to present his credential differently to verifier, the verifier one, show everything except the nickname and the verifier to only show the date of birth and nothing else. The question is, how does the issuer sign the credential? Does he sign for the workflow? Well, one or verifier? Two, does the user need to request a new signature every time you want to make different presentation?
Yeah, are you looking through the the slides, we're still seeing The one slide, still a little.
Oh, okay. Right. So today's A. So you only see the first slide in my presentation. Yes. Yeah. Right. Okay. At the moment you see our slide?
Nope. We just see that attribute based credentials, so we can see this list on the
left. All right. Okay. Maybe I stopped sharing it now.
Right. Okay. Do you see something else in my screen now?
Yes. There we go.
Oh, there we go. I'm sorry. Right. My apology. Right. Okay. I'm going to my presenting quickly again, right. Okay. Do you see something else in my life?
Okay. Cool. Okay, I'm going through quickly and if there is another problem, please tell me right. Okay. So, so we do attribute based credential for enterprise decentralized identity, right and Like when you when asked about question about a bar, right? So the bartender only need to know your, that you are about 18 or 20 in some country, right? They don't need to know anything else. So it'd be base credential is a mean for a protocol where user can hide some information and review all the sub information as necessary, like so, as a workflow, they should first issue a credential to user user then presenting his credential or her credential to verifier. And the user can choose which one to reveal you which one to hide. So if I ever need a signature, or if I need signature, first form the issuer, he will have to sign it. And then the user has also signed his credential as well. So be one signature from issue one signature from user so that verify we can check that the credential is really from The correct issue and really from the correct user.
So far so good, right, Eric?
So now let's talk about the digital signature.
So these were first used private key to sign the credential and send it to reduce this wallet. issue I can then use a public key can send the public key to the blockchain right to to store it as authority and user one to send his credential to earn fire. You also need his property, his private key to sign it his own signature and then send public key to blockchain. fortify can then retrieve those public key from the blockchain and verify that the credential is indeed indeed valid. Now this problem with how the issuer assign the credential so let's say what if I ever won all the show everything except the Name, where if I were to audit your date of birth and nothing else, how does the issuer sign those credential right issuer want to make a new kind of presentation to another verifier. Does that mean the user has to request a new signature every time? Or does the issuer sign every possibility for the credential? In the case of five attributes in the credential is mean the issuer has to sign 32 or two to the five type of credential. So that means you have 32 signatures keeping in your mobile phone, right? We have maybe five credential is still kind of okay. But what if your credential has hundred attributes, it can be like a long document of your health medic medical health record with hundred four credentials. In that case, it's mean that they are 10 to the 30 possibilities. So it's totally impractical to keep all the signature in your phone. So, we need another solution and that solution is by using CL signature. So, CR signature is an efficient signature scheme developed by Yon combination. So, he was the lead cryptographer at IBM at the time. And another one they L is from an Allah Manya Leon skya, a professor from Brown University. So, they published a series of three papers from the year 2001 to year 2004. So, this signature is very efficient signature scheme that only requires one single signature for all possibilities in the contribute base credential. So, using this signature, you say, what do you need one signature from issuer and then he can create any presentation to any verifier and another also the user has the option to withhold some information to issuer. For example, maybe your government do not need your nickname, but you want to put your nickname to the credential. So what you do is you encrypt your nickname and send the encrypted nickname to the government, your government then use to encrypt the name put in credential, sign it and send it back to you. Now, I want you to get the credential, you can get used to a nickname and present it to your verifier even though that your government has no knowledge of your nickname. So another feature that we have to be used in our product is silone rich proofs. So let me ask you a similar question. So does your partner even need to know your date of birth to get a drink? No, right. So the bartender do not need to know that you was born in by second of July 2019 84. 23rd of September 1985. The only thing about it you need to know is that you are above the drinking age. So what you can do is you can use cilona rates proof to prove that you are above the drinking age. So for those who don't know about who don't have cryptography background theory proof can be demonstrated by using a reboot Rubik's Cube example. So let's say Alice wants to show to Bob that he know how to solve a Rubik's Cube, that he has a special technique that can solve Rubik's Cube very, very fast, but Alice Doesn't want to share her technique with Bob. One way she can prove it is to ask Bob to prepare a Rubik's cube and ask Bob to twist it at random. Then Bob can keep the Rubik's cube to Alice. Alice then turn her back at Bob. So the Rubik's Cube turned back around if the Rubik's back to Bob Once Bob gets to solve Rubik's Cube, then he'd be totally convinced beyond any doubt that Alice really know how to solve the Rubik's Cube. Although he can no information, he gained zero knowledge about how Alice solve.
So, in reality,
in which we use cylinder a proof is is based on mathematics. For example, there's one protocol called sigma protocol. This is a seal knowledge, proof of knowledge. So let's say you have a number, you want to prove to verifier, that you know this number without revealing what that number is. So the protocol involves some exchange of random numbers. So and at the end of the protocol, you'll be able to convince the verifier beyond any doubt that you really know that number. And the verifier will gain clo knowledge about what that number is. So we can use To knowledge proof, together with attribute based credential to improve our users privacy's to do user would have an additional ability to minimally discloses information. So instead of keeping date of birth to the verify verifier user can construct a cryptographic proof for his age and tell the verifier that he is indeed above 20 years old. And don't tell the verifier his date of birth. So FEMA at FEMA we develop our product by using attribute based credential together with cylinder approved for enterprise decentralized identity solution. So we have three core products. First, we do an enterprise decentralized entity blockchain. Second, we do identity access management. And third, we provide electronic identity wallets file for the users so the issuer would be able to use could ensure to to the users and then publish the public key on our blockchain. User can also put the public key on the blockchain and verify or take those public key to verify credential from the issuer.
So to jump in kind of here, and let's make sure we get a link put a link in the the, to the slide deck. But where this this particularly gets in in terms of COVID, I'd like to just take a moment to bring it back to COVID. So there's, there's there's this issue of being able to track information like test results and the test results will have a lot of information in them. Sometimes it's relevant to people sometimes it's not. So when you have this these these test results that are accumulating in your kind of digital wallet, you need To be able to to construct rapidly a presentation of verifiable presentation, like when had had shown there that has just the information that's necessary for the verifier. So, for example, there's a lot of quality control issues right now around the pinprick tests. So you can imagine that a pinprick test would have information including the manufacturer and the lot number, as well as who was the issuer and what their licensing you know why the person who witnessed your your credential who were they and why were they able to, to witness it, perhaps they're a nurse or a doctor. And so that is critical information to have about that test, who witnessed it, what their credentials were also the manufacturing and lot number information about the test but When you're presenting the test result to somebody really all they want to know is whether the antibodies were present or not or what your level was if it was a serological test. So so as the use of these attribute based credentials, lets you go through and pick out just the information that the verifier cares about, and buying that together to hand that to the verifier without requesting a special credential that has just that information. So does that Does that kind of make sense to anybody? Is there any buddy have questions about the about that?
how that works.
So what's what's particularly important in this In these models is
what I what has been coming up, at least in the COVID credentials community, one of the things we've really been looking at is there's also this issue of revocation of credentials. So, typically, when you talk about revocation, you think about, like a driver's license, the government decides that you no longer can use that driver's license, maybe you got into an accident or something. But in the case of COVID credentials, and I mentioned the the supply chain quality control issues,
so this is
this is an area where they are finding from time to time, people are working so fast to get these credentials or these credentials, these tests out that you run into situations where batches get produced that they they forgot to add the reagents to, so they send out and accidentally make 10,000 Blank tests that have nothing but water in them. So the need there is to invalidate those test results based on the manufacturing number. Just wholesale. And so this is an area where where the revocation capabilities of credentials is important, you can revoke a test result and say it's invalid by the lot number or the manufacturing number of that test. And that information never has to be handed over to anybody. They just get the information that the test result is no longer valid because of being able to pick and choose which attributes are displayed, and then linking that back to the origin originating credential.
that kind of makes sense to everybody and Anybody have any questions kind of about how, how those those credentials and that revocation process and then the ability to to select individual attributes? No.
Actually, I was thinking something much smaller instead of like the pandemic, in I kind of like have the opportunity to work with the UK people. They're saying that like, when the customer asked to produce their credentials, sometimes you think to violence, and then they will, they will say, like, kind of swear to the to the to the register, or maybe beat them up. So with this kind of potential, then people can just show it for people and then they can prove that they're old enough to buy beers cigarettes. It can kind of like, reduce any violent crime.
to the store stoner anyone?
So that's what I need is cool.
Yeah, yeah, there's there is definitely that information leakage can can lead to really bad results, there was a case in Utah where there was a predatory taxi driver that was looking at people's information. And using that to to then case out and harass people. So when when they came to pick him up, they they asked for scene ID and then they would take a note of what the actual address was of the person. So that's a that's that's a definite that's a that's a that's that definite condition but the attribute based credentials, the real flexibility about the zero knowledge proof Nat attribute there's there is it's often brought up is this this idea about disclosure, but the real flexibility is the ability to cut in and to pull out attributes and to create verifiable presentations on on the side. And the community as a whole has been struggling with getting this messaging right. As well, because the the zero knowledge the lack of of disclosure of additional information is usually the was seen as the first selling point. But one of the things that really makes them stand out is the fact that you have a choice of giving the verifier just what they want to know. So, the verifier may not want to know all this additional information but with a digital signature over an attribute set like a W three c credential, you don't really have a choice you kind of have to give the whole thing over or not your building block for what you hand to the verifier it is at the level of the credential. So you even with the W three c verifiable credential standard You'd really don't have a choice but to hand over all of the attributes at a time. So it is equivalent to him handing over your driver's license. So, so it's about, it's about the flexibility of appropriate disclosure, more than the ability to do the information hiding. And this is something that I know Daniel Hartman, who is a big proponent of this and I've been discussing quite a bit. So you can change the phrasing slightly from from zero knowledge saying, I'm not going to show you anything you don't need. If you just say another version of that is to say I'm going to give you just the information you asked for instead of anything else. So it's kind of the same thing but it changes the focus
in favor of the verifier a little bit.
I also have the use of has the option to refuse the presentation as well. So let's say that base of 35 that asked too much information, right? And the user don't like it, so the user can refuse the service of that verifier and then ask for alternative service from another provider. Hmm.
or a question in the example that you used in Utah. If someone is being if it's some sort of a taxi or a riding ride service, the ability to pick you up or drop you off somewhere, isn't it inherently
Unless you unless you always ask to be picked up two blocks from your house or two blocks from your place of work?
Yeah, that's a that's a good point. And that's, that's, that's one of my concerns about that. You know, you think about hiding your address from your Uber driver. On the one hand, it's it's a, you say here, take me home and they don't really Need any information about digital credentials to know where you live because they dropped you off or pick you up at your house, unless, as Michael said, You You, you start getting into spycraft. And, you know, always drop you off, two blocks away. On the other hand, if you are picking up somebody to take them from a shopping mall to their campus, and then ask him to verify them by say, Show me your ID, so I know you're the right person. That's a side attack. So it there is that that situation where there's kind of two, two pathways there one does leak information out in a predatory fashion. The other leaks information out because it's essential. You know, if you order a pizza, you don't agree to meet them underneath the bridge in the park at 11 o'clock. You tell them where your house is, and they bring the pizza to your house. So no matter what digital credentials are involved, that information will be He revealed the information of where your house is. So so that's where that's where I think the the value of the story that people tell about attribute based credentials and zero knowledge needs to shift a little bit more to the flexibility that they that it provides in terms of giving the verifier just the right information, rather than the knowledge hiding a kind of capabilities. I think that's a good point, Michael.
All right. I have another question, if you don't mind.
it's about revocation of credential. So in the verification process, I've noticed that the verifier needs to process the public key or the identification from the issuer of the certificate. And as he does that, he gets The information about how it's time. Now let's go with the COVID case where you sign the vials each testing, if they're correct or not, and you want to replicate them you would need to replicate that you would need to have each either have each vial have have their own certificate that signs it. Or you would need another means of lookup to see which ones were invalidated. So you need to either look up each invalidated or you have assigned for each each vial and if you do have a different certificate for each vial,
the verifier will have an identity there is a density match. So if there is is one certificate for each vial, the you can buy the identity of the certificate you can identify the same Same title, same check came more than one. So you can kind of get the identity from this. And the other approach that you have to look up this data just creates a big, you know, amount of data that you have to get the issuer has to provide for every change in their infrastructure or for every result that is, isn't there. And if it's eventually consistent, it might mean that the verifier doesn't have that data at the time when he wants to verify.
Don't lose internet connection. Hi.
Hi. Yeah, I don't think I might not catch every part of your questions.
Hello, do you hear me okay.
In life In another way, so, you see at the beginning you were talking about there we were occasion right that we vocation of the credential
Yeah. And sorry, was the question again
in order to relocate
us a certificate, yeah.
What I can see two different processes how this works, one would be to revoke the certificate itself. So the issuer says like this, this issue or this issuance is not right anymore. And the other way would be to just remove the public key.
Yes, yes. And what was your question again, do you mean which process Do you
Yeah, which process is used and if there is a public key, so both of those processes have individually issues. So if the data after application has not arrived at the very Because he's offline and he got data before that very sad It's okay. not okay. that's problematic. And if the public key is revoked, then there might be a bit identity leak or a means to track
Ah, so the public key right well like public key of the issuer well like the first right. So, if you want to create a credential first the issuer has to publish something called the credential schema, credential schema tell what he or what attribute within the credential and then issue or publish the public key of the schema to the blockchain right. And then using that schema and that public key issuer can issue several credentials to several users. So if the issuer the issuer revoke that public key it mean that all credential or user are we becoming At the same time,
so you cannot revoke public key of the issuer.
Right. So the method that we use is that when you issue a new credential, we publish a proof of the credential to our blockchain. And they verify fire in addition to getting the public key to check the validity. The verifier can also check whether the credential has been revoked or not in our blockchain, does that answer your question?
Not quite. I have to rethink that and we are out of time. So I will I will try to get into that. Okay.
All right. Okay. Eric. Shall I continue?
Yeah, it looks like we're kind of at the end of nice. I'm sorry that my internet connection keeps is starting to drop now. So we're kind of at at the end But I'm happy to to to let people if people still have conversation or questions and would like to continue talking, I'm certainly happy. To to, to let that let that go on Balazs is that any problem?
Or you know, I think
or is Balazs gone. I think Balazs is off as well.
yeah, I'm happy to keep the channel open if people are interested in chatting and asking questions about how this technology works. Certainly, so unless there's any objections, feel free to keep it open. And I do want to thank everybody for coming. I was a little bit late call today because I think everybody is is is very, very busy with the COVID response. And ditch did Sherry Did you get a chance to say something about Taiwan I'd like we we'd love to hear A little bit about what Taiwan is doing. And then we can kind of get back to credentials.
Yes. Hi. So Hi everyone. So I'm Cherie from from Taiwan. It's the first time I'm joined this meeting, so I can quickly show you what we have done in Taiwan.
here's the deck about the HPP. We developed for the COVID-19. And the link is also also mentioned in the documents. So you can look at the document later. And let me quickly describe about the AYP. So for now, so I know a lot of city has spin lockdown or many people is doing the home current thing, but for the people who are doing the home currently, they have no no tool to help them to create to a record Their their status or record date your symptom. So the people are they might be panic or they might might feel lonely that if I'm doing right so, so, it would build an ape for the people who is going who is doing the home currency and the ape can lead people to record their record your status like you can it has every day that my temperature Do I have some synchrotron or you want to take a picture like I go outside I took a taxi you can took a picture about the license and also for the for the government side. So if the people they take when when when there is nothing they can share that they have to the government and the government can view the record of the people and end the data will be delayed after 70 to 72 hours. And also we may some some countdown table to like the to encourage people to using beast ape and to stay at home and record and record their status. And also after the voting days we will get get a word virtual Baba t as a reward.
And we will also
count tag some, maybe some, some stores some sound, drink store or restaurant that if we can get the real truth to power. So the people you might get using the virtual poverty you can maybe in exchange to a real property for reward. And the projects for is, is developed by my data Taiwan and some community in Taiwan is a number nonprofit and open source. And we already released our alpha version alpha version for Android eight. We are now upload a launch in the Google Play Store. And we will be we will release the iOS version in next week. So here's our project.
That's fantastic. So this is this is going live in Taiwan. Yeah.
So I know it's a very short time because I'm just jumping the jumping the meeting so I'm ready quickly to describe it. But if you have any question you can ask me or you can contact me.
Fantastic. And there is a link to the to the presentation then in the agenda paper there.
Yes. So I think in the doc in the document here, so you can you can find it that mean deliver things.
Perfect, fantastic. And I know Taiwan has had a particularly a strong amount of protection. One of the communities that's managed to keep the caseload really really pretty low. So
yes, because we are just like I said so people in Taiwan, they are very willing to do the home currency. So they are very willing to stay at home and not going out. So we just want to build an app to help with the people who choose to stay at home by themselves and make make them they've failed. What they're doing is good and is helping helping the government and helping to save more more life.
are very much appreciate having the opportunity to see what what Taiwan is doing there. Does anybody have any any other questions about COVID or, and then or about the credentials
I'm always I'm always happy I'm I know we're over the time here but if people are interested in Some of the stuff is as long as people want to keep talking and ask questions. I'm happy to keep that channel open because that that at the end of the day, that's that's what is most important. But
okay, I think, I think i
think i think that's, that's great for COVID for the Taiwan response. And then I think archy you had some you you and and when we're still discussing something Nope. Okay.
I yeah, I put my email into the chat box. So I
apologize that I didn't answer your question properly. We can discuss further via email. Okay.
if there's anything There's no questions we can we should go ahead and wrap this up. And I want to thank everybody for for attending this time. I know it's a little bit shorter call
with with COVID and response. I think we all do need to kind of get back to all COVID all the time.
with that then I want to wish everybody
wish everybody good luck. Stay safe, stay healthy, and I'll see everybody in about a month.
Yeah, you tumeric Okay, say bye bye about
doing this right