2nd TF-DLT Meeting 14th December 2021 Notes

Chairs: Robert Ott, Niels van Dijk, Gert De Braekeleer

Supported by: Licia Florio, Michelle Williams

Tuesday 14th December 2021, 10:30-12:30 CET

https://events.geant.org/event/1078/

Meeting recording: https://geant.box.com/s/igy4zmlyua00r4my4ejorzgvqt26ra73

Attending:

• Mikael Linden, CSC
• Alan McGibney, Munster Technological University
• Davide Vaghetti, GARR
• Dubravko Penezic, SRCE
• Gert De Braekeleer, Belnet
• Janos Mohacsi, KIFU
• Klaas Wierenga, GEANT
• Licia Florio, GEANT
• Nicolas Liampotis, GRNET
• Nicole Harris, GEANT
• Niels van Dijk, SURF
• Robert Ott, SWITCH
• Wolfgang Pempe, DFN-AAI
• Marcus Hardt
• Ivan Kanakarakis
• Guiseppi De Marco, GARR
• Leif Johannsen, SUNET
• Ellen Lerouge, KULeuven
• Jan de Caju, KULeuven

Welcome 

• Thank you to those members that have offered details of initiatives - everyone is invited to contribute here: https://docs.google.com/document/d/1hyvoR-FL4aczkZlbSpPIJL8tI1QTtSMh6w30pUjgQCc/edit?usp=sharing
  • SURF: Technical exploration Ledger-based Self Sovereign Identity https://www.surf.nl/files/2021-05/technical-exploration-surf-ledger-based-self-sovereign-identity.pdf
  • DFN: Participation in the IDunion project: https://idunion.org/?lang=en
  • episode on DID and OIDC: https://identityunlocked.auth0.com/public/49/Identity%2C-Unlocked.--bed7fada/a12b7602

  • An insight into the reasoning for and against Blockchain use with SSI. It also dips into the related field of government IDs: https://medium.com/@ckahlo/blockchain-ssi-id-d7e51d98d050

CSC: The Finnish IT Center for Science proof of concept for using SSI to managing permissions to sensitive human genomic datasets: presentation and demo

KULeuven: Wallet ID + Federated ID + SSI: presentation and demo

The demos inspired the discussion on User-centric model vs federation-centric model: will this require a seismic shift? Are we prepared for that? The demos showed how federated identity played a roll in the user-initiated process. Remarks covered:

• the risk that SSI-led personal data transfer might imply that the user becomes Data Controller (when of course that is incorrect)
• accreditation of an organisation might not be sufficient - it might still be necessary to be part of an established trust network in order to legitimately exchange data.
• A lot of relationships are not formally established - MOUs will not be sufficient
• Where there is a localised model, such as EBSI, how can countries outside the scope of those initiatives interact?
• Centralised solutions vs decentralised solutions: there is a compromise to be made regardless of the model, but the compromise will have different implications.
• User experience is vital: are we facing a future where a user is expected to make sense of a different wallet app for each context (i.e. one wallet as a user of a specific institution, another wallet for enrollment in an ERASMUS programme, and RI-specific wallets when participating in research projects).
• FAS is the EIDAS implementation in Belgium, and will sit on top of federated authentication. In Belgium there is only one organisation that is able to provide this, but does the same apply globally (i.e. one issuer per country)?

• Potentially we need to look at a model where standardisation allows a user to choose their own wallet – otherwise there is a risk that the user has multiple different wallets for the various contexts and roles they take across their career.

Next steps

• Next meeting: aim for the end of January - https://doodle.com/poll/6nin5y4nq3nw73qi?utm_source=poll&utm_medium=link
• Decision for agenda:
  • option 1: conclude milestone 4 for documentation of the EBSI diploma use case (source presentations from Duo in Netherlands, for example)
  • option 2: present initiatives that are candidates for the use cases to be taken into the Incubator.
  • Also: Niels to present the Digital Identity for Researchers initiative
• Follow up in the discussion list.