1. Cent Hosten (Metagov)

2. David Sneider

3. Balazs

4. Ryan Gill

5. Josh Tan

6. Evin McMullen (DisCO)

1. Mendes (Closer)

2. Conner Swenberg (Station)

3. Junhe Li

4. Stepan Gershuni

5. Eseoghen Mentie (DisCO)

• membership of a group
organization or working group within an organization
I worked at Developer DAO || Marketing Guild in Developer DAO

• timestamp showing start/end
start: 1647500000, end: 1647600000 (optional)

• typically involves a reference to data residing in another service
www.github.com/commit/abc123

• timestamp(s)
1647622394

• user-defined metadata: e.g. high-level descriptions of the work
“I built a smart contract that does X, Y, and Z”

• e.g. number of commits, number of deals sourced, “reputation score”?

• typically an aggregation of Atomic Contributions

1. Identify overlaps

2. Discuss PII

3. What's the MVP?

4. Rollout plans (joint white paper?)

Evin McMullen
08:42
Gm team! Thanks for inviting me to the party :)
default user avatar
Stepan Gershuni
08:50
Gm!
default user avatar
Cent
09:04
Hi Evin
default user avatar
cswenberg
10:00
Welcome all🙂
default user avatar
Joshua Tan
10:18
https://daostar.notion.site/How-does-identity-work-within-DAOs-3842497b4eaa45668fb99c308d86c552
default user avatar
Balazs
17:30
+1 in wallet design
default user avatar
Evin McMullen
18:27
Wild assumption that it’ll hold foreer
default user avatar
Evin McMullen
18:29
*forever
default user avatar
Evin McMullen
18:38
Def in our lifetimes I bet
default user avatar
Joshua Tan
19:59
I work a bit in quantum and I would be a bit more careful there 😄
default user avatar
Balazs
24:52
Thanks for having this discussion. Appreciate it. ❤️
default user avatar
David Sneider
29:57
https://www.w3.org/TR/vc-data-model/
default user avatar
Stepan Gershuni
31:30
I got a call starting rn, gotta drop. Great conversation as always! Cheers
default user avatar
Balazs
32:42
😃 epic discussion
default user avatar
Balazs
32:57
Rev registry and recovery are two pretty big topics
default user avatar
Evin McMullen
33:31
That would be SWEEEEEET
default user avatar
Evin McMullen
33:58
Shamir’s offchain recovery has been implemented by GlobalID, let’s bring it to web3 :)
default user avatar
cswenberg
39:18
This question is bolded from last session: “What data do DAOs need when they verify contributor profiles?”
default user avatar
cswenberg
39:48
I think generally we haven’t written/articulated what information we care to show when trying to understand a contributor’s web3 cv
default user avatar
Evin McMullen
39:56
^^ super helpful
default user avatar
Cent
50:41
self attested datadata from daosfrom other dao membrs (p2p)data sources from elsewhere
default user avatar
Evin McMullen
51:38
+ On-chain tx history
default user avatar
David Sneider
55:07
https://developers.ceramic.network/docs/advanced/standards/data-models/data-model-universe/
default user avatar
Evin McMullen
55:13
Anyone have a favorite schema builder?
default user avatar
Evin McMullen
55:16
Tool
default user avatar
David Sneider
55:17
^ ceramic’s data models, not sure how much these are used
default user avatar
Eseoghene Mentie
55:31
Some people use them
default user avatar
Eseoghene Mentie
55:44
And create new ones on top of them
default user avatar
Balazs
57:25
I think we need input from DAOs ;) on what exactly they need now and in the future
default user avatar
Balazs
57:33
Shall we make a survey?
default user avatar
Evin McMullen
57:45
Great idea!!
default user avatar
Evin McMullen
58:05
Our team has anecdotal info from daos about type of schemas daos need
default user avatar
Mendes
58:14
https://www.kilt.io/ - a while ago KILT was working on this, not related to DAOs though
default user avatar
Balazs
58:15
I’m happy to contribute
default user avatar
Evin McMullen
59:45
This was awesome tysm!!
default user avatar
Mendes
59:46
Thanks everyone, loved this!
default user avatar
Joshua Tan
01:00:09
https://t.me/+vJ7xsoyiz4U5MjYx

Joshua Tan
00:02
Alright, so last week we left off with a.
00:09
really interesting conversation but lots of.
00:13
Questions still tbd I think we came down on, if I remember correctly.
00:20
The most basic thing we could try to accomplish is a.
00:25
Like a basic schema around.
00:32
Around I guess either deep, but also, I think there were some notion of.
00:39
reputation or contribution in there, like a schema that sort of.
00:44
Around ID, along with other things that could satisfy or sort of.
00:52
contribute to the basic reputation use case that we kind of like kind of figuring out, so I guess, I want to figure out first off if there are maybe we could take a little bit of time to just first off review.
01:07
The existing kind of he sort of table for the research table.
01:15
And then, secondly, to.
01:22
Do just kind of review more of the use cases that we actually want to support that makes sense.
01:28
separately and I thought actually might be interesting disrupt begin with.
01:35
Talking over what's below.
01:39
brought up around personally identifiable information.
01:43
To maybe, just like.
01:47
carry over that argument, where the discussion from the telegram into this trap.
01:55
yeah is there anything else people want to discuss so roughly speaking pii.
02:02
Then the kind of use cases we want to support and then finally kind of like narrowing down what is mvp schema would be.
02:14
make sense, all right great before actually even before that I see some new faces in the mix.
02:22
But folks like to unmute themselves and quickly introduce.
user avatar
Evin McMullen
02:28
hey guys how's it going i'm Evan McMillan from the disco team here with my teammate SA sorry for being a few minutes late, we were just coming out of stand up, but super excited to join the fun and learn more about what you all are thinking about.
user avatar
Joshua Tan
02:41
awesome welcome.
user avatar
Mendes
02:44
hey Fernando amanda's from Casa team Nelson.
02:50
invited me to join us for the Grad happy to be here, I have a special interest in identity and reputation and i'm just very excited to be part of the conversation.
user avatar
Joshua Tan
03:03
very welcome.
03:07
Nick case yeah let's jump straight into it Okay, let me.
03:15
Let me share the.
03:17
This is the project Doc that we're taking all the notes in sure that.
user avatar
Unknown Speaker
03:26
And we are.
user avatar
Joshua Tan
03:29
yeah okay.
03:32
Do you want to kind of briefly bring up your proposal sort of like the the question you want to bring up from the telegram.
user avatar
Balazs
03:41
Ah yes sure.
03:43
So basically.
03:44
Can you hear me.
03:46
Okay.
03:46
Yes, so, basically, I just wanted to maybe like make sure that one thing we can like, at best, as a group, and everyone a little bit sign off is that we understand that, like.
04:01
watching are awesome, but they are extremely dangerous for storing any kind of personally identifiable information and as its.
04:11
Permanent data store, there is no way to delete it and it makes it also non GDP are compliant.
04:17
So that like kind of like sandwich the notion that we as a group don't support anything to put any personally identifiable information on chain, and we are using tooling to make sure that blockchains are used to manage data, but not personal data, but like data live somewhere else.
user avatar
Joshua Tan
04:43
Does anybody have any particular comment on this, I think I already coming into the room, so I don't want to jump in.
user avatar
David Sneider
04:55
Just.
04:55
A few kind of things to do any when you say.
04:57
storing data on blockchain it's safe to assume that you're also talking about kind of the de web stack.
05:04
we're just talking about public blockchain you're talking about public.
user avatar
Balazs
05:09
Statement i'm talking yeah so i'm talking about public blockchains permission block chains are a whole different beast these are like the public.
05:16
Right what.
user avatar
David Sneider
05:17
i'm asking about is I pfs in your definition of public blockchain here.
user avatar
Balazs
05:25
I.
05:25
Think yeah so it requires.
05:29
Good question.
05:32
i'm not a lawyer, so in my opinion, as it requires a linking to like conscious discover and I pfs note.
05:42
make you scan scan the whole if I pfs and and get all the data, you have to have an access point, so it is more of a data store, but it is public and so a little bit, yes, I would not put personal data and I pfs without like consent access mechanism.
user avatar
Joshua Tan
06:08
And our people aware of use.
06:10
Cases where personal data is being put on a public blockchain of some sort of any sort of.
06:19
Like where are like I assume, like some Downs are already doing this, but it is like just have a clear example.
user avatar
Stepan Gershuni
06:30
Think it's very tiny amount of use cases, so I don't see this as a problem, maybe i'm not just aware i'm not aware of all of them, but I think.
06:39
Most people are starting with a project could EPI in encrypted form in.
06:47
Whatever permission.
06:49
data storage solution, they prefer to use so it's mostly accidental not on purpose.
06:58
As far as I know.
user avatar
Joshua Tan
07:02
i'm like one thing I do.
07:07
Maybe this isn't like sort of like super relevant such as kind of distraction from the question we want to consider, but it does feel like one of the things you know we can we can worry about like.
07:20
These kinds of accidental cases where pii or things that can like allow you to D anonymize somebody should be tracked and maybe like to some degree, prevented.
07:33
i'm not sure that's something that we can make much kind of.
07:38
Progress on or contribute to, as opposed to like I mean they're not like this kind of an optimization is like super hard I be able to protect.
07:46
and actually I think it's like definitional impossible coming from like the normal Davis world it's like if you have like if you can integrate enough data sets, none of which are you know, designed to be like contain pii you can oftentimes you know figure out who somebody is like.
08:03
Just through certainly entity resolution and through data science so it's just really hard to protect that, but it does feel like that's something that somebody should be thinking about in this in this ecosystem right yeah I mean.
user avatar
David Sneider
08:18
i'll just offer one lens this and some of the input flickers and totally open to attack thicknesses as it go, but I guess the current way that i'm thinking about this is that.
08:28
Is that.
08:30
On the blockchain The thing that gets stored is like a credential and anything that's like pii gets stored on the web stack so things like ceramic.
08:41
And I pfs and can be encrypted and kept private there and then there's a class of pii which is super sensitive pii like a social security number.
08:51
which should probably be stored in someplace centralized and then referenced in that table or of user data that says.
09:00
Oh, this is stored over on that super secure centralized server specifically for this like super high value stuff like a ssn, for example, and that's that's the mental model that I have around pii so encrypted on the D web stack with a set of that data referenced and stored on.
09:21
centralized private server.
user avatar
Mendes
09:25
For this work I less yeah to implement sort of a credential wallet for a quasi providing they had a list of requirements that were required by law.
09:37
The solution that they had was you can only whatever it is, you can only put hashes as they've been you know the value has been coordinated with a nonce.
09:48
And all of the information needs to be on centralized service anything that is pii particularly sensitive so like passport numbers and things like that you've been needs and it's a verb needs to be on centralized servers with.
10:00
Knowing this whole infrastructure rotating keys and things like that, but anything out of that can only come through the form and patches so you have that logical barrier, they need to implement.
user avatar
Evin McMullen
10:15
I think, fundamentally, the.
10:17
sort of the crux of you know what we started with like no plain text pii on public chains.
10:24
I think like that is still a controversial take that I certainly get a lot of flack for, and so, you know as we like publicizes definition, I think that, like core.
10:37
Core sort of note or assumption is something that is worth I don't know solidifying sharing with everybody getting in a form that you know that is like memorable that we can get people around and then.
10:49
You know, with greater detail, David as as you were noting.
10:52
You know more nuance around the like subtypes of pii, but I think just generally like one of the biggest barriers for this discussion, overall, is that at least that i've seen is that a lot of folks can't get past like, but why can't we put the plain text pii on chain.
user avatar
Joshua Tan
11:13
So.
user avatar
Stepan Gershuni
11:14
that's actually interesting so uh I think yeah I think like it has to be encrypted and there's no other way around it, the problem is encrypted data standpoint.
11:25
photography might be broken and data from blockchain one be removed, so you will be able to decrypt it but who knows when maybe in one year, maybe 20 or 200.
11:38
Depending on the map, but actually I don't agree with the notion that centralized server is more secure.
11:45
than something like I pfs a ceramic because there's actually more people so in decentralized network, if you use your own kitchen fit UPI and the storage on ceramic are useless protocol.
11:57
At least, you have the ability to this you're the only person pest control over her that key and that's the truly permissions.
12:08
justice system in centralized server there's always a company, with all its employees and security policies.
12:15
And so centralized service service for P, is probably something that lawyers would love to see more, but essentially from security standpoint, it is weaker than you are using your private key from a tree mountain and quitting and starting it's on on on I pfs and that's.
12:37
that'll be a big problem between.
12:40
compliance and.
12:43
engineering and legal and also that that will be different, depending on the jurisdiction, so in your us other.
12:52
jurisdictions that have different view of this topic.
user avatar
David Sneider
12:57
I think that was.
12:57
That was eloquently presented, the only thing.
13:00
Just to based on the model that I presented earlier just because it's stored on a centralized server doesn't mean that it's not encrypted client side so it's literally more about the discover ability and kind of like this.
13:11
quantum resistant world that we were talking about, so the data could still be encrypted client side and control with the public key, but the benefit of using the centralized server here is that it can't be crawled.
13:23
Rather than trusting a centralized party to do the key management so like.
13:27
Big thumbs up double thumbs up on the client side encryption side but that's where that at least in the model that I talked about earlier it's around the discover ability piece for doing it centralized rather than having another party involved from a key management perspective.
user avatar
Eseoghene Mentie
13:45
I want to dig a little deeper into your what you were thinking about David when he said yeah on Central server is that something credential on chain on key like give.
13:58
More new instance of that because i'm not fully sure I understand why the potential should be launching what you're thinking.
14:05
yeah we can be changed.
user avatar
David Sneider
14:08
I mean.
14:09
or like on chain is just an easy place to because we have.
14:14
Because on train is very smart contract platforms are so it's just like a really good place to be able to have like programmable credentials really any place that's like a public state machine is a good place to store credential it just so happens that.
14:26
You can program a credential on a smart contract platform which which today or just block chains.
14:34
So that would be the rationale for having the credential beyond chain, because he then you can do all kinds of sophisticated things around the issuing of that credential in the context of.
14:46
of applications.
user avatar
Eseoghene Mentie
14:50
But there's there's, also the case of the credential is part of my reputation and who, I am.
14:55
And there is a path that I may no one's ever going to be able to publish to see some of.
15:00
My credentials for whatever reasons, I want to hide it.
user avatar
David Sneider
15:03
I think.
user avatar
Eseoghene Mentie
15:04
So basically see.
15:05
goes in there as well, apart from my regular name ssn passport number I credential is also part of of what I didn't fight, and I might want to like hide some things.
user avatar
David Sneider
15:17
and totally.
15:18
I think we're talking about different definitions of.
15:20
credential so what i'm talking about specifically is like a credential that says person has reputation and then what that reputation is is is three stars or five stars that then the data associated with the that representation is like stored on an encrypted on I pfs.
user avatar
Eseoghene Mentie
15:38
Okay, so it's basically a claim that you are seeing.
user avatar
David Sneider
15:41
A claim or an identifier.
15:43
yeah that kind of credential correct.
15:45
i'm thinking about it.
user avatar
Joshua Tan
15:53
So.
15:55
Just good go back to something that have been said earlier i'm.
16:00
Know plain text API on probably chains Is this a controversial sort of claim.
user avatar
Evin McMullen
16:13
Go on Twitter and you'll hear a different answer, but I feel like i'm in a safe space because i'm hearing silence here.
user avatar
Joshua Tan
16:18
Okay yeah it seems here for the people.
16:22
I mean, obviously, like biased and sort of like specialized people I don't think it's that controversial This is like, not a good idea right.
16:30
Okay, I think we are all agreed that this is probably a bad idea, and probably will whether or not we want like included in the standard it's definitely like not something we would want it so that's something we want to encourage.
16:45
Okay, that is helpful agreement that's what we're trying to get consensus.
16:50
So we can cross that off the use case i've written down crazy people who want to post plain text guy and public changes just cross that off as a use case we want to support.
17:01
Now.
17:03
Okay.
17:04
that's it, I think this conversation like really lead into some really good.
17:09
discussion around different kinds of use cases that people brought up.
17:13
Obviously, things like kyc but also you know this idea of like a what is it.
17:20
different kinds of high value storage, the different kinds of data that would be let's say like we will want to be like stored off chain in some sorts and try server and then reference to work on chain credential.
17:33
But I guess, I was trying to figure out first off is on.
17:38
Now the schema first off, maybe, just like clarify, we can think a little bit about this.
17:46
We listed a bunch of use cases that we can generically want to support, so this idea of like a web three CD from the person who's like creating one a web three CV for like down trying to hire somebody.
18:02
The idea of like onboarding new contributors, particularly from web two.
18:07
and obviously kyc which is going to deal with the most sensitive kinds of information.
18:12
So.
18:16
One question here is to ask like what kind of sensitive information will know occur in this web three CD that.
18:25
And where's that information, going to be stored and the second thing I guess the point out is that, right now, at least, and we don't have to.
18:34
I guess like this, this group of people needs to make this decision about like what the standards are currently, like the other down standards was really focused on standardizing off chain schemas right.
18:44
And if we you know we're directly accessing that that we will be in substance constrained to say like these are the options were definitions and not make any claims about on chain which obviously also makes things easier for us.
18:58
But depends on how important you think it is to verify certain use cases around like that involve like on chain credentialing.
user avatar
Stepan Gershuni
19:08
I think it's quite safe to say that we want to focus on off chain credentials, because you can always So if you have co OPS that rapport and if these or whatever, that represents your skills or or your transactions that you made with exchange for your like it said meal before.
19:30
Right I decide for them, so you can always create a an off chain verifiable financial power to it.
19:38
And then, once you have an identity is verifiable credentials, if you want to have a badge or a nice enough to or something that you want to showcase publicly, you can always mean in any field.
19:50
So there's always been this way and the interoperability, I mean South interoperability about this possibility software transfer, but for any.
20:01
Sophisticated enough identity system, you need for change part and that's probably where majority of data will be stored just because of economic security and economic business.
20:13
entity is something that evolves over time.
20:18
getting more credentials for different types of your financial Milky Way cml type of credentials professional credentials on everything you do that three four REPS and the space on chain is limited and expensive and that's always be the case because.
20:38
you'll probably blockchains cannot work if they are free to read and write and.
20:43
They also work quite bad once.
20:47
Once they become to be so so so it might not change incentivize people to minimize data that is stored on chain social the caches or.
20:55
Something very critical where you need to discover spend four.
21:01
or for its financial transaction, so it has value so Senator cessation can happen off chain and also end another problem is there's multiple blockchain So if you if we do something for interior.
21:16
architecture that might not for probably wouldn't work for post most adults salon for 10 years.
21:27
So yeah so so it's it seems like, for me it seems like a safe safe choice to say to me.
user avatar
Evin McMullen
21:39
I would add another credential to that list if we're talking about things like TAO resumes I would add a credential of membership in good standing.
21:48
Because the context of your contributions are also relevant to your sort of overarching relationship with that entity.
21:54
And that also might help with permission like first you get the membership credential and then that permits your sort of sets you up to then receive.
22:01
credentials that are kind of subsets of participating in that given activity, I would lean off chain in that i'm sure you all are seeing an abundance of.
22:12
You know Dow resume type platforms and they're all pulling from the same on chain data just you know arranging it in different different kinds of Nice interfaces.
22:19
That seems like a kind of you know choice that can be.
22:23
tied to know integrated later, based on what others are doing, but because we know that, overall, and if he's tend to give us a pretty weak assurance around there around their folders it doesn't seem like a really strong basis to start building this.
user avatar
David Sneider
22:37
I think the.
22:38
The the lens of thinking about this in the context of a verifiable credential which is like you know establish wc three standard is basically.
22:47
Thinking about, though, like, and this is why I use the word credential earlier, whereby the holder is issued the credential as some on chain data and then you know in this model and i'll drop the verifiable credential data model into the chat here.
23:03
In this model there's also the verifiable data registry that you wear when somebody wants to validate the credential is this somebody in good standing that there's a place to check against and so like.
23:12
The credential that is it to my mind, the credential, that is, if you to the user is something that is on chain, and then the registry that you verify against is is the offline data.
23:23
That is associated with with the user there.
user avatar
Evin McMullen
23:26
So just sort of an I guess this kind of getting back to essays question earlier like, why does that credential need to be on chain.
23:32
Like we can you know we can hold it off chain like if there isn't you know, an explicit reason for it to be leveraged inside of an APP if we're not doing you know fancy programmatic issuance around D Phi stuff is there some other.
23:46
Non proximity to smart contract platform related reason for it to be unchained or do we not really need that availability.
user avatar
David Sneider
23:54
Now, I think it totally could be off kane I think that the benefit of being of it being on pain is just making it more pop it basically gives the issue or more power power right, so they could do.
24:06
do things like revoking it and or things of that nature of like somebody is no longer in good standing.
24:10
You could revoke that credential if it's on chain, because, like the issuer is essentially a smart contract, so I think it's more around, just like the capacity that unfolds by having that that at the station or and i'm not talking about the full data of the credential just like I.
user avatar
Unknown Speaker
24:24
didn't.
user avatar
David Sneider
24:26
Like the only reason I bias towards putting that on chain is just.
24:29
To use the power of smart contracts, I think there's that's a totally rational take that it doesn't have to be be there, but but to my mind, the capacity that that gives the issuer is significant.
user avatar
Evin McMullen
24:44
that's that's true, I think I worry sometimes about ensuring that we give similar capacity to the subject.
24:49
And that we you know prioritize the sort of informed consent of the subject over that expression, so that they have the ability to.
24:58
You know self revoke should they showed so choose to not watch a presented to given context.
25:03
And you know not to open another can of worms perhaps a conversation later, but.
25:06
i've gotten i've like run into a brick ball with our friends at Ave on lens protocol when it comes to revocation registries.
25:13
Like answer that I got is no revocations registries don't work don't revoke anything ever just have expiring credentials, that you have to re re issue on a regular basis we you know, are going to mess with that, so I think.
25:24
That is another obviously area for for us to discuss is like the recommend that our recommendations around how to manage a revocation registry obviously know that's a big can of worms, but we can handle that later.
user avatar
Mendes
25:37
Just to.
25:38
Add to that I 100% of the agree with the idea of a central revocation registry and because.
25:43
It gives you the power to have stuff like.
25:47
Simpler on chain, but without because, for the user of publishing their credentials or things like that.
25:54
There is one pretty strong argument for not having self expiring credentials, with a timestamp which is sometimes it might be required by law, someone.
26:03
i'm talking about specifically security providers having to revoke niche would credential because of whatever reason, and they if you have soft expiring credentials, we just can't do that, so you need a revocation registry, unless it is already on changing that and just revoked there.
user avatar
David Sneider
26:21
I would be, I think the revocation registry is.
26:24
Such an important thing, and I would love that to be part of the standard that we produce here.
26:30
And can totally see that that being something that's totally off chain and whereby revocation is signed by the wallet that has been issued the credential.
26:38
And then, when you want to if you're like somebody applying to your down when you want to go do the check.
26:43
you're both checking the verifiable data registry, as well as the revocation registry and like what you it's like the you only get a pass on that given credential if, like you return if it returns yes verified and also yes not revoked.
user avatar
Joshua Tan
27:01
With the.
27:02
what's the governance of this verification, which we see.
27:06
How.
user avatar
Evin McMullen
27:06
it's just where.
27:09
it's a one usually it's just the issuer right who gets to govern the revocation registry pertaining to the credentials that they have issued.
user avatar
Unknown Speaker
27:16
yeah.
user avatar
Joshua Tan
27:18
Okay.
user avatar
David Sneider
27:18
Oh, I thought you were talking about the the individual.
user avatar
Evin McMullen
27:23
Who is receiving incremental so individuals receiving the credentials when stored off pain obviously have no registry to mess with because it's sort of a personal.
27:32
dissociation the issuer is you know not part of that, like client side choice in the part of user however registries I think best suited for when the issue or wants to be able to revoke those capabilities.
user avatar
David Sneider
27:46
Go on track and thanks for that.
user avatar
Unknown Speaker
27:49
I see.
user avatar
Joshua Tan
27:51
So that the entire point was to give the user some power, but if the registry is already being used by the issue.
user avatar
Evin McMullen
27:58
So for so let's say you know disco issues, an employment credential to me.
28:05
And then I I don't know commit horrible crimes and I get fired by disco and so then disco can revoke the employment credential issue to me.
28:14
Now let's say I have a disco employment credential but then I don't know the disco team commits war crimes and I don't want to tell anybody that i'm part of their team anymore I can't personally choose to.
28:26
to delete remove or not disclose the verifiable credential testing to my employment because, when it is off chain, it is entirely you know, under my consent to publicize yes every level of granularity I want.
user avatar
Eseoghene Mentie
28:39
mm hmm yeah and that's what that's that's an exit simple example where I was describing about credentials and like when they're on chain public you the English subject is taken away from them.
28:53
To be able to.
28:56
protect their rights.
user avatar
Mendes
28:58
i've worked with kind of two concepts and those which are implicit reputations basically if you've never put it on training, if you just kept your credential off chain.
29:07
And nobody has it.
29:09
If you somehow lose it and just keep it to yourself it's revoked you're not going to share it it's implicitly revoked because it eventually disappears from the world since.
29:18
The truth is you're the only person who knows it and you're just giving it away explicit would be either one of the two signing keys I would be issuer or the the other one.
29:28
The receiver doing it, the problem is that this usually increase costs so there's a bit of a barrier area either do that on chain and to have a smart contract.
29:41
revocation registry, or you do that with an open conventional as distributed storage or even centralized if that's a legal requirement, I personally prefer to keep everything that centralized away.
29:55
From these discussions.
user avatar
Joshua Tan
30:03
So what's the best way of summarizing This, it seems like there's like enough consensus that you know some notion of revocation should be.
30:12
mentioned or is worth mentioning, even if we don't necessarily.
30:17
I think there, it seems like also there's like lots of different underlying decisions about how to set up such registries.
30:27
And perhaps yeah, I guess, we need, we need to okay let's just like mark this off as a kind of a separate discussion topic.
user avatar
Evin McMullen
30:34
I think you should have like a separate discussion about revocation and I think it would be great for us to discuss issue or revocation subject rubber hundred association.
30:46
and
30:48
You know sort of in both contexts, like what does that look like.
30:53
In like a public setting for public data and what does that look like for private data so like i've heard about revocation registries that are semi centralized for certain contexts.
31:03
Obviously we've got our own chain registries but those have you know class with lexi, but I think that would be worthwhile maybe.
31:09
diving into some of like the narrower subsets there and because, if we had opinions on like what an entre revocation register would look like, but that would be so sick.
user avatar
Joshua Tan
31:18
yeah.
31:20
Just like understanding, I think this classification categories, they should be already just super useful, at least for me, but you have your interest.
user avatar
Balazs
31:32
Yes, sorry just looking for them.
user avatar
Unknown Speaker
31:35
So.
user avatar
Balazs
31:37
Yes, and.
31:40
So.
31:42
We went away a little bit about what exactly we are trying to solve again to the how we are solving the problem we don't know completely.
31:52
And I would like, if we could like go back a little bit and like agree on what the problem we're solving and not talking about technologies that solve problems in general.
32:04
Because that's usually how the conversations and standard people love to talk, but I just want to go back a little bit and and keep the.
32:16
Keep the focus on what we are trying to solve and then have alignment there and then look for technologies and and then saying.
32:23
As we all have a preferred way of doing things and, yes, agreeing on certain standards are great but also not everyone uses basis in this group until like having the problem and then looking for solutions would be great just like my two cents.
32:40
But I agree, of course, what you said that it would be great to agree on what a revocation standard the blockchain could look like, but i'm not sure we are there yet with that focus.
user avatar
David Sneider
32:52
yeah and then I guess just to kind of dovetail on that and I appreciate that.
32:55
In the context of.
32:57
Defining the problem space, and I think one other thing to kind of add to that in.
33:03
The notion of a design lens, especially as it relates to like our like on train indicators or credentials versus octane is just thinking about like.
33:16
Is our intent here, as this group to design the thing that is the shining city on top of the Hill in the context of standards.
33:25
Or how much of this is to look at the way that people are leveraging some of these underlying technologies today and then make the thing that is like kind of.
33:34
A closer fit to the market in the context of the way that people have.
33:40
You know, without a standard have already started thinking about registries and I think that lens can also start to inform maybe what goes on came first saw cane, but maybe it's just the fact that, like people haven't seen a better way yet, but just another point.
user avatar
Joshua Tan
33:58
So I think first off I am trying to facilitate this, I would encourage you to guys decide between one or the other, however.
34:07
Certainly the others for standards kind of working group really took the latter approach intent was not innovate on like this, is the shining example of what a doubt should be.
34:16
But, just like look at all the existing market standards sort of market practices of like basically all the people in the room, so we had all this word now frameworks there and just said, like what is the minimal thing.
34:27
that we can all agree on that, and that we would all find useful and be willing to kind of adopt right and I was sort of like kind of emphasize adoption here, because ultimately.
34:36
This is going to get adopted by ideally people here, but also, like other people in the industry and you this sort of thing very good sort of carefully about like.
34:45
How easy is this does this make sense is like the sort of like the use case worth it in some sense, otherwise you know we have these great conversations and like I think they are amazing but also you know.
34:59
What we all be reduced doesn't get used in that kind of goes seems pointless.
user avatar
Evin McMullen
35:06
I think.
35:06
Like striking for kind of a middle path here will be useful because, like we need to deliver us from NF t's.
35:13
And we, you know it's also in feasible for us to recommend primitives for which there is not available tooling for the basic activities that need.
35:20
So you know I think he was Connor dropped a great you know note in here around the question what data do doubt need when verifying contributor profiles.
35:29
So maybe if we kind of dig into that question, I think that will lead us to the set of solutions sort of in the middle, there was that we can articulate you know what is the information that exists today that is relevant and necessary.
35:42
And then we can kind of get into like what are the methods of being able to capture and relay that.
user avatar
Joshua Tan
35:54
Okay um I am happy to just delve into like because obviously we're kind of like expanding and expanding expanding like different use cases different examples, but maybe it would be helpful to sort of.
36:06
narrow down just focus on this specific use case which is extremely common and germane to Dallas which is once again still The focus here.
36:15
Are people here without focusing on those are like the let's say not quite hiring, I guess, but just like.
36:22
Some sort of idea of like verifying like what a contributor says about themselves right and, of course, like contributors being would demonstrate some list of things, so they can take up themselves.
36:34
All right, excellent.
36:36
So we're going to ask for focus on that.
36:39
So I mean what is the question here what what data do does need is it just a list of credentials in.
36:47
What format.
36:50
and
36:52
Should we just like I think it's like there's a credential object right, we just need to define us for parameters of that object and then there's a list of them that gets attached to.
37:01
Like every Member object and then it's like the most straightforward possible thing like is that really is I basically just what we needed to define for this.
37:09
And what other considerations to be I mean Clearly there are for any use case I just want to bring up.
37:15
is like the use cases we talked earlier from like that was trying to hire to onboarding new contributors to kyc they are all like different ways we use at indy.
37:24
But the things we just talked about a little bit earlier like issue a revocation subject association a credential recovery, these are all these artists with you know things that will apply to every version of these use cases right.
user avatar
David Sneider
37:44
I mean in terms of additions to that prompt okay like wow I guess in terms of like.
37:50
Eliminating things that we need to design, for I think in the initial thing that we're thinking about like I think.
37:57
We don't really have to think about privacy right now in terms of designing that initial flow like.
38:02
I think we can think about privacy in almost like an aftermarket context, like at the end of the day, you can whatever that data is you can encrypt it and get a key provisions in one way or another.
38:12
Whether it's through like identity based encryption or end to end encryption.
38:15
So if they just in the in like when we do publish the standard we should have some recommendations about encryption and privacy, but I don't think that this is there's like enough to do here without having a standard around that.
user avatar
Joshua Tan
38:32
I would tend to agree, but.
38:34
There are people who care more about privacy Jimmy was supposed to be responsible for making sure we care about privacy in this set of conversations so just once again i'll just remind people if we don't somehow address all the privacy concerns to blame Jimmy for this.
user avatar
David Sneider
38:51
But I am mega concerned about privacy, but thing that I work on it and encryption network.
38:57
But I just think that, like in thinking about how we designed this like it's like let's say you have a field for a down members name and then you would just have a duplicate field that's called is called down numbers name private that you just have.
39:13
Some encryption methodology associated to so.
39:16
that's what I think about that's why I was kind of saying we could like think about an aftermarket perspective literally, whatever the standard is, we could like copy and paste it and append the adjective private.
39:24
And then just have the encryption applied to that side so like the standard is more fundamental than what parts of the standard you layer some encryption on to.
user avatar
Evin McMullen
39:37
down for that.
39:38
Especially as we get into like you know predicate disclosure, the ability to interrogate those individual fields and stuff I think the sort of kinds of like.
39:48
The kinds of data on that contributor profile is probably like I think I would I would love to discuss like specifically what that data is where it comes from and who's issuing it, I think, within a Dell context, obviously, you can receive credentials from the Dow itself.
40:06
You can receive credentials from other parties other individuals within the Dow we see this as slashdot tips in communities, like, I know you that are leveraging discord and then we have, like other we have you know what are these other credentials signals that might be relevant.
40:24
And I think that category, can be broader because you know when a Dow is validating or verifying a contributor profile that profile may have accrued reputation that's relevant to the data that came from outside.
40:35
Or, I mean is that is that something we agree on like that, when verifying a doubt contributor profile that the data should should be sourced from or can be source from multiple parties, or is this the Dow contributor profile.
40:49
who's credentials are sourced entirely from the interrogating doubt.
user avatar
Mendes
40:56
I think that it.
40:58
should be, it should be coming from multitude of sources, so you have as an example for someone who's doing development, you have.
41:06
someone like to have the issue some type of credentials you'll burn fat and or you can have a third party that verifies the.
41:14
github work that someone has done and uses that and put that in the form of a credential to give you some sort of cloud to.
41:21
build your contribution profile so that comes from within pilot doesn't come from the data itself doesn't come necessarily from the contributed itself, but you want this to be coming across your reputation.
41:37
And the sentence you the way that we're thinking is apropos says that you don't really need to have.
41:45
it's not up to us to decide where this comes from it's up to the down, so it should be flexible enough that down stands of.
41:54
This person has a lot of contributions we care about that and that's kind of like that's what's going to give them a lot of cloud, but a completely different don't won't care about and if it's a more of a social dal but.
42:07
doesn't have anything to do with development, they should prompt other things in that might could even be just the fact that they sent a message on this code every single day because it proves that they're active and.
42:18
Some details might get a sense of that so it's kind of a broad field and any solution that we came up with needs to be flexible enough to tackle these and the sources i'm not always the download issue or they might also be fun parties.
user avatar
Evin McMullen
42:33
cool, so what i'm hearing here is that we have.
42:35
For sources of the data that you know dow's need to verify contributor profiles there's self attested data there's data that is from the data itself.
42:45
there's data that's from other down members peer to peer and then there's data sources elsewhere outside and that can include other data other Apps other contacts does that seem comprehensive is there, another category that i'm missing.
user avatar
Conner
43:02
I.
43:04
Do this sorry there's a bit of a big.
43:07
bubble, I like to break that down, maybe it.
43:08
doesn't work but.
user avatar
Joshua Tan
43:15
Sorry i'm just I didn't quite hear, but the last two categories, where data from other dells.
43:20
And data from arbitrary other sources that the.
user avatar
Evin McMullen
43:22
yeah so you know you've got the data that you would test so self attested data what you say about yourself.
43:27
You have TAO attested data, so what the Dow says about you, as a member.
43:32
And then you've got peer to peer credentials from other individuals in the Dow so like this is like the membership credential versus a tip for doing the newsletter because he did an awesome job and then fourth is like all of the rest of the data from the universe.
user avatar
Joshua Tan
43:48
What do we wanted to sort of distinguish between like sources are coming from on train versus sources coming from octane.
user avatar
Evin McMullen
43:54
I feel like you could source, both on and off chain for any one of these categories.
user avatar
Unknown Speaker
43:59
huh.
user avatar
Joshua Tan
44:03
yeah fair enough.
44:05
i'm.
user avatar
Balazs
44:07
Sorry just maybe like one.
44:08
semi like.
44:10
I would, maybe like create like blockchain data like like really like historical transaction data as there will be TAO is that are really want to know or or maybe not the devil, but like.
44:23
cauterize lender and that will create some kind of an information source and like I know it falls into the outside source data, but I think in the context of we are looking at on the block chain solutions, it might be slightly separate category.
44:41
i'm not forcing it i'm just saying that, like, I think this is given the nature of the industry might be a good fifth category, which is slightly parts of the fourth, but there will be really project that only look at history.
user avatar
Evin McMullen
44:56
that's a great point so on chain history as in like you know transaction history meaningfully different than crypto assets that are given.
45:07
From one party to another that contain you know data reputational data, so I would look at the transaction history as like you know what are the swaps that you've performed versus what nfc is have you received.
user avatar
Joshua Tan
45:27
hmm.
45:29
I mean, so this one account.
45:33
So Okay, if I have some sort of like token my wallet this would be count this would be currently data from like imagine it's like like the dow's native token would that be used for data from the data itself.
user avatar
Evin McMullen
45:51
yeah.
user avatar
Joshua Tan
45:52
Okay, so, then I have a transaction history, involving token where I trade other tokens for that and bobo and that will be just on train history, but not data from the data itself.
46:02
Correct okay.
user avatar
Evin McMullen
46:04
Data from the data itself was originated with the canonical signers of the Dow.
46:10
and on chain transaction history is activities that are incited by you as an independent party.
user avatar
Joshua Tan
46:17
Okay.
46:19
Even though, like the events are generated from like the contracts, like the dollar contract.
user avatar
Evin McMullen
46:25
um I would think of like the i'm thinking about these categories of data in terms of their source.
46:33
So what party was the impetus for the creation of this data.
46:37
So there's.
46:38
You know sort of self originated data I guess.
46:43
We could parse that into like programmatic versus event based or like not event based like ad hoc or something for now.
user avatar
Joshua Tan
46:53
yeah I think I get what you're saying.
46:55
it's like the immediate source of the other station.
46:58
i'm coming from like the whole chain, or is it just coming from like the Dow is kind of like causal impetus for the state of being sort of like yeah.
47:07
Okay that's actually a good distinction to make in general.
47:15
Okay, this is where we are getting somewhere here.
47:20
So, in the last five or six minutes, I want to try to end these things on time, in order to encourage people to come back.
47:29
The.
47:31
So.
47:33
Maybe it would make sense if people have like some sort of like you know existing like schema that they already use.
47:43
If those are public anywhere and people just want to drop them the track that could be really useful.
47:49
And I or somebody else can sort of take a look at them and, just like do a little bit of homework and legwork to kind of like the symbol.
47:56
and integrate that data, and we can sort of like I just find it helpful as we start talking about data models to actually just have something like on the canvas on the sheet of paper.
48:05
So we're not just like looking blankly and like talking to each other and then like a everything gets lost in translation.
48:11
One exercise that was really helpful.
48:15
In the previous working group is that we just like at some point sorghum and I built a data model like an actual like.
48:22
You know, like a database model your diagram for this and that might be useful perfect ceramics in one I will take a look at them.
48:32
As words were like solidifying and I just want to encourage people, and I think I mentioned last week.
48:37
But if we are talking about things that seemed like very relevant and you think there's like somebody who could be really relevant to that.
48:43
Please like speaker and say like this person like I love that sort of have this person's perspective of the table like we did that for the last word like we brought in folks from tenderly because we were.
48:53
Talking about like proposal simulation and similarly here like you know, like if ceramic is like a really big sort of part of us, then I mean they're already already in the round table, and we can just like bring them on lauren.
49:06
I think it's thought right yeah.
49:09
But yeah and in terms of.
49:14
I would just encourage people to go through the current working document and just like.
49:19
edit and you know fill in some of the tables like.
49:23
As you're trying to like understand words for think about like this particular topic.
49:29
Just like dump stuff into the into the document and let's try to like organize our thoughts collectively, so that we can sort of like make effective progress.
49:41
But seems like the next step is let's keep I think we've refined down to like a record use case we have some basic ideas and how to support that.
49:50
It seems like we have ideas about sources of data I like to sort of like it seems like we're still missing like concrete kinds of data, like categories of data from as like this kind of credential or like to me it's it still feels like a little bit abstract.
50:13
what's.
50:15
Actually, you know what like just focus on one thing.
50:17
it'd be really nice to have examples of credentials from a variety different sort of like systems.
50:25
Those credentials that you guys are submitting credentials that are being used in different hours and yeah we can get input from different actually yeah you know I can reach out to a view right now.
50:38
to figure out how they're approaching this potentially where this like contributor kind of management system.
50:44
And, just like have concrete examples of here are like json objects, where he is for records, and this is how they're stored, and this is how like they actually like you know structured.
50:56
yeah we can make a survey, for this is when we will volunteer to help.
user avatar
Conner
51:02
Actually kind of already started doing that, at the bottom of the current doctrine.
51:07
I just heard, done a bunch of random stuff on but i'd love to just keep refining more of like the product level of how people reason about the various data that they like to show, regardless of how it's stored where it's stored created, etc.
51:21
yeah the basic thing i've seen is just like group relations, I work within this group of people on the Internet and, like this is tangibly what produced are the two main categories i've seen most dominant.
51:32
But there's obviously a lot more, but generally it's a group relation like atomic self then.
51:37
A third one, I have at the bottom over at warner's just general metrics people like to aggregate the atomic contributions to some number of like i've done X commits why deal source, some people like a reputation score.
51:51
that's you maybe not but yeah so there's more, but people can add I can refine this into a better document.
user avatar
Joshua Tan
51:57
awesome yeah what's up in that case it's Chris frank it's the first time.
user avatar
Conner
52:03
Connie so.
user avatar
Joshua Tan
52:06
yeah it's always hard when people have the name tags on zoom.
52:10
But the.
52:12
Maybe.
52:13
You myself, and I think blonde she volunteered.
52:18
Maybe we could set like a quick meeting sometime between now and the next sort of like for meeting and just figure out like what distribution look like and then we'll actually have a chance to review it next Friday and then send it out to a bunch of people that make sense.
52:35
Alright sweet let's do it alright, in the meantime, if people have like thoughts post them in this program work with them directly in the Doc and always as always amazing, especially for.
user avatar
David Sneider
52:47
Thank you everyone.
user avatar
Joshua Tan
52:52
Thanks oh.
user avatar
Balazs
52:56
Thanks for hosting.
user avatar
Mendes
52:59
Thanks josh can I be added to the telegram group oh.
user avatar
Joshua Tan
53:03
yeah what's your own.
user avatar
Unknown Speaker
53:07
And let me just hold cycle.
user avatar
Joshua Tan
53:10
Is the link.
user avatar
Mendes
53:12
Oh yeah that's.
user avatar
Joshua Tan
53:14
yeah.
53:15
And what's your different closer or.
user avatar
Mendes
53:18
yeah from closing.
53:21
Nelson actually asked me to apologize, but he has covered so you can't be here.
user avatar
Joshua Tan
53:26
No worries.
user avatar
Unknown Speaker
53:27
Unfortunately.
user avatar
Mendes
53:29
i'm going to thank you so much, thanks for hosting this.
user avatar
Joshua Tan
53:33
person obviously next week.
user avatar
Mendes
53:36
that's you next week.