following up on Adrian's remark about user/human centric parallel track as part of InterOp discussions


sankarshan
 

I realize that Adrian's original proposal was having some form of
"parallel" track. My own opinion is that the human/user perspective
may be strengthened if included into the technical aspects. It is more
germane to interoperability when the impact|consequences|effects of
the technology choices validated through interop is factored in.

The suggestion is likely going to muddle up the structured approach
(in the whimsical app/service) however, for each of the items in the
bucket an enumeration of the end-user experience may be something for
the group to consider while building up measurements of the range of
interoperability.

/s


Adrian Gropper
 

Imagine a perfect marriage. You would share all of your most intimate policies with your partner so they could act as your agent anytime, anywhere. You would only have one partner, because you would have no reason or logic for partitioning your intimate policies among multiple partners. The outcome of an outside request to your one partner would be equivalent to a request to you, no matter what.

I would probably choose a different partner than you would. Everyone would be able to choose a different kind of partner, although in reality, there might only be a hundred different basic personality types of partners and the rest of the diversity would be customization around the margins. However, from the perspective of the outside world (requesting parties and other processors of personal data) almost all of the hundred personality types would be equivalent. They would all come through the same size doors, communicate in the local language, behave similarly with respect to payment for services, etc.. With minor exceptions, 95 out of the 100 personality types of agents would be accepted by the service provider without fuss. We call the other 5% nutcases and they don't mind because they know who they are.

Human-centric iterop in the SSI sense is simply the ability for my one chosen agent to act as my agent with the vast majority of services. I get to choose from 100 types of agents each type serving tens of millions of individual people with just a minimum of customization on the margins. Any individual can choose any of the 100 types and most of them will be satisfied with the ability of their agent to serve as proxy for whatever the world throws at them.

In this vision, and in our SSI jargon, I might have two or five wallets even though I have only the one agent. The wallets have biometrics, they might break, they could be lost or stolen. But still only one agent. If the agent breaks or leaves you, then maybe you pick a different personality type agent next time. If you grow to dislike or distrust your agent, then, at approximately the cost of a house, go find another one.

Human-centered interop means that my one agent gets to be successful dealing with almost all of the service providers that want to process data about me no matter what the purpose or domain of that processing. When I approach a service provider or they approach me, I identify myself with a DID (maybe a peer DID minted explicitly for them) and I also register with them my current agent. 95% of the time, I expect the service provider to honor my agent, otherwise they don't get my business. If my 95% expectations are not met, then I might think of getting a different agent.

Human-centered interop means that 95% of the time a service can work with the agent associated with the (DID) identifier no matter what the DID method, comms language, or the application domain (healthcare, finance, commerce,...). From this perspective, VCs, crypto, wallets, directories, storage, don't matter to interop because successful agents and service providers will deal with those details or go extinct.

Adrian


On Wed, Sep 2, 2020 at 4:05 PM sankarshan <sankarshan@...> wrote:
I realize that Adrian's original proposal was having some form of
"parallel" track. My own opinion is that the human/user perspective
may be strengthened if included into the technical aspects. It is more
germane to interoperability when the impact|consequences|effects of
the technology choices validated through interop is factored in.

The suggestion is likely going to muddle up the structured approach
(in the whimsical app/service) however, for each of the items in the
bucket an enumeration of the end-user experience may be something for
the group to consider while building up measurements of the range of
interoperability.

/s




Daniel Hardman
 

I just wanted to say thank you for a very sensible, down-to-earth explanation. Good stuff, Adrian.


On Wed, Sep 2, 2020 at 4:12 PM Adrian Gropper <agropper@...> wrote:
Imagine ... Human-centric interop in the SSI sense is simply the ability for my one chosen agent to act as my agent with the vast majority of services... Human-centered interop means that my one agent gets to be successful dealing with almost all of the service providers...


Mike Varley
 

Agreed, +1 !

 

Thanks Adrian.

 

MV

 

From: <interop-wg@DIF.groups.io> on behalf of "Daniel Hardman via groups.io" <daniel.hardman@...>
Reply-To: "interop-wg@DIF.groups.io" <interop-wg@DIF.groups.io>
Date: Wednesday, September 2, 2020 at 6:37 PM
To: "interop-wg@DIF.groups.io" <interop-wg@DIF.groups.io>
Subject: Re: [InteropProject] following up on Adrian's remark about user/human centric parallel track as part of InterOp discussions

 

I just wanted to say thank you for a very sensible, down-to-earth explanation. Good stuff, Adrian.

 

On Wed, Sep 2, 2020 at 4:12 PM Adrian Gropper <agropper@...> wrote:

Imagine ... Human-centric interop in the SSI sense is simply the ability for my one chosen agent to act as my agent with the vast majority of services... Human-centered interop means that my one agent gets to be successful dealing with almost all of the service providers...

This email and any attachments are for the sole use of the intended recipients and may be privileged, confidential or otherwise exempt from disclosure under law. Any distribution, printing or other use by anyone other than the intended recipient is prohibited. If you are not an intended recipient, please contact the sender immediately, and permanently delete this email and its attachments.


Adrian Gropper
 

Another way to bridge the cognitive gap between the standards magicians and the muggles would be to agree that authentication and authorization are indistinguishable to the muggles. If we expect them to embrace SSI, we will probably need to bundle auth'n and auth'z in some way or other.

-Adrian


On Fri, Sep 4, 2020 at 9:27 AM Mike Varley <mike.varley@...> wrote:

Agreed, +1 !

 

Thanks Adrian.

 

MV

 

From: <interop-wg@DIF.groups.io> on behalf of "Daniel Hardman via groups.io" <daniel.hardman=evernym.com@groups.io>
Reply-To: "interop-wg@DIF.groups.io" <interop-wg@DIF.groups.io>
Date: Wednesday, September 2, 2020 at 6:37 PM
To: "interop-wg@DIF.groups.io" <interop-wg@DIF.groups.io>
Subject: Re: [InteropProject] following up on Adrian's remark about user/human centric parallel track as part of InterOp discussions

 

I just wanted to say thank you for a very sensible, down-to-earth explanation. Good stuff, Adrian.

 

On Wed, Sep 2, 2020 at 4:12 PM Adrian Gropper <agropper@...> wrote:

Imagine ... Human-centric interop in the SSI sense is simply the ability for my one chosen agent to act as my agent with the vast majority of services... Human-centered interop means that my one agent gets to be successful dealing with almost all of the service providers...

This email and any attachments are for the sole use of the intended recipients and may be privileged, confidential or otherwise exempt from disclosure under law. Any distribution, printing or other use by anyone other than the intended recipient is prohibited. If you are not an intended recipient, please contact the sender immediately, and permanently delete this email and its attachments.


Adrian Gropper
 

... continuing along this tack of bundling auth'n and auth'z from the user's perspective...

When dealing with a typical service provider, Alice experiences two separate phases: registration and requests. The registration phase is only between her and the service provider. They are the only two parties. Alice discovers the service, decides to become a customer, and registers with the service. The service might be a lab, a dating app, or a bank. Alice is typically online at the registration phase. She makes decisions like which email to use as her identity and whether to use strong or weak credentials for convenience. She often establishes a mechanism for payment at registration time. Under the covers, there's some auth'n and some auth'z.

The request phase comes later, and Alice is often not online at the time. The two parties are Bob, the requesting party, and the service that Alice is registered with that has to decide whether or not to honor Bob's request. In this case, we have some auth'n (who's Bob?) and some auth'z (by something that Alice and the service agreed on at registration time.)

My point is that human-centered interoperability lies at this nexus where Alice has negligible friction and high trust at registration time combined with appropriate transparency and notice, and never any surprises when it comes to how the service and Alice's registered agent deal with requests by the Bobs.

- Adrian


On Fri, Sep 4, 2020 at 11:04 AM Adrian Gropper <agropper@...> wrote:
Another way to bridge the cognitive gap between the standards magicians and the muggles would be to agree that authentication and authorization are indistinguishable to the muggles. If we expect them to embrace SSI, we will probably need to bundle auth'n and auth'z in some way or other.

-Adrian

On Fri, Sep 4, 2020 at 9:27 AM Mike Varley <mike.varley@...> wrote:

Agreed, +1 !

 

Thanks Adrian.

 

MV

 

From: <interop-wg@DIF.groups.io> on behalf of "Daniel Hardman via groups.io" <daniel.hardman=evernym.com@groups.io>
Reply-To: "interop-wg@DIF.groups.io" <interop-wg@DIF.groups.io>
Date: Wednesday, September 2, 2020 at 6:37 PM
To: "interop-wg@DIF.groups.io" <interop-wg@DIF.groups.io>
Subject: Re: [InteropProject] following up on Adrian's remark about user/human centric parallel track as part of InterOp discussions

 

I just wanted to say thank you for a very sensible, down-to-earth explanation. Good stuff, Adrian.

 

On Wed, Sep 2, 2020 at 4:12 PM Adrian Gropper <agropper@...> wrote:

Imagine ... Human-centric interop in the SSI sense is simply the ability for my one chosen agent to act as my agent with the vast majority of services... Human-centered interop means that my one agent gets to be successful dealing with almost all of the service providers...

This email and any attachments are for the sole use of the intended recipients and may be privileged, confidential or otherwise exempt from disclosure under law. Any distribution, printing or other use by anyone other than the intended recipient is prohibited. If you are not an intended recipient, please contact the sender immediately, and permanently delete this email and its attachments.


Soma-Patel Anushka
 

Does it only make sense to have 1 agent if we assume that the 1 agent will never get hacked?

 

The reason for this questions is that I have seen security teams advise that people should have different email addresses from which they manage their finances and confidential personal information and another email address for social media etc. etc.

 

apologies if I missed content that has already addressed this

From: interop-wg@DIF.groups.io <interop-wg@DIF.groups.io> On Behalf Of Adrian Gropper
Sent: 04 September 2020 05:05 PM
To: interop-wg@dif.groups.io
Subject: Re: [InteropProject] following up on Adrian's remark about user/human centric parallel track as part of InterOp discussions

 

This email originates from an external source. Stop and think before you click!


Another way to bridge the cognitive gap between the standards magicians and the muggles would be to agree that authentication and authorization are indistinguishable to the muggles. If we expect them to embrace SSI, we will probably need to bundle auth'n and auth'z in some way or other.

 

-Adrian

 

On Fri, Sep 4, 2020 at 9:27 AM Mike Varley <mike.varley@...> wrote:

Agreed, +1 !

 

Thanks Adrian.

 

MV

 

From: <interop-wg@DIF.groups.io> on behalf of "Daniel Hardman via groups.io" <daniel.hardman=evernym.com@groups.io>
Reply-To: "interop-wg@DIF.groups.io" <interop-wg@DIF.groups.io>
Date: Wednesday, September 2, 2020 at 6:37 PM
To: "interop-wg@DIF.groups.io" <interop-wg@DIF.groups.io>
Subject: Re: [InteropProject] following up on Adrian's remark about user/human centric parallel track as part of InterOp discussions

 

I just wanted to say thank you for a very sensible, down-to-earth explanation. Good stuff, Adrian.

 

On Wed, Sep 2, 2020 at 4:12 PM Adrian Gropper <agropper@...> wrote:

Imagine ... Human-centric interop in the SSI sense is simply the ability for my one chosen agent to act as my agent with the vast majority of services... Human-centered interop means that my one agent gets to be successful dealing with almost all of the service providers...

This email and any attachments are for the sole use of the intended recipients and may be privileged, confidential or otherwise exempt from disclosure under law. Any distribution, printing or other use by anyone other than the intended recipient is prohibited. If you are not an intended recipient, please contact the sender immediately, and permanently delete this email and its attachments.


Old Mutual Limited is a proudly Level 1 empowerment contributor company in terms of the Amended BBBEE Financial Services Sector Code - Long-Term Insurance.

Please see https://www.oldmutual.co.za/about/bee-and-bee-certificates to view our current BBBEE rating certificate.

Please see https://www.oldmutual.co.za/disclaimer to read the Old Mutual legal notice.


Adrian Gropper
 

I've proposed an additional use case https://github.com/w3c/did-use-cases/issues/101 as an example of human-centered interop.

The issue of security of agents is very important but splitting one's agency among multiple agents begs the issue of having a master agent that controls my sub-agents.

Also, my approach to defining an agent is a semi-autonomous entity that receives external requests and can act on my behalf even if I'm off-line. I expect my agent to be capable of (machine) learning. In order to split the requests, and therefore the learning, among multiple agents, we would have to introduce split or federated learning among the agents and sub-agents in order to avoid a privacy-vs-security compromise.

- Adrian


On Sun, Sep 6, 2020 at 1:04 AM Soma-Patel Anushka <asoma-patel@...> wrote:

Does it only make sense to have 1 agent if we assume that the 1 agent will never get hacked?

 

The reason for this questions is that I have seen security teams advise that people should have different email addresses from which they manage their finances and confidential personal information and another email address for social media etc. etc.

 

apologies if I missed content that has already addressed this

From: interop-wg@DIF.groups.io <interop-wg@DIF.groups.io> On Behalf Of Adrian Gropper
Sent: 04 September 2020 05:05 PM
To: interop-wg@dif.groups.io
Subject: Re: [InteropProject] following up on Adrian's remark about user/human centric parallel track as part of InterOp discussions

 

This email originates from an external source. Stop and think before you click!


Another way to bridge the cognitive gap between the standards magicians and the muggles would be to agree that authentication and authorization are indistinguishable to the muggles. If we expect them to embrace SSI, we will probably need to bundle auth'n and auth'z in some way or other.

 

-Adrian

 

On Fri, Sep 4, 2020 at 9:27 AM Mike Varley <mike.varley@...> wrote:

Agreed, +1 !

 

Thanks Adrian.

 

MV

 

From: <interop-wg@DIF.groups.io> on behalf of "Daniel Hardman via groups.io" <daniel.hardman=evernym.com@groups.io>
Reply-To: "interop-wg@DIF.groups.io" <interop-wg@DIF.groups.io>
Date: Wednesday, September 2, 2020 at 6:37 PM
To: "interop-wg@DIF.groups.io" <interop-wg@DIF.groups.io>
Subject: Re: [InteropProject] following up on Adrian's remark about user/human centric parallel track as part of InterOp discussions

 

I just wanted to say thank you for a very sensible, down-to-earth explanation. Good stuff, Adrian.

 

On Wed, Sep 2, 2020 at 4:12 PM Adrian Gropper <agropper@...> wrote:

Imagine ... Human-centric interop in the SSI sense is simply the ability for my one chosen agent to act as my agent with the vast majority of services... Human-centered interop means that my one agent gets to be successful dealing with almost all of the service providers...

This email and any attachments are for the sole use of the intended recipients and may be privileged, confidential or otherwise exempt from disclosure under law. Any distribution, printing or other use by anyone other than the intended recipient is prohibited. If you are not an intended recipient, please contact the sender immediately, and permanently delete this email and its attachments.


Old Mutual Limited is a proudly Level 1 empowerment contributor company in terms of the Amended BBBEE Financial Services Sector Code - Long-Term Insurance.

Please see https://www.oldmutual.co.za/about/bee-and-bee-certificates to view our current BBBEE rating certificate.

Please see https://www.oldmutual.co.za/disclaimer to read the Old Mutual legal notice.