Digital Basic Identity - EU EBSI gateway and "regie op gegevens"

[synctext]

Topic is determined: Digital Basic identity, see https://www.tweedekamer.nl/kamerstukken/brieven_regering/detail?id=2021Z02985&did=2021D06488

Estimated timeline (tentative)

• 2 weeks: read background, compile prior code, understand ID,wallet and EBSI sandbox
• 2 months: participate in design team of Digitale Bron Identiteit (Deliver a report, English thesis appendix) (possibly with #6029)
• Milestone after 2 months: Problem Decription first draft of 3-5 pages, outlines the deep dive direction
• 1 month: EU EBSI connection/ESSIF with trustchain, our DBI/SSI solution.
• 5-6 months: master thesis deep dive. Possible directions:
  • Revocation (Pallier, Schnorr, buzzword-3, etc. hard-core crypto)
  • eDemocracy (Bindend Burger Advies trail with 25+ people)
  • Secure Data Sharing (data exchange, data box, real-time chat, and key management)
  • Personal data vault (with some machine learning?)

First sprint target of 2 weeks: see above

[sjacobino]

@synctext you mentioned the groundwork laid by Rowdy for digital identity. Is there something I can start looking into?

[sjacobino]

SSI Pull request

https://github.com/Tribler/trustchain-superapp/pull/60/files

[synctext]

2 week pause due to circumstances. Code compiles locally, EBSI reading first pass done, pull request Rowdy review on ToDo list. Recent find: Self-Sovereign Identity (SSI) en Attribute Based Credentials (ABC)

[synctext]

For more context, in 2017 we talked about the "decentralised economy". Identity is the foundation. Others are now also doing this in a token hype manner: https://fetch.ai/wp-content/uploads/2019/10/Fetch.AI-Economics-white-paper.pdf This team actually deployed an IPv8 clone: http://www.ifaamas.org/Proceedings/aamas2021/pdfs/p1037.pdf More work to read, solid data pods from MIT and web founder.

The current generation of thesis students in the lab.	Student	Thesis focus
@InvictusRMC	Working SSI. operational attestations. Revocation problem and QR codes. #5576
@jwbambacht	Reliable enough for money. Effortless EuroToken transfer in chats. UDP packets always arrive. #6029
@awrgold	production-ready DAO. Shared ownership of BTC. Democratic decision making process. #5313

Promising thesis direction: Create an architecture in which Big Tech alternatives can emerge, market failure can be corrected, anti-competitive practices are addressed and consumers win their privacy back. Protecting privacy of users in the age of AI and digital IDs.

• Federated machine learning #5987 with privacy-by-design. Also using huge and fancy lib: #5221 (not in superapp)
• Your data stays on your device (Personal data vault)
• (optional) Secure Data Sharing (data exchange, data box, real-time chat, and key management)
• What is the use-case of machine learning? Core of Google is search. Nobody made any progress there, see stuff from 22 years ago. No realistic alternative for the might of Google exist. Possible focus: keyword search within your personal data vault and what others shared with you? (example: years of bank statements, 100 bills in .PDF, tax documents, 1000 photos, few personal videos)

ToDo sprint: compiling new Superapp code, revocation of Rowdy code, read litarature. Future sprint: first draft of problem description, EBSI enrolment

[sjacobino]

Start on the problem description: Self-Sovereign Shared Identity

Use case is SSI for group subscriptions which includes data sharing and some key management.

SSSI Problem description.pdf

Inspiration for another tangent: fair compensation scheme for personal data in personal vault https://cordis.europa.eu/event/id/148435-bdve-webinar-bringing-back-personal-data-value-to-the-rightful-owners https://cordis.europa.eu/project/id/871755

[synctext]

Good readable first version of problem description. Just replace "family plan" with "legal entity", then it becomes economic relevant and key for SSI. Authorisation within huge companies or hierarchical government is unexplored. Still good to keep in mind we can go in any direction, like ask Schiphol for real on-site tests. Another direction is deep alignment with @jwbambacht his work. Your thesis would focus entirely on getting an encrypted address book (e.g. social graph, friend list) into the Superapp SSI part. Scientifically this is a validated public key infrastructure that would be actually operational and fully decentralised. Signal messaging app has central servers, no such DPKI system exists. btw about selling your own data. The idea of mixing capitalism of selling data with social value such as data sovereignty is old. The first to publish this, conclude that its a bad idea was these smart people: https://blog.oceanprotocol.com/on-selling-data-in-ocean-market-9afcfa1e6e43 Conclusion, nobody wants that data. This model can't compete against Big Tech who owns you (Mark Zuckerberg called early Facebook users dumb f***s for sharing data when he was just 19 years old).

ToDo idea for coming 2 week, align at the source code branch level with Joost and Rowdy. Get an rvig.nl email; get account for EU EBSI; get a working cmdline Python script working or directly integrate with Superapp.

[synctext]

Possible sprint idea for coming 2+ weeks. Goal: get operational coding experience. Make first Pull Request on the Superapp. For instance, add address book sharing in PeerChat. Any contact entry you have locally (nickname+public key) becomes available to share with your friends. Status: emulator works, next step is old S4 hardware attempt. Search for good thesis focus.

Possible goal: - Future sprint: EBSI integration, https://api.ebsi.xyz/docs/ - Live test, beyond Beta code; international .DE? - Expand upon @jwbambacht of "waardeoverdracht" into a _Secure Data Sharing_ primitive. With personal data vaults + exchange.

[sjacobino]

Preview contact sharing

Uploading IMG_4267_MED_1_1.mp4…

[synctext]

• Working on thesis for 2-3 months now
• Contact sharing works, successfully enhanced the Superapp :confetti_ball: Next step: Pull Request!
• Completion of official RvIG onboarding, next step: EBSI intergration of unknown time duration. repeating get a working cmdline Python script working or directly integrate with Superapp.
• European Identity wallet: Cross-Country EBSI wallet exchange?
  • Ongoing efforts, no real SSI exists yet, see ongoing projects and wallets. All focussed on the high-cost, high complexity W3C approach with 'universal resolver'.
  • repeating from above Live test, beyond Beta code; international .DE?
  • German solution: online at play store and there is a white paper with some tech details. Verdict: small startup, early stage technology development.
• Thesis could also add "vault features" and solve problem of "wifi UDP packet dropping" (re-use your experienced Android developer knowledge)
• Should be move the "reliability aspect" of @jwbambacht #6029 into this thesis, "low-level hardcore nerding" ?
• Already explore https://github.com/budtmo/docker-android and Superapp?

[sjacobino]

Preview contact sharing in gif form:

[sjacobino]

To do in contact sharing feature:

• Highlight selected contact in list
• Multiple contacts at once?

[sjacobino]

[sjacobino]

Share contacts PR: https://github.com/Tribler/trustchain-superapp/pull/77/commits

Small feature that allows you to send one of your contacts as an attachment in a conversation. Recipient can click on the contact and add it to his/her list.

[sjacobino]

• Contact sharing Pull request online. Has lint errors that can be fixed.
• EBSI account is set up. Reading early adopters program, getting feel for Wallet and DID APIs

Next steps:

• Hosting our own EBSI Node with test environment. Requirements: https://ec.europa.eu/cefdigital/wiki/pages/viewpage.action?pageId=390792199
• EBSI nodes come as a bundle: V2 test env, V2 production env, V1 test env
• Test out API using CLI app

Current vision/goal

• IG-SSI integrated into EBSI/ESSIF to send and receive attestations from outside of Trustchain e.g DBI
• Social app based on the concept of Decentralized Social Applications Based on Linked Data (Solid)
• Think about a shared calendar, notes, foto album that collects data from the personal online datastore (pod, basically a data vault with acces control), and aggregates the data into a social experience. Apps within and outside of Trustchain Superapp can access users’ pods.

[synctext]

• EBSI is operational already for NL; account can use "EBSI block browser" (Ethereum lite explorer).
• How mature is EBSI ESSIF? Can we store our EuroToken there, PeerChat received pictures, IPv8 verifiable Claims, or even gossip-store-and-forward @InvictusRMC revocations?
• Superapp as an app store for "social enriched" secure apps. Next level ideas, of MIT Solid initial sketches. Is this really mass-uptake realistic? True, if we feed into the EU-wide digital wallet.
• Trustless execution environment, personal data vault, self-sovereign data access permission and revocation.
• With this thesis direction, reliability is now minor part only.
• copied partly Possible storyline for thesis. This thesis matures the existing ideas around personal data and identity into primitives for an automated digital society. Building blocks are personal data vault, self-sovereign identity, verifiable claims, authenticated communication with perfect forward secrecy, cloud-free personalised chat, programmable money, a universal European wallet, and trustless app execution, trustless apps ecosystem. This thesis presents the first Internet-deployed system which brings such a wealth of functionality together. It is designed to be a showcase for the upcoming European digital wallet ecosystem. Cardinal challenge is the integration an unprecedented range of primitives into a viable architecture for an automated digital society: data, identity, money, and self-determination. Furthermore, our elements are meticulously designed to evolve into an Decentralised Autonomous Organisation in coming decade as future work. Our design empowers citizens fully, they control their data and identity; dramatically reducing the power of Big Tech and robots.
• ToDo:
  • Kotlin cmdline read-write on EBSI / ESSIF
  • Personal data vaults + exchange?
  • Contact exchange Pull Request?
  • Integrate with @jwbambacht ?
  • IPv8 is not 100% reliable. Implement re-try IPv8 transfer, key discovery of strangers, etc. Possible cheat & hack: red status icon if IPv8 has no "IPv4 UDP connection"?

[sjacobino]

Because of electricity/internet problems, no video call on 23/07/2021.

Updates:

• Working API interface with test server EBSI (api.ebsi.xyz). I did not manage to get a meeting with Andre last week to discuss using the actual NL test servers hosted by the TU and I did not try again this week. That's my bad. But everything seems to work using dummy calls to the public test server.
• Instead of making a cmd line app, I directly implemented it in the Super App commons so that it is easier to link it with our wallet code in the next step.
• Working on an introduction for the new aim: Personal data vaults in the super app, that combined with SSI sovereignty not just over identity, but all data that can be accessed by applications within the super app ecosystem, and services outside (read EBSI). This is a work in progress and a first draft can be expected next week.
• The productivity has taken a hit this week but there enough to do still (see uncompleted points in previous post)

[sjacobino]

Report from last month:

In the process of connecting the SuperApp with EBSI.

V1 api is implemented in the code but EBSI has already moved on to V2. V2 has turned several REST APIs into libraries to be used locally. Mobile libraries are not yet available, so I have implemented a CLI in TypeScript with the available EBSI api with some key functionalities (including getting access tokens to write) to the public test environment. Working tree: https://github.com/sjacobino/trustchain-superapp/tree/ebsi

Roadmap for translation between IG-SSI and EBSI is in the works including working on the translation code. See notes: https://drive.google.com/drive/folders/1OBEOV7G1Pb1ZbakTTg6Y42Vu1K_uX-ha?usp=sharing

Probably 1 more week to work on translating between IG-SSI attestations/presentation to EBSI Verifiable Credential/Presentation. But because mobile libraries are not available, it will not be possible to test in-app.

So likely to shelf this part for the time being and start on Data Vault.

[sjacobino]

EBSI docs, api and libraries currently not in sync. Conflicting information on the different platforms which is making it impossible to make a working connection.

E.g.

So let's fix that:

Discrepancy in information, in this case the parameters of a DidAuthResponseCall.

Sample code on NPM site: https://www.npmjs.com/package/@cef-ebsi/did-auth

Sample code on EBSI Doc: https://ec.europa.eu/cefdigital/wiki/display/EBSIDOC/DID+Authentication+Library

Function definition in DIDAuth.ts

• [X] Session token
• [X] DiD identity
• [X] Verifiable Authorisation (Long term access)
• [ ] FAIL - access token (Short term access)

Status	EBSI v1	EBSI v2
Read access	:heavy_check_mark:	:heavy_check_mark:
Write access	:heavy_check_mark:	:x:

[sjacobino]

Personal Data Vaults Introduction.pdf

[synctext]

Personal Data Vault (brainstorm thesis direction):

• [ ] Access Control: sharing with 1 friend, friend-of-friends, or whole Internet
• [ ] Scalability: share 1 Byte or share 1 Tera Byte
• [ ] Example personal vault GUI: re-use the existing music playback, magnet-based sharing, album cover art, and operational IPv8 gossip-discovery community
• [ ] Broad scope: can you claim "decentralised social networking" with sharing of any data (PeerChat,message posting, music sharing)
• [ ] Narrow scope: make it actually work, usable, and even fun to use!
• [ ] Not work on own fork: integrate with both Rowdy SSI #5576 and Joost GUI field trails #6029.
• [ ] Sufficient related work?
  • https://www.ipc.on.ca/wp-content/uploads/Resources/pbd-pde.pdf
  • https://doi.org/10.1145/2523820
  • http://link.springer.com/10.1007/978-3-319-32689-4_11
  • https://doi.org/10.1007/s12513-011-0431-9
  • http://cs.ru.nl/J.H.Hoepman/publications/digitale-kluis.pdf
• What is the Scientific Challenge addressed within this thesis?

[sjacobino]

Digital_Basic_Identity_MSc_Thesis___TU_Delft-3.pdf

[sjacobino]

Progress on bug report:

[synctext]

Storytelling: immediately reveal the plot and don't write it as a slow tutorial: Secure sharing of personal data is an unsolved problem. Switch now to thesis format, style, and thesis wording. Grand Problem Solving: we give control back to users and erode the power of Big Tech with their $7.6 trillion market cap. More professors like Bart Jacobs are now interested in fighting Big Tech through deployed alternative technology. Academics going beyond rhetoric! Like tobacco industry, social media is not going to fix itself: More than 30% of teen girls who 'felt bad about their bodies' said Instagram made it worse according to Fox News. This is a pretty angry motivation, but I believe the observed facts warrant this.

Is there any difference between an open wallet and the personal data vault? unlimited smartphones, please exclusively apply zero-cloud infrastructure! Support REST api?

• Current wallet: simple database with attestation, not (yet) generic data blobs
• Brilliant invention: use credential as foundation for sharing: I'm vaxxed, I have this university diploma, 18+ credential, I Am Your Friend, I work for the Dutch government.
• Explore possible approaches for limited sprint(s)
• Get something working with friend credentials and sharing (explore and get experienced, designed to be thrown away sprint)
• switch to Joost code
• .APK for me to try out
• Requirement for future sprints to consider: :x: Personal information is always encrypted and protected from: https://github.com/Tribler/tribler/issues/6029#issuecomment-908993337
• Other students problem: can we insert DAO, proposal voting, Bitcoin Taproot wallet into this open wallet paradigm and Joost Whatsapp++ alternative paradigm ? :thinking:

[sjacobino]

Data Vault Demo Apk: https://drive.google.com/file/d/1qPcO9RoSYthnZXOy6q82dVZlihtIFeji/view?usp=sharing

[sjacobino]

What's going on in the demo apk:

Initial data vault directory on the device that is accessible by other devices via the DataVaultCommunity. Simple access control that takes any verifiable attestation.

The problem now is that messages including attestations don't seem to get to the other side. Solution is likely to copy peer chat's attestation chunk approach, and reassemble back at the other endpoint.

Defining access policy at file or directory level is viable. Files with undefined access policy inherits policy from parent directory.

Biggest challenge seems to be structuring the filesystem to reflect graph-like nature of the linked data.

[synctext]

please add this public key: 4c69624e61434c504b3a52904df841596dff8149fc41623b91b1149f92fe37f2c1c40c5ffb2867b7a75438e2694ab58b3c280578b80f348ca62fda10372581e3365cbd87c0551f3bc007

The problem now is that messages including attestations don't seem to get to the other side.

Progress: UDP packet drop is an issue. Large packets always drop? Scientific side: infrastructure of sharing data requires trustworthy data exchange primitive which is robust.

• Check out the binary transfer of photos please, in chat.
• not seeing the peer in IPv8 community neighbors?

We have incoming UDP packets inside IPv8. Do we have a Diffie-Hellman key exchange, session establishment, signed UDP packets, and a 'connection'? Transmit & store encrypted? e-IDAS high compliance: :x: Personal information is always encrypted and protected See new 2021 update of eIDAS: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM%3A2021%3A281%3AFIN Note that "Electronic ledgers" is mentioned 23 times in official upcoming European Commission text. Pull request on "Joost code", no private icon.

[sjacobino]

Report on progress before leaving on the 13th Further updates via ticket.

[synctext]

example for thesis? Secure sharing of personal data is an unsolved problem. Store in your data vault, facilitate sharing and test revocation: diploma.

• DiD format proposal: https://www.w3.org/TR/did-core/#example-34-verifiable-credential-linked-to-a-verification-method-of-type-jsonwebkey2020
• European Commission details: https://ec.europa.eu/futurium/en/system/files/ged/eidas_supported_ssi_may_2019_0.pdf
• https://ec.europa.eu/cefdigital/wiki/display/EBSIDOC/%5Barchived%5DESSIF+How+we+use+SSI#id-[archived]ESSIFHowweuseSSI-DiplomasandEducationalCredentials*

Data vault prototype for DNA data around eye melanoma (severe cancer), https://github.com/LedgerProject/GeneCoop/blob/a759c0368c1e2c3740a84c23db4ce1cb1e8a5db1/Demonstrator/Documentation/Technical_Design/demonstrator_tech_design.md

[synctext]

Fresh related EU work: https://europa.eu/europass/en/european-digital-credentials-learning-interoperability

[sjacobino]

No real productivity in last 2 months.

Some further improvements on the EBSI CLI using updated libraries. Problems are still difficult to iron out because error messages from the API are sometimes unclear.

What works:

• Onboarding (getting verifiable authorisation)
• SIOP authentications (verifying request, create and submit response)

Not managed to get working:

• Verifiable presentations (seems to be down to a specific encoding required)

In the end we need the mobile (Android) libraries from EBSI to integrate it into the SuperApp, but those are not planned for EBSI v2 ( https://ec.europa.eu/cefdigital/wiki/display/EBSIDOC/Users+Onboarding+API#UsersOnboardingAPI-MobileWallet(NotYetforEBSIV2.0) , there is a roadmap somewhere that states it clearly but I cannot find it now)

Personal course adjustment necessary, turning focus to Data Vault using verifiable credentials for access control.

[synctext]

Last progress meeting was 2 months ago. Running code :clap:

EBSI v1 was everything server-side. EBSI v2 is typscript based. Progress of recent week is that EBSI team did some changes, updates, and repairs. More is operational now, JSON web tokens now appears functional. EU EBSI Mobile roadmap for mobile :zap: : EBSI compliant data model is not available Upcoming day: file a bug report with EBSI team on you latest error. Prior DidAuthResponseCall bug is now fixed :heavy_check_mark: Detail: EBSI W3C did model versus the Rowdy/Quinten verifiable credentials.

Master thesis content: The first SSI data vault deployment.
First description draft: Our architecture, called HardGlass, gives users back control. Everything that happens with your data becomes visible. Data read permission can be granted securely using encrypted communication to selected parties. Revocation is executed in real-time. At a fine-grained level the user sees all access to his/her data in real-time. Something, something, more is needed: scalability to 1 TByte, magnet&music usage, diploma works, friend certificates, distributed social, friend-of-friend access, etc. Upcoming sprint: improve prototype, think more about your beyond state-of-the-art.

ToDo: poster outline.

• reserved 12 Jan :+1:
• Poster draft example! (portrait)
  • title: EU EBSI - digital passport-grade ID
  • Storyline: take back control of your own data. No more Big Tech storage. Finally an alternative. Lots of ideas, nobody has it working (including us: work-in-progress). [1] [2]
  • pictures: architecture of EBSI and data vault ideas
  • status: read/write table of V1 and V2, checkbox of DiD, token access, similar to above, etc.
  • Thesis target: usable data vault for every citizens of the Kingdom

[sjacobino]

Brief description of my experience working with European Commission EBSI code:

Working with EBSI code has been a bit cumbersome at times. In some cases example code provided on the npm page is incomplete. If the code is copied and pasted some parameters might be missing. For instance, the sample code for creating SIOP authentication responses (https://www.npmjs.com/package/@cef-ebsi/siop-auth) does not show how to structure include claims/verifiable credentials/verifiable presentations. You have to combine information from the documentation page to get a complete picture. This is the case with most of the EBSI libraries available on npm.

Some information however is nowhere to be found. E.g how to construct a json-rpc request to insert a new DID document (https://ec.europa.eu/cefdigital/wiki/display/EBSIDOC/DID+Registry+API). The parameters used: identifier, didVersionInfo, timestampData, and didVersionMetadata are not explained anywhere leaving you to guess what they are.

As mentioned before, API error messages are often non descriptive and do not state very clear what the error is or what has to be changed.

[synctext]

perfect info! please post a reproducible error to EBSI and provide details. Then we can escalate them upwards.

[sjacobino]

EBSI+TrustVault poster draft to be discussed.

Main questions: Too abstract/not technical enough? More (specific) technical illustrations? Does it get the message across (especially if orally presented)?

EBSI+TrustVault Poster.pdf

[synctext]

:+1:

• Ready to write thesis chapters of introduction, problem description (&related work), design, and in future: implementation+experiments/performance analysis
• Decision by European Commission. Context of your thesis: European Identity toolbox.
• title: "critical societal infrastructure for data"
• EBSI: EU-wide digital Identity infrastructure
• redo: Delft blue format please
• Citizens may share anything digital
• Alternative to Big Tech monopolies
• (tip: https://www.canva.com/create/posters/)
• Joost implemented EVA, binary transport protocol (non-streaming) https://github.com/Tribler/tribler/issues/6029#issuecomment-1005190589
• Please keep it simple: wallet, credential storage, data vault, TrustVault == all the same !!
• Signed access request is irrefutable. Store it, you get nice "tamper-free access history" :clap:
• Sprint target: first TrustVault prototype demo. APK?
• future sprint: EBSI, first thesis chapter writing?

[sjacobino]

Trustvault + Essif final poster for meeting AFM

TrustVault+ESSIF Poster-4.pdf

[sjacobino]

DataVault prototyped advanced in the last 2 weeks:

The process now goes as follows

1. You get a list of peers from which you can request files
2. You send a request to see which files are accessible to you with the attestations that you have
3. You get a filtered list back from your peer of files you can select from
4. You choose a file and it is retrieved

The advancements are

1. Smooth workflows
2. Attestations are actually verified but no distinction is made yet between the different types of attestations
3. Individual files can be made public so that no credential is required to get them. This menu is will be expanded to set granular, more complex access rules (instead of just public or not)
4. To minimize overhead, attestation only need to be sent at first request. Subsequently a token (derived from the attestations) is used to retrieve subsequent files. (Some interesting caching needed here)
5. Some interface improvements as well, with the goal in mind to migrate everything under one Value Transfer roof.

See Slack for apk file.

[synctext]

Very productive sprint !! :tada: Real productive software development inside superapp: 6 weeks. EBSI: 6 weeks. Key selling point? data sovereignty?? Current state-of-the-art is MIT solid. random test sample of this prototypes; horrific user on-boarding experience, but good luck trying to do this better :hourglass_flowing_sand: Connecting a PC browser to storage will never bootstrap (critically requires support from the monopoly browser). For Android its also hard to create automatic background cloud storage. You first need an identity and (free??) storage. Fragile... MIT Solid is server-based and has a high probability to re-centralise all data at new players (Big Tech 2.0).

• decentral social, network storyline. self-issued certificate of friendship. possible 2-3 sprints. Friend-of-friend?
• conversational interface: integrate with the messaging tab. Sharing with addressbook entries..
• Deep Technical option: peer discovery, improve, and fine-tune the connection to nodes/friends. Core of thesis become low-level networking. Carrier-grade NAT awareness.
• Datavault. Now it is very generic, can we have specific use-case(s)? Photos and/or music?
  • photos is great example of personal data with selective sharing and broadly understood privacy concerns
  • Others in the lab are creating an artist investment token
  • alignment with MusicDAO running code
  • full chain: identity, attestation, datavault, Web3 app (DAO)

[sjacobino]

This image shows the policy editor page, when you click on an image/file in your data vault. You see the different policies, in this case a read policy and a read+write policy with the rules defined for required credentials for access.

These two images show how you can edit a rule for credentials

To get to the core of the thesis: giving users full control to define how 3rd parties can retrieve files in his/her vault. This is done by defining what is basically a decision tree for required combination of credentials. This is done granularly at file and folder lever. Credentials can be self-issued by the user (akin to accepting a friend request) or by trusted 3rd parties (IG-SSI SuperApp credentials, and if the stars align, even from EBSI). The goal is to combine sovereignty over identity with sovereignty over data in general. No more giving your phone to someone to see some pictures and hoping they don't swipe left too many times. No more pictures on the servers of Facebook and Instagram but all on your own device.

[synctext]

• Solid prototyping progress

• maturing of thesis direction; however, please make it more scientific. In 2013 it was asked: "do we need another photos sharing app? no

• Suggested thesis title: "Enhancing the EU EBSI wallet into a privacy-first data vault"

• See: EU EBSI wallet conformance testing" and this https://www.itu.int/en/ITU-T/webinars/20211013/Documents/Daniel%20Du%20Seuil.pdf

• Goal is to get approved: "Be listed on the EBSI website and benefit from a strong visibility."

  

• {repeating} e-IDAS high compliance: :x: Personal information is always encrypted and protected

• Text storyline like: "European Commission is creating the critical societal infrastructure to reduce our reliance on Big Tech. This thesis enhances EU EBSI. Citizens can now also issue credentials within the EBSI framework. Self-issued credential are used as the foundation for data sovereignty, users can set policies and enforce those. We constructed a privacy-first data vault which uses the self-issued credentials for access control. Our architecture uses a pure non-custodian wallet and generalises everything into a EBSI-compatible data vault. Our work offers superior security and privacy when compared to the EU EBSI reference wallet. The viability of our system architecture is shown with a full implementation and Internet-deployment. We show that a privacy-first approach to the sharing of VAT identification numbers and family photos. Our systems offers data sharing with full self-sovereignty and we only rely on the EBSI critical infrastructure to prevent spoofing of identities. Our system offers fine-grained access control for both read and write access for selected files and directories."

• Read the new thesis format example by Joost: https://github.com/Tribler/tribler/files/7992882/Thesis_3_2_22.pdf Delft blue + arXiv 2-column IEEE format.

[sjacobino]

Let's try to find out more about the wallet conformance testing https://ec.europa.eu/cefdigital/wiki/pages/viewpage.action?pageId=455606439

[sjacobino]

This sprint in the end was all about UI/UX taking a lot of time. The browser now looks like a proper file system and has file system functionalities. Files can now inherit access control rules from their parent folder. Having some issues still with loading remote files. So EBSI conformance testing is still on the to-do list.

https://user-images.githubusercontent.com/5730521/155093185-20054916-e12a-4e80-92a7-8b964f07e6fd.mov

[synctext]

• Good video, solid sprint progress. Self-assessment of progress: 65%.
• ToDo key selling point of thesis, scientific depth? candidate: "EBSI-compatible data vault", 1 TByte, certified, privacy-first, non-custodian, irrefutable tamper-proof access-log, etc.
• ??? Personal content sharing: to millions with zero-cost. ??? (re-usage of operational Libtorrent work, Music robot economy)
  • Bonus: tamper-proof access log is complete replacement of the collecting agencies in music (no middleman).
  • Jacobino: relevant for the new influencers economy. You can't fake your popularity, self-recording of cheating.
  • Excellent application of Distributed Algorithmic Mechanism Design. lies about your traffic are becoming more difficult, full accountability, and irrefutable Sybil attacks.
• eIDAS-high compliance impact is very significant, see Rotterdam municipality using commercial Belgian bank+telco monopoly technology
• for compliance, encrypt the data. ToDo: how to decrypt and make available to the insecure PDF viewer or do we need "secure viewers" which are 'crypto-aware'. (but PDF is not interesting for the lab)
• Read solid Joost thesis draft on EVA UDP transfer protocol please. Web3_ A Decentralized_societal_infrastructure__18pages.pdf
  • EU EBSI high on ToDo list

[synctext]

• world is discovering the importance of identity and authentication
  • White House zero trust: https://www.pomerium.com/blog/white-house-zt-memo/
  • single ransomware click can land all passport copies of your hundreds of employees on the darknet
• "this thesis present the first value chain from passport-grade credential, privacy-first data vault, and displacement of an aging industry". repeating: ToDo key selling point of thesis, scientific depth? candidate: "EBSI-compatible data vault", 1 TByte, certified, privacy-first, non-custodian, irrefutable tamper-proof access-log, etc.
  • 1 vault screenshot
  • 1 verified audience screenshot
• progress: EBSI focus last week (30% complete of self-certification :clap: )
  • :heavy_check_mark: EBSI login and token
  • :heavy_check_mark: EBSI simple create credential
  • :x: Advanced EBSI challenge/response authentication responses (create JSON web token, try to verify)
• like some months ago: difference between documentation and production reality (doing Android support from scratch)
• Try to reproduce with their curl -X 'POST' 'https://api.conformance.intebsi.xyz/users-onboarding/v1/sessions' -H 'accept: application/json' approach?
• Update prior submitted bug report (no longer access to .gov email) or submit new bug report.
• Superapp is having heavy development who class of 2022 is soon code dumpingmerging...

[sjacobino]

EDIT: Managed to complete this one. Needed to include a one time token from https://app.preprod.ebsi.eu/users-onboarding/ in the request

Similar error messages as a while back. Not really clear what the issue is:

[sjacobino]

EBSI is using ECDSA with the secp256k1 curve which is being deprecated by most libraries. The trend is to switch to either 256r1 or to EdDSA. Not really future proof. See https://jwt.io/libraries

[sjacobino]

Last sprint:

• Lots of time spend upgrading project to Java 11, necessary to use packages for signing VCs. Lots of refactoring our own code and library Java code to work in Android.

• Some progress made with EBSI conformance (~50%-60%) depending on what coverage we want (only synchronous flows or also asynchronous flows)

-Authentication and so finally succeeded. Current stumbling block is interacting with smart contract end-points. Documentation and examples still very difficult to navigate:

or

Is it it hex or base64????

[sjacobino]

EBSI conformance plan:

https://ec.europa.eu/digital-building-blocks/wikis/display/EBSIDOC/EBSI+Wallet+Conformance+Testing

[synctext]

With 57 Million :euro: in funding for EBSI Large Scale Trails. The EU wallet is only growing in importance as critical infrastructure for next year :astonished: Terms for selling your work: "EBSI-compatible data vault" or "Secure EBSI data sharing". The latter indicates more the access authorisation and generic framework that you provide. Focus on https://EBSI.readthedocs.io/ and pioneering foundations for others? Your thesis sells "accelerating the EU ID movement by providing the first EBSI-certified wallet and secure data sharing. Our work is targeted to be the reference implementations for others to build upon or improve (open source).", not just another photo+data sharing app.

Currently hotels all are by law required to copy your paper-based passport. What will EBSI give them? It is like the infamous Corona scanner, it remembers how many identities are checked? Or is the verifiable credential proof stored permanently?

[sjacobino]

Again some headaches in the conformance testing process. Unable to do significant testing for over a week. It seems one issue is resolved and another is created.

EBSI conformance scenario 2 (Requesting verifiable attestations) of the Conformance program is almost complete. Again, without blocking issues on the EBSI side, scenario 3 (presenting attestations) should not be too difficult (1 week max).

Made some improvements on the data vault during the EBSI down time:

• generate access token from credentials for subsequent requests (lower communication overhead)
• initial integration with address book

On the data vault, mostly usability/UI improvements needed. Performance improvements (higher transfer rate) would be nice but might be too big a task.

Shifting focus towards writing to have a rough draft in 2 weeks.