Digital Basic Identity - EU EBSI gateway and "regie op gegevens"

[synctext]

Topic is determined: Digital Basic identity, see https://www.tweedekamer.nl/kamerstukken/brieven_regering/detail?id=2021Z02985&did=2021D06488

Estimated timeline (tentative)

• 2 weeks: read background, compile prior code, understand ID,wallet and EBSI sandbox
• 2 months: participate in design team of Digitale Bron Identiteit (Deliver a report, English thesis appendix) (possibly with #6029)
• Milestone after 2 months: Problem Decription first draft of 3-5 pages, outlines the deep dive direction
• 1 month: EU EBSI connection/ESSIF with trustchain, our DBI/SSI solution.
• 5-6 months: master thesis deep dive. Possible directions:
  • Revocation (Pallier, Schnorr, buzzword-3, etc. hard-core crypto)
  • eDemocracy (Bindend Burger Advies trail with 25+ people)
  • Secure Data Sharing (data exchange, data box, real-time chat, and key management)
  • Personal data vault (with some machine learning?)

First sprint target of 2 weeks: see above

[synctext]

• converging, nice progress
• EBSI trusted apps registry? one of the first in EU or really THE first :medal_military:
• Start of writing: either do first draft of problem description chapter or (recommended) start with the content, experiments, screenshots. Performance graph of vault read/write, remote vault data transfers.
• async flow performance versus sync performance
• data is never stored in unencrypted form (by Android (that is just isolation/firewalling)? or do it yourself)
• EBSI Wallet docs idea? https://readthedocs.org/projects/ebsi/ {keep isolated from Superapp} {DataVaultCommunity IPv8 == P2P features + EVA} "app within the TUDelft Web3 toolkit"?? :-)

[sjacobino]

Trusted apps registry: https://api.conformance.intebsi.xyz/docs/?urls.primaryName=Trusted%20Apps%20Registry%20API

[synctext]

• Great find! Identyum seems ahead in EU, but requires Slovenia telephone SIM. EBSI conformance reports
• "european digital identity architecture and reference framework
• https://blog.avast.com/analysis-of-eu-digital-identity-architecture-and-reference-framework-avast
• repeating from above: start writing sprint

[sjacobino]

TrustVault_MSc_Thesis___TU_Delft-2.pdf

[synctext]

ToDo:

• conformance report with Delft University of Technology. Submit: coming Monday at the latest!!
• Are all other wallet trivial client/server conforming wallets? The first wallet-to-wallet overlay technology in EBSI?
• 31 Aug graduation target!!
• Methodology: APIs of EBSI is poorly documented. Because of poor documentation the best developers resource is raw interaction dump in conformance report of closed-source proprietary wallets. Actually used for establishing parameters of calls and their exact encoding
• You current "datavault" storyline does not cover the main effort of spend months: full open source Kotlin reference wallet for the digital future of Europe :eu: :no_mobile_phones: First open source mobile wallet. (there are even desktop wallets).
• First self-sovereign identity and data vault for European Digital Identity
• Write scientific problem description: own & share your identity and data. implement self-sovereign ID, leverage that invention to craft self-sovereign data ownership, and fine-grainded access control using our cryptographically secured wallet-to-wallet overlay.
• Each Monday a issue update please in the form of a growing thesis .PDF

[sjacobino]

0203-Gataca.pdf 0303 - Danube.pdf

[synctext]

Mental note: https://ec.europa.eu/digital-building-blocks/wikis/display/EBSIDOC/Security+track+summary Solid EBSI security docs Digital decade of Europe, ambition level and governance: https://futurium.ec.europa.eu/sites/default/files/2021-11/Slides%20for%20Futurium%20Launch%20event%2017-11-21.pdf

Digital Decade vision: Empower all European citizens and
businesses to seize the benefits of a human-centred, sustainable
and prosperous digital future in a global context.

[sjacobino]

EBSI conformance update: Conformance program has changed slightly. But I found this open source SSI kit that passed the conformance test. This is bittersweet because it seems it has been developed in parallel with us, but it's more feature complete and mature than what I have. Should be able to plug it right in. https://github.com/walt-id/waltid-ssikit

[synctext]

Any update for your master thesis? (btw Walt-ID smells like DiD-based bloatware, not IPv8 with lightning fast zero-knowledge proofs)

[sjacobino]

TrustVault_MSc_Thesis___TU_Delft-3.pdf

[sjacobino]

Still not EBSI conformant 😢 Whole process has changed and integrating with Walt id was a headache. Not necessarily bloatware as it able to parse complex credentials that I was not able to implement. And code is forked so unnecessary stuff can be removed

[synctext]

Comment on 4-page thesis draft:

• Replace bullets in first chapter with main message. No research sub-questions. Replace with contribution of this work: "How can we give user back control of their own identity and their data?"
• Way too specific: TrustVault builds upon the concept of personal data Pods first proposed. Replace entire paragraph.
• no more details in introduction than: give back control. Just one sentence with details on the ID & data vault.
• Intro political/activism message like: Our Internet-deployed proof-of-concept proven the viability of our work. We show that the European Commission EBSI initiative is viable. It is possible to re-take ownership of your digital identity and data. We offer the initial foundation for long-enduring Big Tech alternatives. This master thesis contributes a cardinal part for a European digital future without natural monopolies. It replaces the for-profit infrastructure of Big Tech with a public, transparent, non-profit and open source alternative.
• "1. Introduction" {less activism like}: Our goal is to design a more vibrant and competitive ecosystem of digital products. Many digital markets are winner-takes-all natural monopolies [REF NEEDED]. By creating an open architecture with sovereignty as a first principle we counter monopoly ourcomes. Our self-sovereign approach ensures several competing, non-cooperating services which are interoperable with each other by virtue of building their services on top of the same open architecture and open source protocol. inspired here. More positivism: our openness-by-design ecoystem has enhanced innovation capacity, provides permissionless innovation, competitiveness, and fairness.
• Related work becomes "5. Related work": move after "4. Implementation and Evaluation" section. Essential requirement: post .APK here.
• Methodology: replace with "3. System Architecture and design". Focus as much on SSI as you do (later) on data sovereignty. Our key scientific breakthrough is data sharing without any cloud, without any intermediary, and full privacy. We utilise a unique peer-to-peer overlay between wallets. This zero-server solution ensures digital sovereignty for participants. This peer-to-peer architecture is difficult to realise, as the wallet needs to implement both the traditional client and also server functionality.
• "2. Problem description". Opening line suggestion: 46 years after the invention of public key cryptography we still lack a good solution for citizens to manage their own digital existence.. Cryptography is often discussed, not yet deployed on a massive scale. How to manage your own private keys is an unsolved problem. No infrastructure exists to securely share encrypted data with your friends and family. The idea of public key cryptography was first presented by Martin Hellman, Ralph Merkle, and Whitfield Diffie at Stanford University in 1976_. Public Key infrastructure has failed us :face_with_head_bandage: Scientists are obsessive with post-quantum crypto. Billions of users rely on Big Tech monopolies to store their data in the cloud. Some of this data is deeply personal, such as the only copy of new born children photos. Users voluntarily give up control and ownership of their data. Own your own data. Technological Sovereignty. Local-first movement. Alternative to cloud monopoly. Outsource system maintenance, in exchange for advertisement
• "4. Implementation and Evaluation": screenshots of global operation (ID&data) {4-5 screenshots MAX.}. wallet-to-wallet. Fine-grained control. Show live sharing of a photo without any Big Tech. Pure zero-server architecture. (offline sharing used to work, great content also)

Did a quick review of Walt ID code (non-Android Kotlin, Apache-2.0 license) :

[sjacobino]

TrustVault_MSc_Thesis___TU_Delft-4.pdf

[synctext]

Comments:

• \footnote{this work is facilitated and sponsored by the Dutch government, specifically "The National Office for Identity Data (RvIG)"}
• No link Big Tech Bad, SSI mentioning, and EBSI
• more clarity in the introduction, high impact, EBSI is not a small tech thingie: Digital identity for all Europeans is coming. "In September 2020, Ursula von der Leyen, President of the European Commission, revealed plans for a re-vamp of the system: eIDAS 2.0. At its centre will be new digital identity wallet..) Any EU citizen or company will be able to request one (although it will remain voluntary for citizens)." and REF: https://ec.europa.eu/info/strategy/priorities-2019-2024/europe-fit-digital-age/european-digital-identity_en
• MISSING is "2. Problem description". Opening line suggestion: (see above)
• Architecture: way too detailed opening line and first section: "TrustVault is a component of the the TrustChain Super App and uses the IPv8 protocol for peer-2-peer communication." We first need to explain the European selected 'digital ID wallet' approach. For instance: This work expands the architecture of the European digital ID wallet. We mature this concept in general, added fine-grained access control, and a functional data vault.
• "E. Tamper-proof access logs" add bit more clearly: "design"
• "V. CONCLUSION AND FUTURE WORK": opening line needs to get back to the intro, problem description, and leave the reader with a feel-good moment: you fixed the world (of SSI). Like: 'Big Tech fully controls your digital identity and data. By building on the European Commission digital ID wallet architecture we present an alternative. We show the feasibility of this Big Tech alternative with control and ownership returned to the users themselves. Trustchain ... superapp.... Finally, we note that this ongoing work needs more effort. The fight for Internet control and user data is still ongoing.
• "IMPLEMENTATION AND EVALUATION" how to visualise all the work you did?

Status of code:

• [X] Session token
• [X] DiD identity
• [X] Verifiable Authorisation (Long term access)
• [ ] FAIL - access token (Short term access)

Status	EBSI v1	EBSI v2
Read access	:heavy_check_mark:	:heavy_check_mark:
Write access	:heavy_check_mark:	:x:

Figure X depicts the functions implemented from scratch for the EBSI wallet on Android, as the first known open source implementation.

[sjacobino]

And here it is. The final version! TrustVault_MSc_Thesis___TU_Delft-10.pdf

[synctext]

Review:

• "extend the Security, Control and Portability properties of SSI", no caps here
• You can easily see who currently has access to certain data. Additionally you can see who accessed certain data. "We then discuss the design for a tamper-proof access log." Our approach guarantees the integrity of these access logs.
• Figures 4 - 7 are too small. Do not leave so much white space. Fill.
• "Figures 4, 6 and 7 shows screenshots"
  • missing 5, missing punctuation
  • missing context: ..."shows screenshots" of our app for world domination and world peace....
• INTRO: The societal value of the work we present here is within the same order of magnitude as the European Digital Identity Wallet with an estimated value in the public tender of 26 Million Euro.
• conclusion: Alternative for Big Tech platforms are a new emerging research topic. We present a unique first operational system which build upon the upcoming European identity wallet. Compared to related work such as Solid, we do not require users to explicitly understand data management issues, remove system management burdens, and do not needs any management of personal data providers. Therefore, our work represents the first realistic citizen data vault and identity wallet solution. ...fine-grained access control...
• Replace " DV " with data vault everywhere. adds clarity.
• New master thesis format is similar to bachelor thesis format with merely 1 page of front-matter, see example
• also: https://repository.tudelft.nl/islandora/object/uuid%3Ad61cc5f6-4af8-49e8-9ee8-9171cacec449?collection=education

[sjacobino]

Already uploaded. Overlooked Replace " DV " with data vault everywhere. adds clarity.

[sjacobino]

Final thesis: TrustVault_MSc_Thesis___TU_Delft-FINAL.pdf

Draft Slides: TrustVault Presentation.pdf

[synctext]

{quick first round feedback} first presentation comment: 58 slides is too much slides for available time. Prune some tutorial-level material. Focus on the science part. What is your related work? Citations towards scientific literature in several slides??

[sjacobino]

Some of the slides are duplicates to reveal info bit by bit. Working on related work slides.

[sjacobino]

Tutorial-level will be quick

TrustVault Presentation-2.pdf

[synctext]

Great content! Remove empty slides with just 1 line of content --> merge Lots of slides, then aim for 40 minutes of presentation and dont rush through the material. Explain clearly a& calmy. Looking forward..!

[synctext]

brainstorm/ideas for evaluation section:

• performance analysis
  • measure time for credential verification, creation time, and write to Trustchain, etc.
  • measuring CPU usage
  • measure data traffic
  • Conclusion???? crypto == cheap, networking == expensive
• performance breakdown
  • all detailed steps when providing access to your personal data
  • measure required time per task/step
• EBSI permissions? read/write speed measurements; 1 Byte block; 1k, 10k,100k, 1 MByte blobs, 10 MByte, etc.

Missing from thesis: linking science with society (usage) == technology acceptance model. Only Big Tech realised usable systems for identity and personal data storage. Many architectures and technologies are proposed by academics, lack usability, simplistic academic thoughts, no industrial-quality realisation, and validation of assumptions outside the lab. For each of the system in the literature we depict the maturity of their work on a 5-star rating. With 1-star for only presenting an idea and 5-stars for evaluating a fully implemented system and making multiple iterations of improvements. Our screenshot of the Solid related work depicts the level of maturity of this work. After trying for 45 years we made little progress. Analysis to add: https://link.springer.com/content/pdf/10.1007/11824633_8.pdf

Current code branch in superapp: https://github.com/Tribler/trustchain-superapp/compare/master...sjacobino:trustchain-superapp:ebsi-conformance

Example SSI evaluation from Quinten paper

Next sprint: new .PDF :rocket:

[synctext]

Raw measurements from paper above. example: "Measurements re-used with permission from [1]" measurements.zip

[sjacobino]

[synctext]

• Not as much progress as hoped for in 2 weeks

• experiment with 7-10 data points for a connecting line! (please plot a MByte per second speed with 100-ish points)

• two screens in 1 photo + official travel document with covered personal details == experimental setup OR screenshots of 1 side in green-on-black cmdline ADB output. Example

  

• process this experiment into storyline of master thesis, before moving to next thing.

• No new experiment or new measurement. Just put this into thesis first!

• Credential experiment: create 1 Byte credential, to Jumbo-credential of 10 MByte or just try 1 GByte to blow up stress test EBSI (schema with user parameter). Dream outcome is non-linear performance degradation and crash.

• Write a bit of information about the code you wrote. Table of functions you implemented with LoC or use a fancy analysis tool or something. No call graph please in 15 days.

[sjacobino]

• Experimental setup with performance analysis done.
• CPU usage measurements left out, not that interesting.
• EBSI stress test not that interesting. API requests capped at 1MB. linear response time up to that point.

Still todo:

• Information about the code (today)
• Comparison with related work (ongoing)
• Go over design choices and clarify where needed

Latest version: TrustVault_MSc_Thesis___TU_Delft-4.pdf

[synctext]

• introduction explains too much. Keep it high level and make 3 research contributions visible with 3 bullets.
• "fined-grained AC without TTPs like distributed ABE schemes" bad style!
• "EBSI can be the connecting piece to the societal infrastructure for identity." add more certainty: by 31Dec 2024 this will go into production and become usable for each and every EU citizen.
• "Fig. 2. TrustVault Architecture." you solve all GDPR issues!! You store everything with the user and avoid all central data processing and requirement for a privacy officer. Its all under the users control and GDPR-compliant. This architecture is meticiously designed to provide wallet-to-wallet communication, avoid cloud-infrastructure and therefore offer GDPR-compliance by design.
• Figure 2: take more space, too tiny
• Figure 8,9: waaaay too tiny. 1 figure full columnwidth
• Figure 8: time (s), input data size (MiB)
• No text or reference to "Figure 8" ?
• "figure 10" -> Figure 10
• "NUMBER OF VERIFICATIONS AND DATA OVERHEAD PER REQUEST.", something about your test setup or experiment parameters?
• "a session token adds at least 370B to a request" , bytes?
• "210kB/s", "250MB", bad style, MiB and KiB/s ?
• "File transfer Time (200kB) single requester", ??
• " 220kB file is 780 milliseconds.", explain the story behind this magic number. We strive for sub-second performance, tests by Bambacht reveil that 220KiB should do the job usually,, something, bla bla.
• brainstorm for 1 additional possible experiment: latency breakdown for verification of credential: random_seed() 12.3 ms, itterate_SBox() 8.1 ms, etc. in a graph. ? After latency our final experiment further investigates the cryptographic primitive. By opening this black box we show the most costly functions in terms of latency. The purpose of this experiment is to provide directions for future work to further minimise latency.
• Related work example with big table
• other inspiration: https://arxiv.org/pdf/1404.4818.pdf

[synctext]

btw Please post your thesis online in IEEE-like format (without TUDelft cover): https://arxiv.org/a/pouwelse_j_1.html

[sjacobino]

Thesis LaTex files: mkrmvqdmdzyjdtmpdqcxmyvgchwrkjmz.zip