European Workshop on Trust & Identity

In cooperation with GeantLogo184x80

Session 15 <Identity for Everything> (13:30/Room K7)

Conveners: Floris Kleemans, Johan Saton

Abstract: Establishment of a an Open Registry called DENARS which would be used for registering and collecting entities to be used all around the world in different kinds of applications and an Identity Layer should be had on top of the Application layer.
Also the exchange protocol of grouping all the entities for a specific transaction named UETP.

Tags: Architecture, Digital Objects, IoT

Notes

We would like to get a clear conclusion out of this session and it’s good to phrase the challenge and that is do we need an identity or the entity layer in the internet architecture, if we have an identity for everything is it something that we actually need?

Open source initiative - what we felt is that if we want to connect the people, how do we connect it, and if we take a look digitally all these entities, that reside in an application environment, a natural language environment. How do we connect it??

We felt that if we can start working with social economic entities we can connect them automatically with each other would that solve problems and that’s how we came to make a new language, Uniform.

This happened fast, in 2014 to establish this foundation, to facilitate development of UETP, free to use by society to connect all these things together.

The internet itself is fragmented, we have government on one side, which e.g. said that the personal data of European people is not allowed to be stored in US based clouds anymore. If we want to have an automatic connection we felt like to come up with an architecture. Identifying the university, with the unique ID, the second step that we do it to create meaning around it, virtual product e.g. and that you bring together to get an economic transaction.

We felt if the economic Internet works we need three things, connectivity, to create understanding, we need a semantics layer, and when there is understanding we need interaction, to identify.

Analogy: Knowledge model for business transactions like Wikipedia for some common domains.

Taken from the RFC 4122 unique IDs we added some features to it, what we then do is when you have the ID you create meaning and what you create with the UETP is to provide semantics and methodologies and we need a language for that The development model for the protocol is a open knowledge model like Wikipedia and if want to add different things that’s possible.

You can have a similar registry as we have for DNS and IP addresses, we would be able to create something similar that we can manage at that level. Who is able to see access and manage this identity of entity?

We have all these interfaces and APIs and the great thing is that you create this ID and make whatever you want and if it’s important to you it can be done with it. And it can be done offline, decentralized, a new kind of DNS system occurs. Because we start managing a transaction and any context.... We have all kinds of internal communication in this chat, where people say "I want to share this with you" to someone else.

Such entity registry can be linked and electronic devices when they do a transaction, when entities how entities and what entities have a space configuration and this is what you can provide to someone whomever you want to provide.

Link up multiple transactions (webshop, payment, delivery, etc.) in a single transcript with a common model. (N-party groupchat)

We have this information what would it be in the transaction, we put it in the group chat, and that is how we would process the transaction, and when it comes to trust, there are trust dialogues where you can share things with someone that you want that you trust. Sometimes there is legal requirement but this is the way how you can bring it together.

Richard O'Brian:

I see value in having entities that are not necessarily individuals but have functions or smart programmes, they would have a source which if its open you can see how many hands touched it. That’s my 2 cents, we need that at the stage as there is too much lack of attention on software integrity.

Rainer:

On the identity layer I see this as a cool thing. We can start working out processes on identity related metadata challenges, but somehow the thing is merging entities in the sense of organisations and devices in a much more general identity layer. I find it hard to see how you could have this generic identity level (that is a kind of abstract root object in OO-programming speak) from which derives anything, whereas identity management requires very specific properties, e.g. keys. I fail to see the potential of linking up the two levels of abstraction.

Floris:

That’s how we made the different in who entities and what entities. The entity search that starts blank can turn into anything, it’s just a unique identifiable thing vs. whatever and then we can set what kind of functionality of capabilities, and see how to bring it into the identity level.

One of the cases in the internet of cargo where the cargo itself becomes smart, it knows its position and logistical options and when it transports it checks in which direction it would be the best to go. There needs to be interaction and that kind of data centricity doesn’t exist.

If you have shipping containers, there are a lot of them which aren’t used, and one of them is your container that you can communicate to. My question is: can I use a container for a quick transport because I really need a container here and now, so instead of all the paperwork we can address a container itself.

In the transaction all of the parties that are involved there are also those included to show you who has to be a part of it. If you need to use a container for example to transfer something from Netherlands to Germany, all kinds of organizations need to be legally included.

Q.: In your model there are n to m transactions possible, and the rules are very difficult to make, which transactions are allowed and which aren’t, and I think it might be complex and then you have benefit when you have done this setup and therefore I think that when the transaction scenario is simple this model might be too big that if you have a complex one, your model might a better choice for this if you do the design with this model for a quite complex scenario.

Johan: That’s also the scenario that if you want to create a protocol, not to only checking whether it works or not so we have a quite big set of different use cases of even the small ones and the big ones and we have to see what we can learn from it, what works and what doesn’t. What if we can use a protocol for entities to communicate and implementing that into your specific transactions?

Floris: You can make this as simple and complicated as you want, if you want it simple just do it 1 on 1 as communication. You can add as much knowledge as you want. And if the fiscal entities want to include themselves in the code, there is something that needs to be done.

Q: Does an identity layer add complexity?

A road sign, would having this entity layer would help you establish a use case to make it international?

Floris: We are setting it up for global, Singapore banking, Australia... Different use cases. The first live eco systems are in the Netherlands.

Johan: The use cases have to be sponsored by different companies. We have a lot of people who want to import a car, and you have in Netherlands e.g. the BMP tax you have to pay when you import cars, which is an extremely big hassle. This would be a great use case for the group chat.

Rainer: Two ways to include into the Meta model: One is the way how we do the metadata and the other way around is what kind of existing protocols can be integrated into your existing schema?

Floris: PKI structure and some of the other and we have to go in more depth in the knowledge model.

Albrecht: Individual object can have a very long lifetime and the protocols that you want to employ in between two parties and this reminds me of setting up a protocol and people won’t use it anymore as students aren’t taught to use it. What do you envision if the lifetime of an object is much longer of the technology cycle?

Floris: It will be restored in a certain time, and we can’t create a solution after but you can see this as a domain name if you don’t extend. Maybe you want to include it in a different system in the future and that is also possible.

We can’t have too many nodes as the scalability problems would arise. Obviously people in whatever thing we, don’t see it as a programme but Wikipedia. And as long as we remain open for users, that it can grow on top of it but of course people can make it great and this is basically more community management than anything else and the best changes are to keep it well so we have that.