What’s In Your Wallet? + Who Is In Your Wallet?
What’s In Your Wallet? & Who’s In Your Wallet?
Convener:Darrell O’Donnell & Drummond Reed
Notes-taker(s): (1) Darrell O’Donnell, (2) Heather Vescent, (3) Alex Laws
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
(1) Darrell O’Donnell’s DKMS Link (full write-up/presentation) bit.ly/dkmsv3
(2) HEATHER VESCENT’S LINK TO GOOGLE DOC + NOTES BELOW:
What are in your wallet
Who are in your wallet
Do not want to talk about crypto wallets.
What’s in your wallet that you really need.
What does my digital wallet do for me (as a developer) or for my mom (no cell phone)?
Is there a delegation role for me to take care of it for her.
What kind of credentials?
Digital Driver’s License
Service card (BC) the card + attributes
What is a vault vs a wallet?
I want to be able to get at it.
Records of communications.
Who have I been interacting with via a wallet.
The terms wallets and agents.
Wallet is a storage - in the sovrin world.
We used to carry phone numbers in our wallet, pictures of our kids.
As a developer, it’s an SDK.
There’s different levels to what a wallet is.
See it more like its an app
What happens when Apple makes a wallet sdk that meets all out needs?
My app has wallet capabilities.
Are we securing the data in the secure elements?
Who is in your wallet - with you?
Re: medical records.
Break the glass situations for medical.
Cloud of 3rd parties…
Bank, financial advisor, can you have their software agent,
Loyalty program membership
Or part of a credit union.
The wallet becomes a capable thing.
You want certain agents to see certain parts.
Scheduled drivers license - prove over 21.
Does my wallet protect me - they are asking for your police version of the dr license.
Can you do that for me in a business environment.
What’s the role of a bank or FB friends.
-- Drummond gave update/history of DKMS, DHS S&T
(3) NOTE TAKER: ALEC LAWS
Definition of Agent/Wallet
What does it mean to issue or use a wallet?
What & Who is in your wallet? Stuff...
What's in your wallet? crypto/keys/records/credentials
Who's in your wallet? Healthcare/ Bank/CU/Family
_ignore the crypto side_
crowd Q. what is the audience for this dicussion? devs? 'normal' people? my mom?
- all of the above, more about what the defn is
- keys: important, stored securely (TEE) OR on a server
- identity document ex BC service card - corp registration
- what utility does it have?
- fidelity of a receipt -> line items with diff classifications
- communications records
- this is getting bloated
vault vs wallet?
- don’t want to carry everything around
cQ. a wallet is an app. an agent is in the cloud? many vs some people
- in sovrin wallet is secure storage
there is some ambiguity, but _I_ don’t care
definition of wallet is a moving target
- ex no long keep phone number in wallet, photos of kids etc
- they have been moved to
wallet is akin to real wallet, keeps stuff I need
**WHO is in the wallet
- ehr and a telco
- break the glass (in emergency) based on other credentials (ie doctor)
- NOT key recovery
- bank knows where I spend money, loyalty rewards cards
specific people can see specific parts of the wallet
ex digital driver ... proof of age ...
guardianship, who can sign FOR you
- will you remember where you put the backup in 10weeks, years
- Facebook friends.. don’t really trust that
2 levels of the wallet
- ssi, ux questions, how to actually manage this (ie key corvery), how it works behind the scenes
DKMS (hyperledger indy)
- dids -> blockchain -> privacy problem
- BC only for identifiers
- dids only useful if YOU control keys -> DKMS
how to solve key recovery, interoperability, portability
android vs apple wallet users
apple 50% use
DHS problem, standard for interoperability between DKMS wallets?
- recommend that it becomes a standard (OASIS has some work, KMPI key management interop interface, enterprise level)
- prevent vendor lock in
DHS wants to complete 'baseline' functionality, in HL indy, by Q1 2019
- they will fund review of indy code base, then to OASIS
- agent acts on a wallet, wallet is storage, agent is actor
- agent is either at edge (under user control) or cloud (not on HW controlled by user)
- cloud can by HSM (hW sec module)
- this is a policy decision
analog to email (clients/servers)
edge agents must be able to connect directly
- ex pulled over by LEO without cell signal
- DKMS covers protocols for agents to communicate
- not structure of wallet
- but interfaction between agents
edge to cloud agent can have strong auth (agent/agent comms)
- recovery from other device sin network (ir family)
cQ. does key manger mean private key management, or pk exchange/rotation
- in sovrin did is part of base58(pubkey)
cq. dmks covers way more that centralize key manage
nist 800-135(?) design of crypt key management systems
- meta spec for designing kms
- what applies to dkms (80% overlay, 15% sorta, 5% irrelevants)
cQ. how social recovery works?
- see dkms report (indy-sdk)
- agents automate the process except the most social step
- id verification should be out of band (between the trustee and key owner)
- encrypted wallet backup to cloud
- add trustees as you make connections
- nothing for user to do, but select who do they trust
cQ. wallet sync between owners edge agents
- design NEVER shares private keys across wallets, only did's
cQ. do you share link secret?
- used for zkp
- BLS has no correlations
- derived keysa are a special use case, ie group key for multidevice comms
cQ. is cloud agent mandatory?
- edge agents aren’t' required either
- some parts are more challenges
- message routing without cloud agent
- ie pub/sub router
- edge agent can comm directly with did layer (BC)
Who’s in your wallet? your connections
did-did channels (pairwise pseudonymous) can be used for ANYTHING
cQ. data edge agent wants to store NOT in the wallet?
- that’s a vault, secure store that’s not in wallet
- vault is cold storage of wallet data?? not what you want right now
- vault stores credentials?
- vault encrypted by keys in the wallet
DKMS is an entire approach