Innovation at QTSP Cleverbase & Vidua. Current focus: designing cryptography, messaging protocols, and citizen experience for a trustworthy online society.
@Krever01 @m3auso I love this approach. See https://t.co/YekIdjmWNP for an earlier experience report, and the previous post for the experiences in working across disciplines.
What’s up with the rope illustrations in the #eIDAS2#EUDIW publications by the EC? Is it about connectivity, or am I missing some other reference? @sam280 do you know?
@niels_klomp@NachoAlamillo Niels, I’ve extracted the parts that are not covered by known patent claims into a standalone note, with a different example method from open standards: https://t.co/31Syv5b9p6 You might be interested in reviewing this one.
Sharing our https://t.co/wrCh4Ho4b4 requirements and design for #EUDIW and other #wallet PIN protection and key management, backed by HSMs using tamper-evident logs for transparency. Curious about feedback from the #eIDAS and #SSI communities.
@niels_klomp@NachoAlamillo No public license available yet for either solution. For now I’m publishing, early b/c of #eIDAS2 conversations:
- SCAL3 requirements (which could be met by many solutions)
- knowledge about one solution design (still w/o software/patent license, as it’s not ready for public use)
Enjoying Rust for early domain modeling & prototyping.
Clean syntax for algebraic data types & pure functions without effects, simple conversion, short feedback loop, Md docs w/ wiki-style code links, small high quality composable libraries.
Is it equally fun in production?
Over the last two decades, we have made significant improvements in how design cryptographic protocols. The formal design approaches, open review, verification, standardization, and in general construction approaches have led to far better outcomes.
@semanticbeeng@_1ChristopherA Yes @_1ChristopherA and I seem to share at least the interest in applying FROST for responsible key management in trust ecosystems. I’m following @BlockchainComns with interest and started to re-read the Gordian docs yesterday to see if there is more common ground.
@semanticbeeng Indeed this could work with multi-party providers: FROST works with any pool and threshold of participants. But note that we could also decouple the authentication service from further data processing services, consuming instructions from the tamper-evident log.
Presented our work on verifiable sole control of identity wallets at the Ministry of Defense. Solving the challenge of providing key management with high assurance combining commodity mobile hardware with HSMs.
@semanticbeeng Indeed SCAL3 can apply to whatever community that trusts one or more central providers to protect resources for its members, under their sole control – typically using a wallet app and PIN.
@semanticbeeng Next to eIDAS wallet providers, consider for example:
- other federated identity providers
- other key management system providers
- cryptocurrency exchange providers with custodial service
@semanticbeeng So far all of SCAL3 seems applicable in general to systems where a provider centrally performs privileged operations on behalf of remote subscribers, who can confirm e.g. using a PIN on their phone.
Sharing our https://t.co/wrCh4Ho4b4 requirements and design for #EUDIW and other #wallet PIN protection and key management, backed by HSMs using tamper-evident logs for transparency. Curious about feedback from the #eIDAS and #SSI communities.
For #EUDIW wallet providers today it’s impossible to create standalone PID/QEAA keys with #eIDAS LoA High on Android/iOS. So you delegate to either extra user h/w (costly & bad UX) or to a central key management system. SCAL3 enables the latter while keeping the user in control.
Sharing our https://t.co/wrCh4Ho4b4 requirements and design for #EUDIW and other #wallet PIN protection and key management, backed by HSMs using tamper-evident logs for transparency. Curious about feedback from the #eIDAS and #SSI communities.
@niels_klomp@NachoAlamillo Thanks for checking it out Niels! By default I’d always patent inventions; depending on the interest with widely available licenses. IANAL but I see standards orgs usually require disclosure (like here), sometimes FRAND/free licenses, but never really avoidance to be influenced.