[Speaker 9]
Good morning, well good morning to me, Adriana, well not well still it's morning it's 4am

[Speaker 1]
so that constitutes morning I think usually give it till about two minutes past for people

[Speaker 9]
okay so happy new year to everybody happy new year happy new year hello everybody

[Speaker 4]
hello hello yeah I miss I'll give it one more minute I'm still on record all right well

[Speaker 1]
I think we'll give it make a start thank you everyone for joining and happy new year hope you had a restful break I'll start with the usual disclaimer that this is a meeting is being recorded and the recording and the minutes will get published if anyone has any objections let me know also that this is a UN project where we are contributing to an open UN standard where the standard is owned by the UN so that they can make it free and if you have anything that you think is confidential in your property then don't don't bring it up your contributions are essentially being granted to the UN right with that I'll just walk through oh let's just quickly I think there's one or two new people on the call I can see David Haycock is there anybody else that's not been on this call before I don't think so okay well maybe give David just one minute to say hello and introduce himself

[Speaker 2]
hi everyone I'm David Haycock I'm based in Canberra work with Steve and I can see Denica on the call as well been working with Steve for a number of years now on interesting projects around trade and I'm currently working in the Department of Health on interoperability so this project is really in my wheelhouse of interest nice to meet you all okay thanks David

[Speaker 1]
right I'll share screen and we'll just move on with the agenda all right so as usual the first thing is to look at what new contributions exist and there are two one is there have been three new implementation commitments the easiest way to review those is just look at the issues those parties raised so one is from an organization called Health LOQ and another one from Simba Chain now both of these are US organizations that I think registered their intent as a consequence of a presentation I did to an organization called NatBat I don't know if anyone on this call is familiar with them but they're kind of like the American what I can gather they're the American version of the global battery alliance so they're a consortium of companies that are interested in automotive parts and electronic industry and particularly batteries and they asked for a presentation on UNTP I gave them one and then these two commitments have appeared I've had a look at them and looked at their sites they seem legit so one is an organization that specializes in pharmaceuticals nutraceuticals and traceability and transparency of that stuff and another one is Simba Chain another traceability and transparency platform blockchain plowed and then the last one may be a very interesting one this one is the mining association of Canada who is responsible for the towards sustainable mining certification standards so it's a basically a set of social and environmental governance practices for mine sites to conform to and then get certified as conforming to so these guys are registered I think as a consequence of the activities that have been happening in British Columbia do you want to say anything Nancy or Bri about TSM?

[Speaker 5]
Sure sorry you've got me in the I'm in the middle of lunch it's noon my time but yeah TSM are just as you say they are a it's a sustainability well they call themselves a responsible mining practices assessment body and they have a program called the towards sustainable mining which is implemented by different mining associations globally I think it was originated by the mining association of Canada and it's been adopted by other mining associations and it's basically a self for mine sites like a self assessment on an annual basis basis and then every third year it needs to be audited by an accredited verifier so it's a good candidate for conformity credential in the mining space.

[Speaker 1]
Yeah thanks for that Nancy and I although it originated in Canada I believe it it's got a footprint broader than that because I know that Australian miners reference towards sustainable mining as well so yeah this is

[Speaker 5]
different regions of the world different mining associations globally they implement it and they it's almost a little bit like the UNTP design actually they're sort of core components that they must adhere to and then if they need to adapt it for specifics of a particular region of mining then there's a possibility of doing that but yes it is globally adopted.

[Speaker 1]
Okay anyhow we have a pull request to add those to the list and including this pull request by the way is one removal from the list which is transmute because they're no longer in business I'm sorry to say so does anybody objections to merging this? Oh someone needs to review it and approve it. While someone does that I'll move on to the next one.

The next change request is about decentralized access control and easiest way to look at the content of this is to look at it on a local version easier than looking through the pull request so I might just give a five-minute overview of this and then have a bit of a conversation and what I'm sure is it's not perfect and it's got room for improvement but the collective request today will be is it good enough to release. I have had a couple of comments on it which I have implemented there are two commits behind this so the challenge that this little bit of UNTP is trying to address is how do you manage access to non-public data because there is lots of that in value chains and particularly a few use cases that are a little bit thorny which is what if the person that needs to access the public data is unknown to the holder of the data for example a vehicle battery enters the market it's made in China for example goes into a European car gets into use and post-sale events like maintenance repair and eventual recycling happen over several years these batteries could be made in hundreds of different places and used by millions of different users it becomes impractical to say oh you've got to register with the battery manufacturer so how do you manage access to information that's specific to the owner of that battery and even updates right so now you've got a situation where remember we've got a basic principle for serialized items which is if you've got the idea of the thing you should be able to get further data about the thing through an identity resolver now what this use case means is that someone other than the original manufacturer who owns if you like owns the serialized item number is going to be adding updates or more information against the same item now a lot of manufacturers kind of won't like that right you've got to be very careful about who you allow to update your data about your product the legitimate owner might be able to make a very few number of things like I had it repaired or a recycling plant might say it's disposed now because I've recycled it but this this it's not an easy challenge right of how um how you do that and there are other cases where um there are certain authorized roles like it could be a role like a regulatory authority a customs authority or or a sort of let's say an accredited recycling a recycling plant or repair establishment that again might not be known to the holder of the data so how do you grant access to these authorized roles or and that's what this diagram here is trying to say and another little challenge and there's a list of requirements that try to articulate these requirements is what happens when the holder of the data is no longer in business and somebody legitimately needs access to stuff that was considered sensitive seven years ago um so this little diagram here tries to basically suggest how that might work the um we've got the idea as we all know of an issuer of let's say a credential like a digital product passport or conformity or credential or whatever publishing it and making it discoverable given the idea of the thing through a link result so that's kind of if you like bog standard UNTP practice what this is suggesting is that if it's sensitive you could encrypt it and pass a secret key to the party who then has the key to decrypt it now if if the party is someone like um any one of hundreds of millions of people who buy the thing then really the only practical way to pass a key is is in the product right you open the box and there's a key in it uh because the thing we're trying to protect against here is that a lot of these um product identifiers are relatively short strings they're guessable right so although UNTP says if you've got the thing you can get data about the thing if the idea of the thing is a serial or a number that is just sequential it's quite easy to uh just crawl hundreds or thousands of numbers and grab all the data that's okay if it's public data but if it's data that's uh meant intended only for the final user or for some authorized role then you couldn't you don't want to make it accessible just by crawling serial numbers so you basically need some sort of shared secret between the publisher of the data and the legitimate uh uh requester of the data but it's sometimes it's not enough just to say i've got the box oh i've got the thing um you might also have to demonstrate that you have an authorized role like you're a customs authority or you're an accredited repairer or whatever and so there's there's this model of authenticated access as well so i authenticate and and get data and i may need to use both together in the sense that i have to prove that i'm a repair facility and i have to prove that i'm repairing that particular item and not any other right so uh basically suggesting that there's a relatively simple architecture for doing this which is you encrypt it and you uh pass it a decryption key there's a little whole set of requirements here uh which try to articulate what i've just said uh and this little sort of matrix which i sort of i found a little bit conceptually helpful which is you've got these different patterns of access right i've got a key or i don't have a key or i'm not i'm not authenticated or i am authenticated and so that gives you a little two by two matrix and so i've got no key and i'm not authenticated well that's that's just normal uh public data access given an idea of a thing if i've got a key and i'm not authenticated that's because you're probably unknown and even if you were authenticated it doesn't tell you anything because there's no access rule that says uh miss and not uh clary should have access to the thing is this is the one where you bought it so you own it so you got data about it um so for example accessing a service history about a particular item service history about every item may not be publicly accessible but as the owner of the item you should have the service history access uh and then there's authorized roles without keys in other words i'm an important player and i have broader access to just because of my role like for example a customs authority and then there's authorized access with a key which is i have a role that is grants me additional permissions like i'm going to declare this product um disposed because it's entered my recycling plant but i don't want i shouldn't have the power to just say that about any product i've got to prove also that it's this product so there's a little matrix there and then the rest of this goes on to say to sort of drill down a bit on that a bit and so i put in anonymous public access just for completeness that's the standard way of accessing then um okay this has got you want to ask a question this before i just finish this i didn't mean to interrupt you um are we

[Speaker 11]
this is about right access right it's read and write it's read and write yeah because there can

[Speaker 1]
be information that is sensitive to share uh and there can be a need to write right so maintenance maintenance history another one is um a cow is born on a farm and bred for the first year and then sent to a feedlot and it changes ownership but it's the same cow and it's got the same id right so the history is now being contributed by both the farmer and the feedlot but they're contributing through the same id and the same link resolver so that's a that's a right update that's a right use case yeah

[Speaker 11]
yeah is that mentioned maybe is it an irrelevant question or it's not really a question it's a comment i just feel like there's something there to be sort of flushed out but maybe i'm about about the right access you mean reading read and write or at least

[Speaker 1]
mentioning it with some use cases or examples yeah it it doesn't i skim through these requirements where i do talk about uh use for example i think access with you know to update post sale lifecycle events that's a right that's a right yes yeah maybe i could consider expanding this with read and write just to make clear that um yeah anyway uh adriana

[Speaker 3]
you got your hand up yes i do so this was actually the dilemma that we were talking in our first access user rights meeting this year with in surpass yes and i've got some questions in regards to this because it really begins to talk to directly to the circular performance component of a dpp where does a secret come in i mean where how do you get the secret who for authorized and unauthorized user access who holds the secret key so that an unauthorized repairer would be able to update the repair of a product or the remanufacturer of a product so that that information is recorded for the for the for the use cycle of the product so where does where does

[Speaker 1]
this in the boxes there are different ways right because it depends what shape the product is if it's a if it's a cow you you can't put a qr code in a box right because you don't ship them in boxes but but um the idea here is that the manufacturer or creator of the thing that is issuing the initial if you like a point of market entry uh you could think of it uh digital product passport and then kind of handing off to the market to make further updates in this model all those updates are discoverable given the idea of the thing in theory and uh but the the id hasn't changed it's still the same battery for example right it's just different parties who are adding if you almost like visa stamps in the passport so how do you give them permission to to add data specifically to that passport and not to another passport for an almost identical battery um the suggestion here is you need to include in the product some something that only the product legitimate product holder would know right and what what i was about to go through is two ways of doing that all right one is um you open the box and there's another uh qr code in there which is supplements the id of the product and it's it's basically the secret key it means use the id to get hold of a list of data and you see that some of it is encrypted and some of it is open you can't see the encrypted stuff but if you've got the box with the key in it you scan the key now you can get the encrypted stuff right uh but so that was this this next bit here uh and then i got into thinking well in what form does this shared secret take and there are basically a couple of patterns i think one is that the um the product serial number itself is a good it means it's long and unguessable which means that you can't uh crawl um you know if you know one product serial number you can't guess the next one uh so that for some use some intents and purposes that could by itself could be enough uh to be sure that whoever is legitimately holding the thing can get all of this data right and um most serial most products don't use guids though for serial numbers right so this this is not common industry practice although i did note and generally you know the cryptographic community i'm not claiming to be an expert um consider a 128-bit um guid to be sufficiently unguessable you know you'd have to have a billion guesses a second and for the lifetime of the universe to to hit to find one right

[Speaker 3]
so does the consumer who's bought the product so for example my phone um i drop it i i take it to the repair shop because i've broken the screen and i can't repair it at home i then take it to the to a repair shop which would be an unauthorized technically an unauthorized repair shop to fix the screen so that unauthorized repair shop then wants to update the the dpp however that screen now has its own dpp

[Speaker 13]
so uh the new screen yeah well yep it's still the same phone though right the screen

[Speaker 3]
right so it's still the same phone so the unauthorized unauthorized actor then uh but where does he get the key from me the consumer who's bought the original phone because

[Speaker 1]
it's in the box yeah so it could be two two two options is what i'm saying right one is that the serial number of that phone is so long and unguessable that the only way you know it's that phone is if you're holding that phone in your hand right so uh that that's this item identifier the other way is when you open your phone box as the original purchaser right inside the box it could be just printed on the phone on the basis that you have to to get the phone in your hand you have had to bought it and open the box anyway because the box is sealed or there could be a little sticker in the box that you stick on the back of the phone whatever there's the there's a i had i didn't want to define that too rigorously right because different products have different packaging and different constraints but the fundamental idea is that the only the legitimate holder of the product knows something that is unguessable that gives them access to the data and also potential to update right and that unguessable thing is either the serial number or a separate uh secret key and that holder of the phone

[Speaker 3]
hands over that secret key to the repairer yeah the repairer can see it it's because it's stuck

[Speaker 1]
on the back of the phone right okay or it is the serial number of the phone right and then they

[Speaker 3]
access that particular area within the dpp that allows them to update well this goes to no

[Speaker 1]
uh so here i think we might have a slight what do we mean by a dpp if we mean the original issue issued credential no they can't update that because it's a digitally signed credential they don't have a private key yeah but if we mean the collection of data about that identified thing which you know broadly we we call it a digital product passport but it's more than that then yes right so what they're essentially doing is publishing a repair event so that it's discoverable under the same product identifier i get into this further down okay yeah so yeah back to this diagram the repairer has access to the secret key when they scan it they can see extra data if there is encrypted data about that phone or that item but they can also uh the the link the set of links that come back from the link resolver one of them is a post link that says this is how you update for example post a repair event so now you've got a new event that the next time someone looks at the phone will appear in the link in the list of links that you get back from that phone id so that you know the use case would be you open the box you uh stick the i don't know the secret key sticker on your phone you go get it and and when when you look at when you scan the um uh the passport or you get the passport for the phone it doesn't have any repair events right now you take it to get repaired the repairer scans the qr and posts a repair event and then you give your phone to your daughter or something or to someone else now they've got the secret key because it's stuck on the phone if they have a look at the phone history they see now the original passport and the repair event then they take it to get repaired again by a different repairer and it just grows right so uh each party who has legitimate access to the physical object via an unguessable key can get uh appropriate data and post appropriate events so if i just run through the rest of this you'll see how how that works right so uh um as i said the one option for the unguessable thing is the serial number of the thing itself most serial numbers are not good so this may not be practical to build on top of the existing system however i did notice that gs1's sg10 which is a serialized g10 has 20 alphanumeric characters that's 100 bits of entropy and if it's random it's actually still quite um still quite a barrier to guess the right one right it's roughly it's a few years of guessing at a billion guesses a second so it's pretty robust so if a manufacturer using gs1 considered 100 bits of entropy enough and they chose to use a random number as opposed to a serial sequential number it might be enough right in other words you could potentially do this on

[Speaker 3]
top of existing business practices and then how do you make that secure how does this process become secure because the the access is now on the back of the phone and you you are a nefarious actor who decides that they want to they're going to update this um they're going to add

[Speaker 1]
information into the dpb because you because the uh the things you can do i'll tell them let me just get down to this yeah i'll just get through this and then we'll answer some of these questions so um uh there's a little bit here on on uh encrypting the sensitive data right um there's a very very common encryption standard called aes this is i'm assuming a symmetric key encryption here so the the secret is the key to decrypt uh and so going back to this um the serial number is the secret it means the data isn't encrypted it's just unguessable and i'm not saying this is a perfect cryptographic very safe way of doing it but it might be enough for uh for some purposes right so it's i put it there for completeness if you are going to encrypt it and pass the key then the key is quite long right and a a symmetric key is 256 bits uh and you can encode it in a qr code on the box i show a couple of examples down here right that's the one on the left is what a secret key encrypted in what what i'm suggesting is that the secret key is actually presented as a um a query parameter on an identity resolver query right so so that you um in the normal business you construct an identity resolver query with a guessable product number and you get the public product passport but if you scan this qr code let's inside the box or print it on the thing um you hit the link resolver with a um a decryption key and you get access to you're able to see the data that's that's encrypted on the other side of the link resolver so it becomes very easy what i wanted was a mechanism that's easy to use for humans but also works for machines right this common uh pattern that we have to try to deal with uh however uh what you can see here is that encoding a symmetric decryption key as a a parameter of a link resolver query you can see it uh there resolver product register serial number and decryption key makes for quite a long string and quite a busy qr code so what if this thing that you're trying to update is a penfolds bottle of wine to say i've opened it and you've got to fit the qr code under the under the lid of the wine right uh i also suggest that that's a legitimate use case right and apparently more penfolds wine sold in china than penfolds makes the um you know it's anti-counterfeiting measure or you might just have a limited space in which you can do things so i also suggested you could make a short url still has to be unguessable right because the same principle applies but if the url is nothing more than a redirect so you scan the one on the right and all it does is redirect you to the one on the left then it's a way to have uh a a lighter qr code in a tight space right so this is up to now we haven't talked about authenticated workflow right we've just talked about sharing secrets uh and making them accessible by both machines and humans to give you access to um read data or update i'm going to just skip ahead of the authenticated bit and talk about link resolver responses right so what i'm imagining is as we've always said right you've got an idea of a thing you hit a link resolver and you get a list of links right one of those might be the public digital product passport some of those links might be a um a maintenance so here you see a typical link resolver event that's saying i didn't bother putting the public links in here but imagine you got i don't know five or six or seven links and a couple of them look like this this one says it's a battery maintenance event and it's encrypted and the access role is anonymous it means if you've got the the secret you can decrypt that and get that but if you don't you can't right um this one is a battery recycling event and its method is post what that means is um if you've got the secret key and you present it as a parameter to a post on that end point you will record that battery as um disposed recycled you can't do much else you can't update anything else in the passport the all it's allowing you to do is say oh and if you've got an author an access role authorized recycler right so this basically link is saying if you're a recycler and you've got the key then you can post a uh disposal event to say it's been recycled or something like that right so it's basically using exactly the same link resolver protocol we've always had it's just that there are new types of links which are either pointers to encrypted data which you need the key or new types of links which are post methods that you need um an authentication to uh to access uh i have we haven't spoken about authenticated access yet but patrick's got his hand up so go ahead um like i i like the idea

[Speaker 8]
i see the my question is like how will the recycler go about obtaining a key right how would they go about obtaining a key to make an event to that uh it seems like they would need to receive this key by the battery producer they would need to request one um so no i so i i think

[Speaker 1]
there's a couple of scenarios right so i think when the key is evidence that you've got this particular serialized version of the product i expect the key will be physically on the product you open the box and it's there right so the recycler can see it because it's still

[Speaker 8]
it's still stuck on the battery interesting this whole thing reminds me a bit of this you know this was in the news like a few while back when they put like some microchip on parmesan cheese uh which was a micro like a very microchip uh for authentication right to avoid counterfeit uh but this is a good example to support that yes you need a very small value uh these are not qr code they're microchip but you know size still affects how much information you can put as information in there and yes yes kind of the same not exactly the same use case as this but you know

[Speaker 1]
it's not it's very similar right and i don't want to say that it must be a qr code because you can't put a qr code on the side of a cow right maybe the rfid chip in the cow's ear is unguessable and that's good enough right yeah um anyway before we get on to the authenticated part because at the moment we've only spoken about sharing secret keys uh by basically attaching them to the product and what happens when you get that secret key in terms of different link resolver responses

[Speaker 10]
danica's got a question yeah sorry um just going by the the the questions and conversation that's going on in the chat i'm i'm thinking it might be worthwhile um giving an explanation of um like what publishing a history event means uh so far as i understand it you're not manipulating the dpp itself you're creating an event that the dpp can recognize yes so if you remember back to

[Speaker 1]
just basically never mind decentralized access control just how untp works right you've got an idea of a thing you ask a link resolver what do you know about this thing and you get a number of links not just one right one of them will be a digital product passport another might be i don't know a product circularity data sheet or whatever the manufacturer wants to put because this is just aside from untp this is basically the the the the industry is heading towards providing all kinds of rich information about products and so we're just piggybacking on top of that so uh what that means is the thing we call a digital product passport and if we have a broader definition of it to mean not just the original dpp but various events post or pre uh or various events around it they're not nobody's updating the actual passport they're just adding more um little data objects if you like to the collection which is discoverable given the identifier right so i would find when i scan that qr code on the phone a passport and a couple of repair events as separate things so if we use a hand-fisted

[Speaker 10]
analogy if i've got uh an original certificate in in my physical hands and someone has created a transformation event they're not taking this certificate crossing stuff out and writing on it they're just you know adding a paper clip with a new sheet of paper that says this is a transformation event and they have their own kind of stamps and certifications that's right this is the whole point

[Speaker 1]
of the digital traceability events part of untp there are different kinds of events like a transformation event is a manufacturing process right stuff comes into the process often gets destroyed and new stuff comes out but there are other kinds of events like an object event that is just uh um something that happens so that was that's what you use for a repair event the object the um the item hasn't changed it's just had something's happened to it basically and then there's aggregation events which might be representing mixing grain in silos something we're going to talk about shortly but yeah so you're just building this kind of collection of of yeah paperclip attached bits of new paper if you like that are discoverable and the challenge is how do you have the rights to add a new paperclip event without exposing the owner of the product or the manufacturer or the brand particularly to somebody writing malicious data like this product shit you know uh you have to control what they're allowed to write given the secret key right and that's what the the link resolver response is trying to do just i want to give a bit of time to um this is i suppose it's a tricky topic i hope we get through a bit quicker but uh just quickly on um uh the the case where not only do you have to prove you've got the thing but you have to prove you've got a certain authorized role right um i'll just move on to that bit right so there's two ways to do that in here and i'm trying not to be too prescriptive again the first one is the one we all know and love and are familiar with which is uh you have an account on the data provider and you use federated access you know like log in with google or log in with whatever uh and you get access to uh sensitive data and maybe even some permissions and there's nothing should stop anyone doing that but there is a a little bit of a potential scalability challenge in the sense that you may not uh know in advance and you may not even exist let's say the rule is you have to be an accredited recycling plant in order to get a certain amount of information and make some updates but that could be any one of 10 000 plants anywhere around the world the manufacturer of the thing six years ago doesn't know them from a bar of soap do we want those recycling plants to have to register with the manufacturer create an account so that they can do a sort of let's call it a traditional authenticated access or is there another way right so i'm basically proposing two methods here one is if you know you know if you have a relationship with the authenticated unauthorized party then by all means use what everyone uses today which is uh federated access control with oauth2 or oidc but if you don't and what you want to be sure of is not necessarily that you know who they are but they do have an accredited role that you uh have a rule that says given this given evidence that i trust that you are this role then you can do these things uh then that would be done through presentation of a of a decentralized identity anchor so this is relates to a previous another part of the UNTP spec which is the decentralized identity anchor which basically is a something issued by an authority that confirms that the particular did who is let's say the issuer of passport is or the presenter of a request is also this registered member so you could have another let's say the UK government decides they're going to have an accreditation process for recycling plants and they issue those recycling plants with a digital identity anchor that says dear recycling plant the UK government says you are an accredited recycling plant if that credential is presented to the battery holder uh they only need to trust that the UK government is an authority to declare who is a recycling plant they don't need to know that individual recycling plant right so this is basically a verifiable presentation to confirm that you have a role so that you can then do uh privileged operations it's a bit more scalable but it does this one unfortunately depends on of course somebody with an authorized role issuing that decentralized uh identity anchor in the first place so um this kind of authenticating a part of giving authenticated access to someone you don't know but who verifiably has an authorized role either someone's got to declare that they have that role someone you trust typically a government or you've got to resort to their uh registering them and proving them yourself so if someone can prove it to you that you trust use the decentralized authentication workflow if they can't and you've got to prove it yourself then use the federated authentication workflow basically is what this is saying i suspect over you know it'll start with a lot of federated authentication and over time move to decentralized authentication because it's more scalable but you can't demand you start with it anyway that's that's that's that david you got your hand up yeah certainly the decentralized

[Speaker 2]
authorization makes the scalability improves the scalability problem by a large factor do you imagine that we might see some international schemes pop up to um get get some consistency on those decentralized um identifiers to identify those types of roles because if i was a manufacturer in china i now have to deal with potentially 50 60 different national schemes to understand their decentralized identifier that identifies a recycler um can you see um untp playing a guiding role in making those decentralized identifiers consistent across a role that might span national boundaries

[Speaker 1]
yeah so uh i don't think that would be the un doing that but the untp might provide tools for it so there's a few ways around that right one is um there's some because the dia the decentralized identity identity anchor has to be issued by a party who the verifier knows is authorized to make that thing right so uh if it's you know maybe a global association industry association of recycling plants uh uh um appears and they go through the process of assuring that all their members really are recycling plants and they issued the dias to any recycling plant who's a member and then it becomes easy um oh is this dia issued by the the global authority for recycling it's not authority global member association of recycling plants yes okay i'll open the door but it could be a dia issued by um let's say the uk government and then you have to distinguish between a dia issued by the uk government that says you are an authorized vet accredited vet for treating animal health versus you are an authorized uh recycling plant right how do you tell the difference between the two that now you need some sort of common language of scopes i haven't really got into that too much here but i think that would come around potentially a new project that un might launch which is a global register of schemes where you could attach to the scheme what is the scope of this scheme and health interoperability

[Speaker 2]
um is trying to reduce the number of individual connections um that any one platform or or actor has has to make um yeah by by trying to standardize that those um yeah essentials so

[Speaker 1]
there is a nirvana future vision where this all becomes quite simple but there's a lot of dependencies for that to happen right and you can't assume that all those dependencies are just going to magically be in place when people start right so you've got to kind of bridge the current world to the future world with a bit of pragmatism um and that's what i've tried to do here um john you've got your hand up uh yes steve uh and it's

[Speaker 12]
in the chat as well actually noticed as soon as put it in uh it was really kind of a question about how you see or we see untp kind of aligning with in this area things like the life the global legal entity identifier um foundations work and the vli construct that they already have it feels like that should be very compatible to the work we're describing here do we need

[Speaker 1]
to make any explicit reference to that sort of framework um yeah whether it's well how does it relate so glyph is uh as everyone knows many people know a global legal identity uh register and depends on local authorities like banks sometimes governments to do the uh on-site identity proofing before they issue what's called a vli which is a verifiable legal entity identifier credential uh that serves almost this well pretty much exactly the same purpose as this thing in untp called a decentralized identity anchor it's it's much the same thing right um except that all untp is saying is not expressing any preferences you you can use a vli if you like to prove that you're this business or you could use an australian tax office digital identity actor that says this did is is this abn you know that they're that's coming from the horse's mouth if you like but not every horse is able to uh issue that and so there's a valuable space for um frameworks like vli but at the end of the day vli still depends on the going to the source of truth in the local economy to prove who you are right and uh if you can go straight to the authoritative register owner because they issue the credential then in some ways that's simpler as long as that registry is on a trust list someone else had their hand up briefly

[Speaker 6]
gone again yeah steve that was me when i was thinking through this from a like a heavy industry upstream side of the supply chain perspective yeah it made it made me the key thing i was sort of coming back to was would um those back categories the sort of seven categories you have would there be scope for individual agents or companies along the supply chain to spec sort of subgroups or subcategories within them um and if so i could see a lot of the sort of complexity being managed um of you know what data was available to what people and what level of privileges were provided but if if you know that had to be really centrally managed and and kept time um i could see that being a bit harder it would be hard yeah i know i agree with

[Speaker 1]
you i think this will inevitably be a sort of complex mosaic right of you've got two dimensions of the problem every issuer of a passport or a bunch of data about their branded object or product will have different appetites for how much is public how much is confidential and what rules they want and so i don't think it's for us to say this must be public this must be private uh it's up to the owner of the data to say that all we're doing here is saying here's uh to help you make this uh challenge uh scale right and that was sort of how i don't know if

[Speaker 6]
this is helpful but that's how i resolved it in my mind i ended up thinking about the items and the information on one hand and then the sort of starting deck categories on the other hand and then legislation sort of in the middle forcing some minimum access for some of those categories but then you know agents could you're right so some economies might say

[Speaker 1]
the law says this data has to be public in which case well okay there's there's there's

[Speaker 6]
rules in there right um or or has to be provided with the secret key if you own that um yes that

[Speaker 1]
material yes but as a voluntary standard that's crossing all kinds of regulatory environments this is more like a toolkit than a mandate right there and it and it's the test is try it against lots of different cases upstream downstream highly regulated markets less regulated markets very sensitive publishers and more open publishers can you fit all the different use cases uh with these although it's taken us nearly an hour to go through this description they're essentially quite simple processes right but um which is important i think because if it gets too complicated you know if it takes much more than scanning a qr code it's not going to happen um i did by the way add a a little um started some um scenarios here because i think harley asked well on reading this i know by the way that this is not that easy to get your head around and will no doubt need to iterate with some uh somebody like you know david's pretty good at this uh reading it understanding it and then translating it into business person speak uh to to to improve the the way this is presented and understood uh but use cases and examples help so for example i've got a little story here where uh i tried to describe a typical scenario of discovering having a product id discovering a product passport discovering that there's some confidential information that needs a secret key scanning the secret key going a bit further and then sometimes hitting a place where you need to prove an identity then maybe hitting a blocker where you don't have the key or the identity and you just have to stop there um trying to sort of make it real with there's a little storyboard here under called linked confidential data and then one other and this i appreciate your view on this and we'll quickly get on to is i suspect um most many manufacturers will not want to reveal the identity of their suppliers and if you have a transformation event that reveals the uh the product id of the inputs that's tantamount to also revealing the identity of the suppliers right so transformation events i suspect will always be encrypted and quite often won't even be available to the logical owner of the product uh because it's considered commercially sensitive information uh and so um i've started to write some sort of how you might handle that and i can imagine sort of four levels you make it all public because you don't care and you're happy to expose your supply chain or you make your next tier of supplies visible only to legitimate holders of the product or this is i suspect going to be a common one some uh independent auditor comes and has a look at your value chain and makes a trusted assertion that there's nothing from you know this particular area of the world or or you know looks at the private data that you don't want to make public and just makes an assertion that their relying party has to trust or you never share anything but this this is going to be a an ongoing challenge i think of how to bridge manufacturing steps to debt to upstream product and supplier information which many manufacturers consider

[Speaker 5]
sensitive nancy you've got your hand up yeah just quickly um i i am understanding the technical complexity here um from a business perspective um that i'm really excited that you're working on this topic because i think it is going to be a big question mark um for industry particularly around commercial sensitivities of buyers and sellers and um it's going to be great to be able to speak to the fact that we are tackling tackling this issue right thanks i'll have to

[Speaker 1]
go through these comments and see if whether i've answered them all in this conversation and and maybe send out a little summary email with answering them um yeah it's it's a it's a tricky problem that you want to make scalable and as easy as possible and both machine and human compatible and so on and so forth so i've just tried to zero in on what i think is that pragmatic solution david you got your hand up i think clary was first uh yeah i've seen there's a list sorry clary okay thanks for that because that's to the

[Speaker 7]
nts supplier visibility and i'm happy to contribute there especially with the um requirement of the new supply chain act in europe on the one side on the other side the commercial sensitivity so selective disclosure of the belongings to to my supplier or belonging to my customer kind of credentialing is happening already now as a concept phase so there's a project going on in europe and that i think it's super important because you have to have the transparency which you don't want to declare but in case of modern slavery or ethical sourcing or whatever it comes then you have to declare the whole supply chain and how do we do that it's like with selective disclosure we could because we can give them permit permissions for dedicated attributes these guys and these groups are belonging to my supply chain and belonging to my customer chain as well yes so fleshing that a little bit out in terms of new supply chain act might be worth it to look into so i

[Speaker 1]
that term selective disclosure um a very precise meaning applies to particular types of proof methods and verifiable credentials right and so um one of the challenges with them is they're not really ubiquitously supported yet but what you're talking about is a way to hide certain properties of a digitally signed product passport and make them visible uh based on some uh access rights um so we maybe should add something about it we did talk about selective disclosure but um what you've seen here is a sort of a a bit more of a i suppose a pragmatic approach that doesn't require selected credentials with selective disclosure proof methods but in it's more sort of let's call it courser selective disclosure uh you've got a bunch of blobs and then the entire blob is either encrypted or not but um you're right that the selective disclosure um technologies that go with verifiable credentials could reveal or not reveal not at the whole blob level but even at the property level inside a passport yeah and when

[Speaker 7]
we can add something in there even without the technology meaning of this selective disclosure but from the concept level of selective disclosure for certain attributes or data information on a

[Speaker 2]
dpp might be worth it thanks yeah thank you yep i think we can do that david um just two things um i think selective disclosure is going to be really driven by the end of the supply chain so when we were looking at some um large-scale business modeling um a couple of years ago with the australian border force what we really discovered was that the end of the supply chain is going to put the pressure all the way up the supply chain for visibility and so any actors within the supply chain that are sketchy about this you know opening up that data will not be preferenced within the supply chain so if the end of the supply chain needs the visibility so i think naturally a lot of that will take care of itself um but this issue is something that we're going to have to spend a lot of time explaining really carefully to business um and so uh i want to think very carefully about how how we tell the story about we agree david and so if people have good examples of where this is done or good use cases i want to be tapping people um for these

[Speaker 1]
kinds of stories yes and that goes to a promise that david has kindly made uh to use his uh decades of experience of explaining complicated technical things to business people uh to contribute to the uh business case and um uh what's it called the um community activation profile and just generally to put a how do i explain this to a business user lens over a lot of this so i really appreciate david's uh uh contribution to that and anyone that wants to work with him on doing that should just reach out on the slack channel just just before uh we've only got well we're at time but uh i did want to give a couple of minutes to ask who wants to work with harley on another problem which is we're about to face in australia with the third phase of the agriculture project which is how you manage book and claim and mass balance in mixed bulk commodities so the scenario is um there's a two grain farmers uh growing a whole bunch of grain very similar grain in terms of its biological qualities but maybe completely different for example carbon footprints uh and they get mixed in a grain silo because that's how business works today right and uh we can't change the way you know the infrastructure of uh and this is probably applies to copper concentrate and other sorts of uh bulk products as well um how do we manage the what does that mean for the declarations or in a digital product passport how do you manage this these these blended mixed commodities uh is it book and claim or is it mass balance or a bit of both and when and and how do you do it technically is um a piece of work that uh we're keen to kick off and harley's uh uh volunteered to lead it so i just want to encourage anyone who is also interested in this space to reach out to harley on the slack channel and let's have a let's kick off a little subgroup to figure out um mass balance challenges steve i worked on that in uh

[Speaker 6]
in the hydrogen world so i can lend a hand yeah yeah so please we can create even if you want a

[Speaker 1]
little sub channel or something on slack or a little um multi-party direct message group whatever we we need but let's just have a slack conversation because we've run out of time here to establish a little working group to figure out that stuff so that we can put some words on the relevant page

[Speaker 2]
nick work with you on this problem with the clean energy regulator

[Speaker 6]
uh no i was working on it with japan ah okay no worries all right so last question does anybody

[Speaker 1]
have any objections to merging what is written so far recognizing that it could do with a bit more business speak and it might value having something about credential selective disclosure and there's few other things to improve but is it good enough to uh to push the merge button any objections doesn't mean you can't make more prs to improve it okay i've heard an objection so i'm going to push it uh and get both of those you know those uh three new uh implementation commitments and this stuff published and uh look forward to seeing you in two weeks time and in the meantime we've got plenty to talk about on the slack channel so i hope it gets a little bit more active because i also i forgot to say we've got to get each of the specs more or less uh fleshed out not finished but to go into what the un calls public review which means we can't not every spec has to be completely tested and finished but it can't have empty pages uh we've got to remove them or put some content that's good enough for an initial public review within a couple of weeks so there'll be a few more prs coming and anyone that is got a bit of time to roll their sleeves up and let us know on the slack channel all right uh so that took a little longer than i thought it would with decentralized access but it's a head scratcher of a problem right and uh um anyway i hope it was

[Speaker 11]
interesting and i value your feedback thank you thanks it's a great initial uh walkthrough it'll be an important piece thanks