[CPWG] Readout from ICANN79 ALAC Plenary Session #2 - Building Trust on the Internet Through Registrant Verification

gopal gopal at annauniv.edu
Tue Mar 26 00:56:34 UTC 2024 

Avri,

Many thanks. I am sure that the "Trust" in the "IETF Quadrant you mentioned  in the Galaxy Image " matures further from the  Brisbane, Down Under  event, it should be the term positioned way above the concerns of Privacy and Security.

To my mind, the basics of peer-to-peer networking based on the ISO - OSI Reference Model are just enough for the purpose to understand even latest the advances in networking protocols.

It is a stiff technical challenge that assures a convergence with multistakeholders with well founded engineering compromise(s) that may make a win-win model viable over a reasonable span of time.

Your thoughts after you catch up.

Gopal T V
0 9840121302
https://vidwan.inflibnet.ac.in/profile/57545
https://www.facebook.com/gopal.tadepalli
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Dr. T V Gopal
Professor
Department of Computer Science and Engineering
College of Engineering
Anna University
Chennai - 600 025, INDIA
Ph : (Off) 22351723 Extn. 3340
       (Res) 24454753
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
________________________________
From: CPWG <cpwg-bounces at icann.org> on behalf of avri--- via CPWG <cpwg at icann.org>
Sent: 22 March 2024 22:25
To: cpwg at icann.org <cpwg at icann.org>
Subject: Re: [CPWG] Readout from ICANN79 ALAC Plenary Session #2 - Building Trust on the Internet Through Registrant Verification


hi,

This week I have been online attending IETF119 in Brisbane. Jet lag without the jet.  Would like to have seen Brisbane other than from pictures of other attendees, but was very grateful for a very well done online experience.

Attended sessions in most of the WG involved in the protocols in the IETF quadrant of the Galaxy.

In many ways, it was a firehose introduction to the details and issues of all of these, as I am still educating myself on the technical details of this universe.  Still sorting it out but one thing I can confirm is that the privacy, and to some extent human rights, considerations of these protocols is an integral part of the discussion.  For an example one conversation in trying to understand whether including a bit to signify that there is a token in a payload gives away too much information about the secrets in the token; i.e. the person or entity being identified &c. A small detail, just a bit, but a significant indicator.

I am still early in my deep dive into this tech, but the puzzle pieces for building systems for identification, verification &c. with attention to privacy elements and risk are being built. Remains to be seen to what degree solutions will  offer both  sufficient security and privacy.

As I feel myself understand more, will say more, but am being careful since this is a very confusing technical area, at least for me as I am new to this level of detail in it, at least at the moment.  Just wanted to give an indication that the issues that concern us at the policy level are being considered at the protocol level. Whether they are also tracked in implementation and deployment remains to be seen.

avri


On 2024-03-22 05:25, gopal via CPWG wrote:

Michael Palage,

Many thanks for the mail in the trace. I must thank you for the image "Digital Identity Galaxy"  you have shared and the CIRA public report " A Trust Layer for the Internet is Emerging".

Identity is the attribute of identical, the exact correspondence of one thing with another when compared.

The challenge is to make this happen online globally.

It is interesting to note that from Wednesday, 24 April 2024 in Switzerland , Swiss Citizens [Natural Persons] will be able to get a ".swiss domain" using their UPI ID. This is Unique Person Identification in Switzerland.

In India UPI is Unified Payments Interface (UPI) created by the National Payments Corporation of India (NPCI) to facilitate single mobile application manage multiple bank accounts and carry out low value transactions. UPI leaves a trace for cross checking by law enforcement.

The acronym UPI is confusing.

The verification of people's identity online using images and selfies is not standardized. Verification is a curious blend of in-person and online methods. It is a multi-factor act and the strength of the chain is the determined by the weakest link.

At what level of "Unique ID" generation a given individual will attain the "Trust Layer" grade to go peer - to -peer globally?

Your advise please.

Sincerely,




Gopal T V
0 9840121302
https://vidwan.inflibnet.ac.in/profile/57545
https://www.facebook.com/gopal.tadepalli
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Dr. T V Gopal
Professor
Department of Computer Science and Engineering
College of Engineering
Anna University
Chennai - 600 025, INDIA
Ph : (Off) 22351723 Extn. 3340
       (Res) 24454753
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
________________________________
From: CPWG <cpwg-bounces at icann.org> on behalf of mike palage.com via CPWG <cpwg at icann.org>
Sent: 22 March 2024 10:29
To: cpwg at icann.org <cpwg at icann.org>; Avri <avri at doria.org>
Subject: [CPWG] Readout from ICANN79 ALAC Plenary Session #2 - Building Trust on the Internet Through Registrant Verification


Hello All,



Below please find a readout in connection with the ALAC Plenary Session that Avri and I co-moderated during ICANN79.



Best regards,



Michael





On 6-March-2024, the ICANN At Large Advisory Committee (ALAC) held a plenary session entitled "Building Trust on the Internet Through Registrant Verification" at the ICANN79 Community Forum in San Juan Puerto, Rico that Michael Palage and Avri Doria co-moderated. This session was inspired in part by a recent World Economic Forum report entitled "Reimagining Digital ID" that noted "[d]espite a sustained focus on ID, the increasingly widespread use of digital technologies, and the rapid development of AI, the internet lacks an ID layer." This session focused on innovations by TLD registry operators (both gTLD and ccTLD) that are increasing trust in their respective namespace using enhanced registrant verification, and how this innovation can have an impact beyond the domain name marketplace.



Listed below is a summary of each speaker's comments along with a link to their respective presentation in the order they presented.



Finn Petersen, the Danish Director of International ICT Relations Agency for Digital Government, provided a presentation<https://community.icann.org/download/attachments/292978838/Presentation%20-%20NIS%20CG%20%20-%20WS%20WHOIS%20-%20ALAC%20Plenary-%20Verification%20-%2029.02.24%20-%20FPT%20%20-%20%20Read-Only.pdf?version=1&modificationDate=1709668949000&api=v2> on the recently enacted European Network and Information Security Directive 2 (NIS 2.0) and its potential impact on domain registration authorities. Finn specifically addressed Article 28 and its requirements regarding the collection, verification, and publication of domain name registrant data. Finn is uniquely qualified to provide insight on Article 28 as he is the Chair of Work Stream (WS) on WHOIS that currently encompasses a Task Force on Verification and Legitimate Access.



Karla McKenna, Managing Director/Head of Standards at the Global Legal Entity Identifier Foundation (GLEIF) provided a presentation<https://community.icann.org/download/attachments/292978838/2024-03-06_Organizational-Identity-LEI-vLEI-ICANN_v1.0_final.pdf?version=1&modificationDate=1709653690000&api=v2> on the establishment of GLIEF in 2011 to create global unique Legal Entity Identifiers (LEIs) to identify parties in financial transactions. Karla explained how GLIEF has used 38 global partners to issue over 2 million LEIs and the recent innovation of verifiable LEIs (vLEIs). vLEIs enable Zero Trust Architecture for Organizational Identifiers through Verifiable Provenance and Instate Revocation State Verification.



Avri Doria, a research consultant, then spoke on the various standards (some complimentary and some competitive) surrounding digital identity and why it is so hard to find a universal solution. Avri produced a readout of her presentation via a short blog<https://medium.com/@doriavr/why-is-it-so-hard-8f55ef531913> available where she included a compilation of current and evolving standards in various standard bodies to help educate those attempting to navigate the digital identity landscape.



Lucas Prêtre, Telecommunication Engineer at the Swiss Federal Office of Communications OFCOM provided a presentation<https://community.icann.org/download/attachments/292978838/ICANN79_ALAC_dotSwiss_registrant_verif.pdf?version=1&modificationDate=1709668635000&api=v2> about how OFCOM has historically handled registrant verification of legal entities through the use of an UID (Enterprise Identification Number) corresponding to the Swiss corporate identifier. Lucas also spoke about how OFCOM intends to expand registration of .SWISS domains to natural persons through the use of a UPI (Unique Person Identification) in 2024. Another unique aspect of the .SWISS TLD that Lucas discussed is how they have integrated the UID and UPI into the registry via the "publicID" in the WHOIS/RDAP protocol.



Niamh Lewis, Senior Digital Health & Policy Expert at the National Association of Boards of Pharmacy (NABP) gave a presentation<https://community.icann.org/download/attachments/292978838/NABP-deck%5B1%5D.pdf?version=1&modificationDate=1709728975000&api=v2> on how a 120 old US-based non-profit organization dedicated to protecting public health has leveraged its skill set in licensing and accreditation to vet registrants in the .pharmacy TLD. Niamh also shared how domain name registrants in .pharmacy can use their registration as a fraud-proof seal that is recognized by third-party stakeholders, such as Google, Bing, TikTok, Twitter/X, Reddit, Visa and Mastercard.



Craig Schwartz, Managing Director, fTLD Registry Services spoke<https://community.icann.org/download/attachments/292978838/ICANN79-ALAC-Plenary-fTLD%20%28f%29%5B3%5D%20%20-%20%20Read-Only.pdf?version=1&modificationDate=1709730479000&api=v2> about the importance of security in the operation of the .Bank and .Insurance domains and the various security innovations they have implemented. Craig also spoke about fTLD's continued enhancements regarding registrant verification and how 80% of .Bank registrants already have an existing GLEIF LEI.



Thomas Keller, Executive Board Member DENIC presented<https://community.icann.org/download/attachments/292978838/DENIC_Verification%5B1%5D%20%20-%20%20Read-Only.pdf?version=2&modificationDate=1709731659000&api=v2> on how DENIC has worked in collaboration with its 290 Members to implement appropriate safeguards they believe comply with the requirements of NIS 2.0 before the end of the year. As one of the world's largest TLDs with over 17 million domain names under management, DENIC was looking for an approach that would not only meet its immediate needs but also provide a future-oriented, scalable, and risk-based approach. The solution presented proposes a Traffic Light Risk Assessment (red, yellow, green) toward domain name registrant verification that relies heavily upon close coordination with its Registrar Members.



Bruce Tonkin, Chief Operating Officer at .au Domain Administrator (auDA), spoke<https://community.icann.org/download/attachments/292978838/alac-session-registrant-verification-6March2024.pdf?version=1&modificationDate=1709741326000&api=v2> about auDA has incorporated Registrant verification of natural and legal persons into their normal business operations to comply with Australian nexus requirements. Bruce also spoke to how .au has had low volumes of malicious registrants with those instances generally associated with stolen identities.



Jaromir Talíř, Technical Fellow at CZ.NIC, provided<https://community.icann.org/download/attachments/292978838/Jaromir%20ICANN79-ALAC-CZ.pdf?version=1&modificationDate=1709729364000&api=v2> a historical overview of the pioneering work that CZ.NIC has been engaged in the area of registrant verification over the past 18 years. These innovations include, but are not limited to: the rollout of MojeID (digital identity service) in 2010; participation in RegeID, a joint EU project involving 4 ccTLD exploring the use of eIDs; and their current active participation in one of the four Large-Scale eIDAS 2.0 pilots involving the European Digital Identity Wallet.



Timo Võhmar,  Head of Business and IT Development at the Estonia Internet Foundation, spoke<https://community.icann.org/download/attachments/292978838/ICANN%2079%20-%20ALAC%20eeID%20panel.pdf?version=2&modificationDate=1709732440000&api=v2> about .EE's commitment to registrant verification since 2010, and spoke of some of the challenges they have faced with foreign registrants. Timo also shared a new eeID initiative leveraging FIDO and passkeys to promote the use of federated user-centric identifiers and enhanced multi-factor authentication.



Jacques Latour, Chief Technology & Security Officer at CIRA presented<https://community.icann.org/download/attachments/292978838/Latour-CA-ALAC.pdf?version=1&modificationDate=1709653331000&api=v2> on CIRA's involvement in various IETF working groups and a recent report that he co-authored entitled A trust Layer for the Internet is Emerging<https://www.cira.ca/uploads/2023/12/2023_A-trust-layer-for-the-internet-is-emerging_-report-%E2%80%93-Continuum_CIRA.pdf>. Jacques also spoke about various CIRA pilots involving verified registrant credentials. Some of the additional work that Jacques and CIRA have been involved in was also discussed during two other ICANN79 sessions: DNS Trust Panel<https://icann79.sched.com/event/1a1CA/dnssec-and-security-workshop-1-of-3> and eID Panel Discussion<https://icann79.sched.com/event/1a1DU/tech-day-3-of-4>.



A Zoom recording from this ALAC Plenary session is available from the ICANN website at https://icann.zoom.us/rec/share/RHdhIaT_AQ94rO49u1LbU0HxjSZKdx_Z8KlHL-bm5kG_3dx_eJr9wQgUF_oKyJxl.BLiD6CxPZzXCSPXc?startTime=1709756148000

_______________________________________________
CPWG mailing list
CPWG at icann.org<mailto:CPWG at icann.org>
https://mm.icann.org/mailman/listinfo/cpwg

_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/cpwg/attachments/20240326/78646318/attachment-0001.html>

More information about the CPWG mailing list