[CPWG] Readout from ICANN79 ALAC Plenary Session #2 - Building Trust on the Internet Through Registrant Verification
avri at doria.org
avri at doria.org
Tue Mar 26 01:46:27 UTC 2024
Hi,
Well the protocol support at the bottom layer is essential. But whether
it is used, how it is implemented and the policies put onto it are
relevant bits of work yet to come, I put years, with others, into
getting the protocol consideration task recognized (HRPC), but now
turning attention to how we take those and build the right stuff. Or at
least that is what I think I am saying. Protocols isn't ICANN's
thin]g, that is IETF. But the next steps may indeed be relevant to
ICANN if/when they decide to quit being afraid to tackle Identification
and Verification.
thanks
avri
On 2024-03-26 00:58, Wolfgang Kleinwächter wrote:
> Thx
> Avri., i read between your lines that the next level is more complex.
> So ist es. We know this from Aristoteles, from Hegel, from Marx and
> nitin desai. Things are simple only behind the horizon the other day..
> stumbling foward is the order of the day. Good luck
>
> Best wishes Wolfgang
> avri--- via CPWG <cpwg at icann.org> hat am 22.03.2024 17:55 CET
> geschrieben:
>
> hi,
>
> This week I have been online attending IETF119 in Brisbane. Jet lag
> without the jet. Would like to have seen Brisbane other than from
> pictures of other attendees, but was very grateful for a very well done
> online experience.
>
> Attended sessions in most of the WG involved in the protocols in the
> IETF quadrant of the Galaxy.
>
> In many ways, it was a firehose introduction to the details and issues
> of all of these, as I am still educating myself on the technical
> details of this universe. Still sorting it out but one thing I can
> confirm is that the privacy, and to some extent human rights,
> considerations of these protocols is an integral part of the
> discussion. For an example one conversation in trying to understand
> whether including a bit to signify that there is a token in a payload
> gives away too much information about the secrets in the token; i.e.
> the person or entity being identified &c. A small detail, just a bit,
> but a significant indicator.
>
> I am still early in my deep dive into this tech, but the puzzle pieces
> for building systems for identification, verification &c. with
> attention to privacy elements and risk are being built. Remains to be
> seen to what degree solutions will offer both sufficient security and
> privacy.
>
> As I feel myself understand more, will say more, but am being careful
> since this is a very confusing technical area, at least for me as I am
> new to this level of detail in it, at least at the moment. Just wanted
> to give an indication that the issues that concern us at the policy
> level are being considered at the protocol level. Whether they are also
> tracked in implementation and deployment remains to be seen.
>
> avri
>
> On 2024-03-22 05:25, gopal via CPWG wrote:
>
> Michael Palage,
>
> Many thanks for the mail in the trace. I must thank you for the image
> "Digital Identity Galaxy" you have shared and the CIRA public report "
> A Trust Layer for the Internet is Emerging".
>
> Identity is the attribute of identical, the exact correspondence of one
> thing with another when compared.
>
> The challenge is to make this happen online globally.
>
> It is interesting to note that from Wednesday, 24 April 2024 in
> Switzerland , Swiss Citizens [Natural Persons] will be able to get a
> ".swiss domain" using their UPI ID. This is Unique Person
> Identification in Switzerland.
>
> In India UPI is Unified Payments Interface (UPI) created by the
> National Payments Corporation of India (NPCI) to facilitate single
> mobile application manage multiple bank accounts and carry out low
> value transactions. UPI leaves a trace for cross checking by law
> enforcement.
>
> The acronym UPI is confusing.
>
> The verification of people's identity online using images and selfies
> is not standardized. Verification is a curious blend of in-person and
> online methods. It is a multi-factor act and the strength of the chain
> is the determined by the weakest link.
>
> At what level of "Unique ID" generation a given individual will attain
> the "Trust Layer" grade to go peer - to -peer globally?
>
> Your advise please.
>
> Sincerely,
>
> Gopal T V
>
> 0 9840121302
> https://vidwan.inflibnet.ac.in/profile/57545
> https://www.facebook.com/gopal.tadepalli
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> Dr. T V Gopal
> Professor
> Department of Computer Science and Engineering
> College of Engineering
> Anna University
> Chennai - 600 025, INDIA
> Ph : (Off) 22351723 Extn. 3340
> (Res) 24454753
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> -------------------------
>
> From: CPWG <cpwg-bounces at icann.org> on behalf of mike palage.com via
> CPWG <cpwg at icann.org>
> Sent: 22 March 2024 10:29
> To: cpwg at icann.org <cpwg at icann.org>; Avri <avri at doria.org>
> Subject: [CPWG] Readout from ICANN79 ALAC Plenary Session #2 - Building
> Trust on the Internet Through Registrant Verification
>
> Hello All,
>
> Below please find a readout in connection with the ALAC Plenary Session
> that Avri and I co-moderated during ICANN79.
>
> Best regards,
>
> Michael
>
> On 6-March-2024, the ICANN At Large Advisory Committee (ALAC) held a
> plenary session entitled "Building Trust on the Internet Through
> Registrant Verification" at the ICANN79 Community Forum in San Juan
> Puerto, Rico that Michael Palage and Avri Doria co-moderated. This
> session was inspired in part by a recent World Economic Forum report
> entitled "Reimagining Digital ID" that noted "[d]espite a sustained
> focus on ID, the increasingly widespread use of digital technologies,
> and the rapid development of AI, the internet lacks an ID layer." This
> session focused on innovations by TLD registry operators (both gTLD and
> ccTLD) that are increasing trust in their respective namespace using
> enhanced registrant verification, and how this innovation can have an
> impact beyond the domain name marketplace.
>
> Listed below is a summary of each speaker's comments along with a link
> to their respective presentation in the order they presented.
>
> Finn Petersen, the Danish Director of International ICT Relations
> Agency for Digital Government, provided a presentation [1] on the
> recently enacted European Network and Information Security Directive 2
> (NIS 2.0) and its potential impact on domain registration authorities.
> Finn specifically addressed Article 28 and its requirements regarding
> the collection, verification, and publication of domain name registrant
> data. Finn is uniquely qualified to provide insight on Article 28 as he
> is the Chair of Work Stream (WS) on WHOIS that currently encompasses a
> Task Force on Verification and Legitimate Access.
>
> Karla McKenna, Managing Director/Head of Standards at the Global Legal
> Entity Identifier Foundation (GLEIF) provided a presentation [2] on the
> establishment of GLIEF in 2011 to create global unique Legal Entity
> Identifiers (LEIs) to identify parties in financial transactions. Karla
> explained how GLIEF has used 38 global partners to issue over 2 million
> LEIs and the recent innovation of verifiable LEIs (vLEIs). vLEIs enable
> Zero Trust Architecture for Organizational Identifiers through
> Verifiable Provenance and Instate Revocation State Verification.
>
> Avri Doria, a research consultant, then spoke on the various standards
> (some complimentary and some competitive) surrounding digital identity
> and why it is so hard to find a universal solution. Avri produced a
> readout of her presentation via a short blog [3] available where she
> included a compilation of current and evolving standards in various
> standard bodies to help educate those attempting to navigate the
> digital identity landscape.
>
> Lucas Prêtre, Telecommunication Engineer at the Swiss Federal Office of
> Communications OFCOM provided a presentation [4] about how OFCOM has
> historically handled registrant verification of legal entities through
> the use of an UID (Enterprise Identification Number) corresponding to
> the Swiss corporate identifier. Lucas also spoke about how OFCOM
> intends to expand registration of .SWISS domains to natural persons
> through the use of a UPI (Unique Person Identification) in 2024.
> Another unique aspect of the .SWISS TLD that Lucas discussed is how
> they have integrated the UID and UPI into the registry via the
> "publicID" in the WHOIS/RDAP protocol.
>
> Niamh Lewis, Senior Digital Health & Policy Expert at the National
> Association of Boards of Pharmacy (NABP) gave a presentation [5] on how
> a 120 old US-based non-profit organization dedicated to protecting
> public health has leveraged its skill set in licensing and
> accreditation to vet registrants in the .pharmacy TLD. Niamh also
> shared how domain name registrants in .pharmacy can use their
> registration as a fraud-proof seal that is recognized by third-party
> stakeholders, such as Google, Bing, TikTok, Twitter/X, Reddit, Visa and
> Mastercard.
>
> Craig Schwartz, Managing Director, fTLD Registry Services spoke [6]
> about the importance of security in the operation of the .Bank and
> .Insurance domains and the various security innovations they have
> implemented. Craig also spoke about fTLD's continued enhancements
> regarding registrant verification and how 80% of .Bank registrants
> already have an existing GLEIF LEI.
>
> Thomas Keller, Executive Board Member DENIC presented [7] on how DENIC
> has worked in collaboration with its 290 Members to implement
> appropriate safeguards they believe comply with the requirements of NIS
> 2.0 before the end of the year. As one of the world's largest TLDs with
> over 17 million domain names under management, DENIC was looking for an
> approach that would not only meet its immediate needs but also provide
> a future-oriented, scalable, and risk-based approach. The solution
> presented proposes a Traffic Light Risk Assessment (red, yellow, green)
> toward domain name registrant verification that relies heavily upon
> close coordination with its Registrar Members.
>
> Bruce Tonkin, Chief Operating Officer at .au Domain Administrator
> (auDA), spoke [8] about auDA has incorporated Registrant verification
> of natural and legal persons into their normal business operations to
> comply with Australian nexus requirements. Bruce also spoke to how .au
> has had low volumes of malicious registrants with those instances
> generally associated with stolen identities.
>
> Jaromir Talíř, Technical Fellow at CZ.NIC, provided [9] a historical
> overview of the pioneering work that CZ.NIC has been engaged in the
> area of registrant verification over the past 18 years. These
> innovations include, but are not limited to: the rollout of MojeID
> (digital identity service) in 2010; participation in RegeID, a joint EU
> project involving 4 ccTLD exploring the use of eIDs; and their current
> active participation in one of the four Large-Scale eIDAS 2.0 pilots
> involving the European Digital Identity Wallet.
>
> Timo Võhmar, Head of Business and IT Development at the Estonia
> Internet Foundation, spoke [10] about .EE's commitment to registrant
> verification since 2010, and spoke of some of the challenges they have
> faced with foreign registrants. Timo also shared a new eeID initiative
> leveraging FIDO and passkeys to promote the use of federated
> user-centric identifiers and enhanced multi-factor authentication.
>
> Jacques Latour, Chief Technology & Security Officer at CIRA presented
> [11] on CIRA's involvement in various IETF working groups and a recent
> report that he co-authored entitled A trust Layer for the Internet is
> Emerging [12]. Jacques also spoke about various CIRA pilots involving
> verified registrant credentials. Some of the additional work that
> Jacques and CIRA have been involved in was also discussed during two
> other ICANN79 sessions: DNS Trust Panel [13] and eID Panel Discussion
> [14].
>
> A Zoom recording from this ALAC Plenary session is available from the
> ICANN website at
> https://icann.zoom.us/rec/share/RHdhIaT_AQ94rO49u1LbU0HxjSZKdx_Z8KlHL-bm5kG_3dx_eJr9wQgUF_oKyJxl.BLiD6CxPZzXCSPXc?startTime=1709756148000
> [15]
> _______________________________________________
> CPWG mailing list
> CPWG at icann.org
> https://mm.icann.org/mailman/listinfo/cpwg
>
> _______________________________________________
> By submitting your personal data, you consent to the processing of your
> personal data for purposes of subscribing to this mailing list
> accordance with the ICANN Privacy Policy
> (https://www.icann.org/privacy/policy) and the website Terms of Service
> (https://www.icann.org/privacy/tos). You can visit the Mailman link
> above to change your membership status or configuration, including
> unsubscribing, setting digest-style delivery or disabling delivery
> altogether (e.g., for a vacation), and so on.
> _______________________________________________ CPWG mailing list
> CPWG at icann.org https://mm.icann.org/mailman/listinfo/cpwg
> _______________________________________________ By submitting your
> personal data, you consent to the processing of your personal data for
> purposes of subscribing to this mailing list accordance with the ICANN
> Privacy Policy (https://www.icann.org/privacy/policy) and the website
> Terms of Service (https://www.icann.org/privacy/tos). You can visit the
> Mailman link above to change your membership status or configuration,
> including unsubscribing, setting digest-style delivery or disabling
> delivery altogether (e.g., for a vacation), and so on.
Links:
------
[1]
https://community.icann.org/download/attachments/292978838/Presentation%20-%20NIS%20CG%20%20-%20WS%20WHOIS%20-%20ALAC%20Plenary-%20Verification%20-%2029.02.24%20-%20FPT%20%20-%20%20Read-Only.pdf?version=1&modificationDate=1709668949000&api=v2
[2]
https://community.icann.org/download/attachments/292978838/2024-03-06_Organizational-Identity-LEI-vLEI-ICANN_v1.0_final.pdf?version=1&modificationDate=1709653690000&api=v2
[3] https://medium.com/@doriavr/why-is-it-so-hard-8f55ef531913
[4]
https://community.icann.org/download/attachments/292978838/ICANN79_ALAC_dotSwiss_registrant_verif.pdf?version=1&modificationDate=1709668635000&api=v2
[5]
https://community.icann.org/download/attachments/292978838/NABP-deck%5B1%5D.pdf?version=1&modificationDate=1709728975000&api=v2
[6]
https://community.icann.org/download/attachments/292978838/ICANN79-ALAC-Plenary-fTLD%20%28f%29%5B3%5D%20%20-%20%20Read-Only.pdf?version=1&modificationDate=1709730479000&api=v2
[7]
https://community.icann.org/download/attachments/292978838/DENIC_Verification%5B1%5D%20%20-%20%20Read-Only.pdf?version=2&modificationDate=1709731659000&api=v2
[8]
https://community.icann.org/download/attachments/292978838/alac-session-registrant-verification-6March2024.pdf?version=1&modificationDate=1709741326000&api=v2
[9]
https://community.icann.org/download/attachments/292978838/Jaromir%20ICANN79-ALAC-CZ.pdf?version=1&modificationDate=1709729364000&api=v2
[10]
https://community.icann.org/download/attachments/292978838/ICANN%2079%20-%20ALAC%20eeID%20panel.pdf?version=2&modificationDate=1709732440000&api=v2
[11]
https://community.icann.org/download/attachments/292978838/Latour-CA-ALAC.pdf?version=1&modificationDate=1709653331000&api=v2
[12]
https://www.cira.ca/uploads/2023/12/2023_A-trust-layer-for-the-internet-is-emerging_-report-%E2%80%93-Continuum_CIRA.pdf
[13]
https://icann79.sched.com/event/1a1CA/dnssec-and-security-workshop-1-of-3
[14] https://icann79.sched.com/event/1a1DU/tech-day-3-of-4
[15]
https://icann.zoom.us/rec/share/RHdhIaT_AQ94rO49u1LbU0HxjSZKdx_Z8KlHL-bm5kG_3dx_eJr9wQgUF_oKyJxl.BLiD6CxPZzXCSPXc?startTime=1709756148000
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/cpwg/attachments/20240326/c74d7053/attachment-0001.html>
More information about the CPWG
mailing list