Speakers: Eve Maler, CTO, ForgeRock; Justin Richer, Principal Engineer, Bespoke Engineering; Adrian Gropper, CTO, Patient Privacy Rights
Date: Thursday, June 23, 2022
Location: Denver, CO

Description: This session will not be about governance or ethics, but rather a focus on human rights as a design principle for protocols that will drive the adoption of digital Identity and credentials at Internet scale. We hope to inspire cooperation between relevant standards bodies starting with W3C and IETF as we move beyond federated Identity and platform dominance. The human rights issue is to mitigate the often absolute sovereignty of credential issuers and consumers by making it obvious in both the technical and the regulatory sense when the issuer is reducing the capacity or choice of the subject through mandates like OAuth client credentials. For example, GNAP, as opposed to OAuth, makes it obvious when delegation is restricted without justification. Protocols are considered in the broader context of an Internet security layer such as Sam Smith’s KERI.

This session will focus on a case study on how a human rights framing would add value to both W3C and IETF protocol work rather than W3C or IETF process. Dare we go so far as to discuss the unfortunate gaming of process and governance as well as the difference between ethical principles and human rights examples?