[Openid-digital-directives] Meeting Notes - January 8, 2025

Dean Saxe dean.saxe at beyondidentity.com
Tue Jan 14 21:48:41 UTC 2025 

Good afternoon,

Below please find the notes for the DADE CG meeting on January 8, 2025.  If
you have any questions or corrections for the notes, please let me know.
The notes may also be found at
https://github.com/openid/death-and-the-digital-estate/wiki/2025%E2%80%9001%E2%80%9008-Minutes
.


   -

   Attendees
   - Dean H. Saxe
      - @xmlgrrl (Eve Maler)
      - George Fletcher
      - Victor Lu
      - Mike Kiser
   -

   Welcome and antitrust policy reminder - note it well!
   -

   Note taker? Eve
   -

   Agenda bashing
   -

   DADE CG meetings update
   - This is the first instance of the APAC friendly meeting time.
      - Meetings will alternate every other week, rotating between APAC and
      EU friendly times.
      - We'll monitor feedback and adjust meeting times further, if needed
      - Meeting agenda and minutes will be posted on GitHub
      <https://github.com/openid/death-and-the-digital-estate/wiki/DADE-CG-Meeting-Agendas-&-Minutes>.
      The chairs will develop an agenda ~1 week before each meeting.
Minutes will
      be posted shortly after a meeting conlcudes.
   -

   Open Issues
   -

      Implications of personhood tokens and DADE
      <https://github.com/openid/death-and-the-digital-estate/issues/9>
      - Ian has brought up questions of delegation, non-human delegation in
         particular
         - Eve adds questions of "living or non-living person" vs. other
         more-classic personhood statuses, and potential issues with
caching of a
         credential during when someone has passed
         - George brings up the question of TTL of refresh tokens, and
         evidence (or lack thereof) of proof of survivorship
instructions e.g. for
         car registrations
         - Some government agencies get a feed of death notice
         notifications, which eventually allows alignment in their systems
         - Potential Shared Signals role in such notifications?
         - Different US states are inconsistent in capturing death info -
         many opportunities missed to convey changed status
         - It would be useful to be able to operate on the "set of
         accounts" held by a person who has passed away, e.g. as
represented in a
         password manager
         - US seems generally uncoordinated and disconnected - are there
         any other geos that handle things better, to learn from?
            - Action: Eve to see if Jeff Schwartz of Dentity is interested
            to weigh in, based on other personhood conversations she's
had with him
            - Action: Mike K to explore SSF opportunities here with other
            stakeholders
         -

      DADE Wiki
      <https://github.com/openid/death-and-the-digital-estate/issues/17> -
      We have a GitHub wiki that needs to be refactored, looking for volunteers.
      - Create pages for resources
         - Organize use cases currently captured in issues
         - Navigation
         - Does Heather Flanagan have expertise on this type of wiki that
         she'd be willing to contribute?
         - This tech is very flat and page-centric
      -

      Document known mechanisms for legacy contacts on large providers
      <https://github.com/openid/death-and-the-digital-estate/issues/18> -
      Dean has added a template and a handful of providers. DADE members are
      encouraged to document their own experiences.
      - Please add additional services as pull requests. Having this
         information will help the CG deliver educational materials.
         - Our progress here has slowed for the moment otherwise
      -

      Apple Legacy Contacts - Federation of multiple iCloud accounts?
      <https://github.com/openid/death-and-the-digital-estate/issues/20>
      - Apple seems to have done a lot of work to align multiple logins
         into an automatically federated "Apple Account" (what used to
be "Apple ID")
         - Flows adjacent to Legacy Contacts, which worked well, are not so
         copacetic
         - Password changes are confusing (and frightening!)
         - Generating app-specific passwords have a similar issue
            - Action: Eve to write up the password change problem for Dean
            to share with Apple associate Ricky
         -

      Create educational materials ahead of Cyber Security Awareness Month
      2025
      <https://github.com/openid/death-and-the-digital-estate/issues/23>
      - Add feedback to the issue to determine what materials can be
         delivered.
         - Dean is planning and doing a lot of work at home to experiment
         with good practices and put together helpful resources
      -

      Create a short questionnaire regarding the legal/regulatory landscape
      <https://github.com/openid/death-and-the-digital-estate/issues/25>
      - Hopeful for one or more attorneys to join our calls soon
      -

      Development of use cases - Review and ask for feedback/additional use
      cases
      - Use Cases
         <https://github.com/openid/death-and-the-digital-estate/issues?q=is%3Aissue+is%3Aopen+label%3A%22Use+Case%22>
         - In-call ideation follows...
            - Verifiable credential without being verified? Make the
            assumption be that you are not real until proven
otherwise? Is that viable
            with naturally-trusting humans?
            - Un-identifiable-owner account management and risk of ATO e.g.
            in the case of GitHub repo management
            - "Anonymous" accounts and the tension with platforms that
            require "real" identities
            - Where people have learned that identifiers are easy to spoof,
            they do tend to switch to "allow-list only", e.g. with
phone spam - even
            though there are protocols to fix this (SHAKEN/STIR
            <https://en.wikipedia.org/wiki/STIR/SHAKEN>), they're not easy
            to propagate through the ecosystem
            - New use case idea from George: AOL alumni thread that got
            started by someone who has since passed - casual comms
situation that puts
            someone in an awkward position for notification
            - Should death certificates be on a public blockchain? But then
            how to know what accounts correlate with them? And how to
avoid abuse of
            the information by making it "more public"?
         -

   2025 Conferences & DADE
   - IIW
         - Dean planning to attend and convene at least one session
      - Identiverse CFP (Complete)
         - Dean submitted a panel session
      - EIC
         - Eve submitted a panel session
      - Authenticate 2025
         - No CfP open yet
      -

   Any Other Business
   - Mike K shared this relevant video
      <https://www.youtube.com/watch?v=9FdHq3WfJgs>



Thank you,
-dhs
--
Dean H. Saxe, CIDPRO <https://idpro.org/cidpro/>
Principal Engineer
Office of the CTO
Beyond Identity
dean.saxe at beyondidentity.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-digital-directives/attachments/20250114/f86daae0/attachment.htm>

More information about the Openid-digital-directives mailing list