2025‐01‐08 Minutes - openid/death-and-the-digital-estate GitHub Wiki

2025-01-08 Agenda

  • Attendees

    • Dean H. Saxe
    • @xmlgrrl (Eve Maler)
    • George Fletcher
    • Victor Lu
    • Mike Kiser

  • Welcome and antitrust policy reminder - note it well!

  • Note taker? Eve

  • Agenda bashing

  • DADE CG meetings update

    • This is the first instance of the APAC friendly meeting time.
    • Meetings will alternate every other week, rotating between APAC and EU friendly times.
    • We'll monitor feedback and adjust meeting times further, if needed
    • Meeting agenda and minutes will be posted on GitHub. The chairs will develop an agenda ~1 week before each meeting. Minutes will be posted shortly after a meeting conlcudes.

  • Open Issues

    • Implications of personhood tokens and DADE

      • Ian has brought up questions of delegation, non-human delegation in particular
      • Eve adds questions of "living or non-living person" vs. other more-classic personhood statuses, and potential issues with caching of a credential during when someone has passed
      • George brings up the question of TTL of refresh tokens, and evidence (or lack thereof) of proof of survivorship instructions e.g. for car registrations
      • Some government agencies get a feed of death notice notifications, which eventually allows alignment in their systems
      • Potential Shared Signals role in such notifications?
      • Different US states are inconsistent in capturing death info - many opportunities missed to convey changed status
      • It would be useful to be able to operate on the "set of accounts" held by a person who has passed away, e.g. as represented in a password manager
      • US seems generally uncoordinated and disconnected - are there any other geos that handle things better, to learn from?
        • Action: Eve to see if Jeff Schwartz of Dentity is interested to weigh in, based on other personhood conversations she's had with him
        • Action: Mike K to explore SSF opportunities here with other stakeholders

    • DADE Wiki - We have a GitHub wiki that needs to be refactored, looking for volunteers.

      • Create pages for resources
      • Organize use cases currently captured in issues
      • Navigation
      • Does Heather Flanagan have expertise on this type of wiki that she'd be willing to contribute?
      • This tech is very flat and page-centric

    • Document known mechanisms for legacy contacts on large providers - Dean has added a template and a handful of providers. DADE members are encouraged to document their own experiences.

      • Please add additional services as pull requests. Having this information will help the CG deliver educational materials.
      • Our progress here has slowed for the moment otherwise

    • Apple Legacy Contacts - Federation of multiple iCloud accounts?

      • Apple seems to have done a lot of work to align multiple logins into an automatically federated "Apple Account" (what used to be "Apple ID")
      • Flows adjacent to Legacy Contacts, which worked well, are not so copacetic
      • Password changes are confusing (and frightening!)
      • Generating app-specific passwords have a similar issue
        • Action: Eve to write up the password change problem for Dean to share with Apple associate Ricky

    • Create educational materials ahead of Cyber Security Awareness Month 2025

      • Add feedback to the issue to determine what materials can be delivered.
      • Dean is planning and doing a lot of work at home to experiment with good practices and put together helpful resources

    • Create a short questionnaire regarding the legal/regulatory landscape

      • Hopeful for one or more attorneys to join our calls soon

    • Development of use cases - Review and ask for feedback/additional use cases

      • Use Cases
      • In-call ideation follows...
        • Verifiable credential without being verified? Make the assumption be that you are not real until proven otherwise? Is that viable with naturally-trusting humans?
        • Un-identifiable-owner account management and risk of ATO e.g. in the case of GitHub repo management
        • "Anonymous" accounts and the tension with platforms that require "real" identities
        • Where people have learned that identifiers are easy to spoof, they do tend to switch to "allow-list only", e.g. with phone spam - even though there are protocols to fix this (SHAKEN/STIR), they're not easy to propagate through the ecosystem
        • New use case idea from George: AOL alumni thread that got started by someone who has since passed - casual comms situation that puts someone in an awkward position for notification
        • Should death certificates be on a public blockchain? But then how to know what accounts correlate with them? And how to avoid abuse of the information by making it "more public"?

  • 2025 Conferences & DADE

    • IIW
      • Dean planning to attend and convene at least one session
    • Identiverse CFP (Complete)
      • Dean submitted a panel session
    • EIC
      • Eve submitted a panel session
    • Authenticate 2025
      • No CfP open yet

  • Any Other Business