2025‐01‐24 Minutes - openid/death-and-the-digital-estate GitHub Wiki

2025-01-24 Agenda

  • Attendees

    • Dean H. Saxe (Beyond Identity)
    • Sean Miller (RSA)
    • Lorrayne Auld
    • Gareth Narinesingh
    • Ryan Galluzzo (NIST - guest)
    • Mark Haine
    • Mike Kiser
    • Tim Reiniger
    • Victor Lu

  • Welcome and antitrust policy reminder

  • Meeting notes

    • Gareth with Eve supplementing

  • Agenda bashing

  • Discussion with Ryan Galluzo (NIST)

    • Open ended discussion with Ryan to learn about NIST's perspective on identity and digital estates

      • DS asked RH if NIST or US gov is looking at the issue of death and digital management of estate

      • RG responded that USGov is not technically focused on this issue, it is much more focused on the benefits of access enablement to gov services.

      • Social Security Agency (SSA) has policies around power of attorney etc.

      • This is interesting when you then consider the role of something like ID.me

      • Shared services among fed agencies bring up questions and opportunities with Login.gov

      • NIST IRs - interagency reports - white paper but not normative

      • 800-63 implications: recommending Credential Service Providers to have a policy about all this

      • RG stated that development at federal level is still not developed and he is interested to see if this OIDF CG can help

      • DS asked about the opportunity to normalize across agencies? We've heard of impacts through collecting stories

      • SSA maintains "master death file", structure unknown - daily download, not API. RG believes the file can be requested by commercial agencies and data services and aggregators are known to pull this data and offer it.

      • DS asked about the possibility of a digital death certificate, as a verifiable credential which could be used by families of the bereaved. RG believes that state jurisdictionsmake this very difficult, especially as each state might be receiving the data in different formats from different sources. Some of these sources may not even consider presenting in a future-proof digital format (eg. coroner's office).

      • MH asked about possible legislative solutions to retention of data post-death? NARA sets retention requirements; UK well along in a process for coroners to require data retention of child data as bullying evidence (see clause 132)

      • RG says that he will be able to introduce us to the SSA through his network. NB OIDF should avoiding lobbying unless we have consulted with our counsel.

      • RG suggest that the new administration's pro-crypto stance may be an opportunity to throw spotlight on crypto-asset recovery by a spouse. This is likeky to get some attention. https://www.whitehouse.gov/briefings-statements/2025/01/fact-sheet-executive-order-to-establish-united-states-leadership-in-digital-financial-technology/) on the subject :)

      • RG says that NIST is always open to hearing from us where we believe standards can help solve real world issues.

  • Open Issues

    • New topic: PHB advocacy of domain as persistent identifier/identity, possibly amplified by Aaron Parecki's recent advocacy of something similar (to be presented at OSW) – see also the DID method for DNS

    • Action: Mark and Eve to spend some time reviewing the OIDF [Authority] spec (https://openid.bitbucket.io/ekyc/openid-authority.html)" and come back to the group with recommendations around parent/child relationships.

    • Implications of personhood tokens and DADE

      • MK has reached out to the SSF group as requestedto raise awareness however it's still early days for a "death signal"!
      • Futures: personal control plane with a signal that can be sent out to listening legacy contacts? Innovation opportunity [IS THIS CORRECT?]

    • DADE Wiki - We have a GitHub wiki that needs to be refactored, looking for volunteers.

      • Create pages for resources
      • Organize use cases currently captured in issues
      • Navigation

    • Document known mechanisms for legacy contacts on large providers

    • Dean has added a template and a handful of providers. DADE members are encouraged to document their own experiences.

      • Please add additional services as pull requests. Having this information will help the CG deliver educational materials.

    • Create educational materials ahead of Cyber Security Awareness Month 2025

      • At the January 8 meeting Dean committed to writing an abstract for what we'll deliver in October. Just needs a bit of work to complete but will be useful for Cyber Security Awareness Month in October 2025.

    • Create a short questionnaire regarding the legal/regulatory landscape

      • Pending information from members of the legal / political community

    • Development of use cases - Review and ask for feedback/additional use cases

  • 2025 Conferences & DADE

    • IIW (Dean Saxe will attend and call a session)
    • Identiverse CFP (Completed by Dean Saxe)
    • EIC (Completed by Eve Maler)
    • Authenticate 2025 (CFP has not yet opened)

  • Any Other Business

  • DS will attempt to recover all of his keys as an example of the work required by a family member upon death. Point was made that it might be far harder for someone else to recover those keys.