List of Contributors
Neil Thomson – QueryVision
PII/SD – a broader capture of personal data to include Personally Identifiable Information (PII) and (personally) Sensitive Data (SD). Examples: medical or financial records or location history
Several problems currently remain unsolved in the ToIP stack and SSI in general, which appear a natural fit for a digital equivalent of a “Notary public” as a trusted independent agent (or agent/agency), which may be a combination of human and computational services.
In the SSI book scenario, “Alice sells the car to Bob”, the transaction is completed between Alice and Bob directly. They individually deal with car financing, payment, ownership exchange, and license transfer themselves.
This paper builds on that scenario with “Bob buys a house from Alice”. A home purchase is an example of a more complex, real-world transaction. In the non-SSI world, it typically involves formal agreements and can require personal guarantees, exchanging PII through a Lawyer or “Notary Publique/Public Notary”.
A Notary acts as a trusted 3rd party for both Bob and Alice. The Notary’s duties include ensuring documentation is complete, issues are resolved (state of the home/property), creating a sale contract, doing various searches and registration updates, overseeing fund transfers, paying taxes, etc.
The rationale for working through an SSI version of a home sale is to explore how to structure online transactions in a privacy-preserving manner while preventing the following scenario:
- A Financial transaction between individuals fails– Alice agrees to a financial transaction with Bob to provide a service via a direct person-to-person peer-DID (“contextual” identities) connection with some VC/proof exchange to establish trust, but otherwise avoiding the exchange of PII or root identity.
- Bob accepts payment from Alice, then dissolves the relationship by tearing down the communication channel, wipes any record of Alice or their own contextual identity (peer DID), does not provide the service and when eventually found by Alice, disputes the agreement.
As a side benefit, this scenario also explores the Digital Notary role as a transaction assistant, acting as a trusted delegate of both Bob and Alice.
The direct Bob/Alice interaction model of “Alice sells the car to Bob” was intended to show that SSI interactions can handle real-world transactions. The example includes a person-to-person transaction using DIDS that includes a car as an SSI entity in its own right, with its own independent identity and related records.
Given that base, how does SSI handle the more complex day-to-day transactions, including inter-personal and person-to-organization transactions?
Online Transactions and the ability to negotiate – Currently, a standard way of handling online interpersonal transactions is via a service like PayPal. The problem is that the individual frequently has no control over the transaction “contract” nor the ability to negotiate.
A case in point is buyers and sellers using PayPal as a transaction broker, where “Legal Agreements for PayPal Services” primarily protects PayPal vs. Buyers, Sellers or the actual money transfer.
This problem is resolved in “human space” via agreements negotiated directly or through a 3rd party, including penalties or holdbacks (or performance bonds).
Privacy – Bob and Alice are most likely strangers who, for most interactions, only need to establish contextual identities, with trust established for the current context.
In human space, transactions that can result in (financial) harm (such as selling a home) require bank-level KYC level identification verification. This is required to reach either party should terms and conditions in a contract not be met or damages sought.
As was debated at IIW 33, you only have complete control of your personal data (and privacy) if you don’t interact with anyone or anything, in person or digitally.
The human space solution is to interact via a mutually agreed trusted 3rd party.
This also serves to address the problem for Bob and Alice, that they may not be aware of all the tasks that are required in a transaction that does not result in injury to one or both parties.
What could a digital, SSI version of the human space solution look like?
Requirements for the Solution
Buying and selling a house has potential complications which could financially impact the Buyer or Seller. So the overall requirement is to protect the buyer and seller through:
- Ensuring that all financial and non-financial issues related to the property and home are known and transparent to the Buyer and Seller
- That the parties in the transaction MUST be identified to a bank-level “know your customer” to ensure complete transparency and accountability, including that:
- The Seller is, in fact, the owner and is authorized to sell
- That there are guarantees, with enforcement, on redressing financial and physical problems with the home and property after closing the sale
- That the Seller will be paid, in full by the Buyer
- That the Buyer is entitled to purchase the property (citizenship requirements)
- That the privacy and PII/SD data of the Buyer, Seller (and any other parties) must not be disclosed to other parties in the transaction.
- That any disputes about the property or home are known and addressed
- That all documentation, taxes and other process steps are completed correctly.
- The buyer and seller do not personally have to be experts on houses, properties, or a house sale’s legal ramifications.
- That the solution provides a framework for semi or fully automating the transaction process, contracts and other agreements, that provides for governance as an integral component
- Provide a mechanism for different jurisdictions to provide a model and mechanism for organizations to incorporate governance controlled contracts, terms and conditions
Note: For this discussion, a Digital Notary is a service that spans the range from a human Notary Public with digital tools to a fully computational home sales process and contracting service, realizing a complete service as a “smart contract”. The same is assumed of other services in this Scenario.
The following is proposed:
An independent agent (Digital Notary) works as a trusted intermediary for parties in transactions within a framework that allows for partial or complete automation of the transaction workflow, including support for formal or “smart” contracts.
The Digital Notary is a first-class SSI entity that can establish communication channels with the parties and supporting services, including establishing trust and exchange of Verifiable Credentials.
The Digital Notary (software components) and its collection of related services must be subject to, and certified by, governance authorities (or delegated agencies) for the jurisdiction(s) in which they will operate.
A Digital Notary may collect “know your customer”/”Foundational Identity” PII data from the Buyer and Seller to do the following:
- Bind the buyer and seller to terms and conditions in the house sales contract such that they can be “reached” in the case of a dispute or where “performance bonds” (or equivalents) are required
- Obtain delegation from the Buyer and Seller to collect and verify with financial institutions, land registry and financial Lien registries any and all documentation concerning the potential pitfalls about the buyer, seller and the house/property. This may include delegation to make and receive payments on behalf of the parties.
The current practice for non-digital house sales provides PII (root identity class information) of the Buyer, Seller, and potentially other parties in the sales contract/agreement and related “paperwork” distributed to the Buyer and Seller.
With this proposal, privacy can be increased through the Notary holding (in trust) the only copy of the complete documentation, including full PII/SD information. The Buyer and Seller receive depersonalized copies.
Disputes on the transaction would be via the Notary of record or delegated to another trusted 3rd party (Lawyer, Courts, etc.) through formal means.
Bob and Alice have agreed that Bob will buy Alice’s house. They have collected the required information and are ready to proceed:
- Bob and Alice create a session with a Digital Notary (DN) Service, where a list of qualified Digital Notaries which can handle house sales in their (governance) jurisdiction(s) are presented. Both parties work to select and agree on the Digital Notary (DN) used.
- The selected DN is instantiated and establishes connections with Bob and Alice, establishing trust as a licensed, governed entity using standard SSI workflow.
- The DN establishes the specifics of the house sale transaction from Q & A with Bob and Alice, including collecting initial information on the property and house, which may be in the form of documents, claims or VCs, plus any other pertinent information to establish the “components” needed to complete the transaction and any conditions.
- The contracts (and other document types) made available for the transaction are from a jurisdiction governed repository of templates, including contract types, terms, clauses, permissible conditions, plus supporting documents, executables, etc. that are required (and optional) and are compatible with the transaction.
- The DN requests the required level of identity and delegation authority to complete the transaction
- Bob and Alice are requested to provide “know your customer” level (aka “foundational”) identities and grant access to the underlying identity claims to the DN, which the DN verifies with the Issuer(s)
- Bob and Alice are asked to delegate the DN the rights to act on their behalf for specified financial transactions, access to house-related information registries and to update or create new entries with specified agencies and services. This may involve using Foundational class identifiers.
- The DN interacts with Bob and Alice to collect information to determine the clauses, terms and conditions of the (house sales) contract, which may be constrained by the jurisdictional template(s).
- This may include resolution of issues with the property (roof repair) prior to the sale or conditions (a property survey is required, which must not find blocking issues)
- The DN may construct manual or automatic logic on steps taken (and verified) and payments to be exchanged as part of the contract
- This will likely include the handover of the property and occupancy steps for the new owner (Bob).
- This may include holdbacks or performance bonds on post-sale warranties for work done or unknown defects
- Bob and Alice (crypto) sign the contract.
- The contract is now in execution mode, which will use notifications and events with Bob’s and Alice’s personal Agents to inform each of the obligations, confirm completion of clauses in the contract with completion events from those Agents.
- Bob and Alice get copies of the contract(s) and other documents related to the house sale where Bob, Alice and any other parties are de-identified.
- The DN registers the contract within the DN trust framework with all the related documentation, including “foundational” identities of the parties
- On completion of the contract (including expiry of any conditions, the DN archives the house sale artifacts and “dissolves”
- Access to the house sale archive for non-performance of the contract or later discovered issues may be requested with a jurisdiction controlled court order or equivalent.
Pros, Cons and Vulnerabilities
- Provides an SSI “pattern” of allowing PII information to be used in any interaction between parties in a manner via an independent entity that uses has mechanisms to capture and use PII without disclosure outside the transaction.
- Provides a mechanism to immediately use human notaries (or equivalent) as the “glue” using SSI to connect with Bob, Alice and all the related services and agencies in an SSI transaction contract, with the ability to migrate over time to fully automated digital notary/SSI contracts, starting with simple online purchases and moving to more complex contracts over time
- “Smart” Contracts are just in their infancy and primarily focused on crypto-coin and currency exchange to non-crypto, so how they evolve is speculation.
- Unknown – However, the intent is that all the components of the “contract framework” and “digital notary” concepts are that all the components would be 1st class SII components and subject to the same rigour and security standards.
Other ToIP areas impacted