- Raw 0.0.1 [2024-06-12] (for information on this versioning scheme, see Status & Versioning)
- Copyright ©️2024 by Christopher Allen, and is shared under CC-BY-SA-4.0 open-source license. See my Lists of High-Signal, Low Noise Links repo's README.md for more details.
-
Progressive Trust (2004). [web article]. Allen, Christopher. Retrieved 2024-06-12 from Life With Alacrity: https://www.lifewithalacrity.com/article/progressive-trust/.
TAGS: #ProgressiveTrust #HumanTrust #DigitalTrust #SocialSoftware #Cryptography #SSL #UserInterfaceDesign #ProgressiveDisclosure #DigitalCollaboration #TrustModels
PERSONAL NOTE: This is the first article, from, 2004 where I discuss the design pattern of Progressive Trust. I've first started using the term in the mid-90s in my work with IETF on SSL/TLS."
SHORT ABSTRACT: "The article introduces 'Progressive Trust,' a model of building trust incrementally in human interactions and digital environments. It draws parallels between human social trust mechanisms and digital trust systems, advocating for trust models that grow and adapt based on mutual engagement, credentials, and shared experiences."
KEY POINTS:
- Incremental Trust Building: Trust is developed progressively through interactions and shared experiences.
- Human vs. Digital Trust: Contrasts human trust processes with rigid, algorithmic digital trust systems.
- Credential Exchange: Trust grows as individuals exchange credentials and verify them.
- Experience-Based Trust: Trust deepens through commitments and verified actions over time.
- SSL Example: SSL is highlighted as a digital trust model aligned with progressive trust principles.
- Progressive Disclosure: User-interface design technique that aligns with progressive trust by revealing complexity gradually.
- Collaboration and Trust: Successful collaboration is built on progressive trust, evolving from small interactions to deeper commitments.
- Cultural Embodiment: Trust models should consider the implicit levels of trust within group cultures.
- Flexibility in Trust Systems: Digital tools should support various levels of trust, not just binary states.
KEY QUOTES:
- "You are now spending your most precious resource, that most unrenewable commodity – time, in order to listen and understand what I have to say."
- "Computer trust rarely works the way that human trust does. It starts with mathematical proofs...seeking a level of 'perfect trust' that is rarely required by human trust."
- "SSL starts out very simple–first it just connects two parties, then it establishes simple confidentiality between them."
- "Look at the tools that you are using now – do they support various levels of trust, and a natural path between them? … Are there implicit levels of progressive trust that are part of the culture of your group that might not embodied in the software itself?"
-
Musings of a Trust Architect: Progressive Trust (2022). [web article]. Allen, Christopher. Retrieved 2024-12-05 from Life With Alacrity: https://www.lifewithalacrity.com/article/musings-progressive-trust/. Also available 2024-12-05 from Blockchain Commons: https://www.blockchaincommons.com/musings/musings-progressive-trust/.
TAGS: #ProgressiveTrust #DecentralizedSystems #HumanRights #DataPrivacy #DigitalIdentity #TrustModels #ZeroTrust #TrustArchitect #ChristopherAllen
PERSONAL NOTE: Currently my most comprehensive article on the topic of Progress Trust as a design pattern in the architectures of trust."
SHORT ABSTRACT: "Progressive trust is a dynamic, evolving process where trust builds through successful interactions over time, contrasting with classical centralized trust models or zero-trust approaches. It supports individual autonomy and privacy by defending against coercion and privacy violations. This article outlines essential technical capabilities for progressive trust, including data minimization, elision, escrowed encryption, selective disclosure, and decentralizaiton, crucial for protecting human rights and dignity in decentralized systems."
FULL ABSTRACT: "Progressive trust is the concept that trust is not a binary state but instead a dynamic and evolving process involving gradually learning about your partners through successful interactions over time. It contrasts with classical models of trust that rely on singular authentication or centralization, or mandate the use of strict “trust frameworks” and “trust registries”, or zero-trust models, which assume that trust should never be relied upon. Progressive trust is how trust works in the real world, between people and groups. Architectures for trust that support progressive trust are critical for protecting human rights and dignity, as they allows individuals to defend against coercion and violations of their privacy, autonomy, agency, and control. The article outlines essential technical capabilities for implementing progressive trust, including data minimization, elision, escrowed encryption, selective disclosure, and decentralized systems."
KEY POINTS:
- Progressive Trust Model: Advocates for building trust over time through repeated successful interactions, mirroring real-world human trust.
- Contrasts with Traditional Trust: Differentiates from traditional authentication mechanisms and centralized models.
- Zero-Trust Model Critique: Highlights issues with zero-trust models that rely on centralized trust registries.
- Human Rights Focus: Emphasizes protecting privacy, autonomy, and agency through trust architecture.
- Technical Capabilities: Describes necessary capabilities like data minimization, elision, and cryptographic selective disclosure.
- Flexible Design Principles: Advocates for modular, scalable credentials and proofs to adapt to changing trust requirements.
- Challenges of Non-Binary Trust: Discusses the complexity of non-binary and evolving trust levels.
- Risks of Centralization: Points out the vulnerabilities and coercion risks in centralized trust registries.
- Real-Life Trust Mechanisms: Encourages modeling trust mechanisms found in human interactions digitally.
- Future Applications: Suggests that progressive trust will grow in importance as decentralized systems evolve.
KEY QUOTES:
- "Progressive trust is based on the idea that trust is not a binary state but instead a dynamic and evolving process involving gradually learning about your partners through successful interactions."
- "The basic idea behind progressive trust is to model how trust works in the real world, between real people, groups, and businesses, rather than solely relying on mathematical or cryptographic trust."
- "This architecture is critical for protecting human rights and dignity, as it allows individuals to defend against coercion and violations of their privacy, autonomy, agency, and control."
- "The traditional algorithmic mechanism for building trust is to verify every interaction or transaction as 'trusted.' This is often done through authentication mechanisms such as passwords or digital certificates and/or by identifying interactions as being inside a trusted firewall or VPN. However, these mechanisms can be easily compromised and do not adequately capture the dynamic and evolving nature of trust between people and groups."
- "Trust registries create new risks of centralization and vulnerability to coercion. In addition, trust registries may not be able to capture the dynamics of trust-building over time, which can be vital to building trust in complex or evolving systems. Further, trust registries can become outdated or irrelevant as requirements and details change for each party, resulting in gaps that make it difficult to determine the authenticity and reliability of new data with a privacy-breaking 'phone home.'"
- "The problems with trust registries highlight the importance of using architectures that support the autonomy and agency of all parties. Progressive trust offers this alternative through its model of how trust is built and maintained in the real world. It is based on the idea that trust is not a binary state but rather a dynamic and evolving process."
- "This progressive trust architecture protects human rights and dignity in a way that traditional models do not. Unlike traditional models of trust, progressive trust instead focuses on the choices of each party, allowing individuals to defend against coercion, financial and data loss, and violations of their privacy and authority."
- "Specific technical capabilities must be in place to support a progressive trust architecture. These include data minimization, elision/redaction, escrowed encryption, and various cryptographic selective disclosure techniques. Data minimization, for example, involves limiting the amount of shared data to the minimum necessary to protect privacy and reduce the risk of data loss or harm."
- "Ultimately, mechanisms must be put in place to ensure that the progressive trust architecture is secure and resilient. Robust software security development techniques and practices must be used, including requiring proper cryptographic security reviews and developing decentralized governance models that can support the decision-making processes necessary for building and maintaining trust in the system."
- "Progressive trust offers an important new alternative to traditional and zero-trust models for online trust. By understanding and applying the principles of how human trust and collaboration work in real life, we can build trust and collaboration more naturally and effectively."
-
Musings of a Trust Architect: Data Minimization & Selective Disclosure (2023). [web article]. Allen, Christopher. Originally published in Life With Alacrity (2023), retrieved 2024-12-06 from: https://www.lifewithalacrity.com/article/musings-data-minimization/. Cross-posted to Blockchain Commons (2023) at: https://www.blockchaincommons.com/musings/musings-data-minimization/.
TAGS: #DataMinimization #SelectiveDisclosure #ProgressiveTrust #DigitalIdentity #Privacy #GDPR #Cryptography #ZeroKnowledgeProofs #BlindSignatures #DecentralizedIdentity #ISOStandards
SHORT ABSTRACT: "This article discusses the principles and applications of data minimization and selective disclosure, essential techniques for enhancing privacy and security in digital identity systems. It covers regulatory frameworks like GDPR and cryptographic methods including zero-knowledge proofs and blind signatures."
FULL ABSTRACT: "This article explores data minimization and selective disclosure, key techniques for enhancing privacy in digital identity systems. Christopher Allen discusses regulatory frameworks like GDPR and CCPA, and cryptographic methods such as zero-knowledge proofs and blind signatures. The article addresses the challenges of balancing data minimization with business needs, and the benefits for stakeholders, including reduced data breach risks and increased user control in decentralized identity solutions. Additionally, it highlights the need for standards to ensure compliance and protecting personal data."
KEY POINTS:
- Data Minimization: Limiting data collection to only what is necessary for a specific task to protect privacy.
- Regulatory Frameworks: GDPR, CCPA, and other regulations mandate data minimization practices.
- Selective Disclosure: Sharing only specific pieces of information to prevent unnecessary data exposure.
- Cryptographic Techniques: Use of hashes, zero-knowledge proofs, and blind signatures for selective disclosure.
- Implementation Challenges: Balancing data minimization with business needs and user consent issues.
- Standards and Compliance: ISO standards related to data protection and privacy.
- Benefits for Stakeholders: Protecting user privacy and reducing risks for verifiers and issuers.
- Use Cases: Applications in digital credentials and identity systems.
KEY QUOTES:
- "Data Minimization is the practice of limiting the amount of shared data to the minimum necessary."
- "Selective Disclosure allows individuals or organizations to share only specific pieces of information, rather than sharing all of them."
- "Cryptographic Selective Disclosure leverages cryptography to allow individuals to selectively share specific pieces of their information while keeping the rest of their information private."
- "The General Data Protection Regulation (GDPR) enforces the principle of data minimization as a core requirement for protecting personal data."
- "Zero-Knowledge Proofs enable one party to prove to another that a statement is true without revealing any information beyond the validity of the statement itself."
- "Blind Signatures are a form of digital signature in which the content of a message is disguised (blinded) before it is signed, providing a way to ensure the privacy of the message content."
- "Decentralized Identity solutions aim to give individuals control over their own digital identities without relying on centralized authorities."
- "Data minimization techniques reduce the risk of data breaches by minimizing the amount of data that needs to be protected."