Zoom

https://remotedesktop.google.com/support

Key Points

References

Reference_description_with_linked_URLs_______________________	Notes______________________________________________________________

https://www.govtech.com/computing/rhode-island-eyes-blockchain-based-identity-management-project RI-govtech.com-Rhode Island Eyes Blockchain-Based Identity Management Project.pdf FILE	Liz Tanner - GovTech - Next Steps for RI ID management - data lake & blockchain - 2022 Good to see Liz Tanner's plans for Digital IDs and Digital Government in Rhode Island are moving forward building on the success they had with their POCs using Hyperledger to simplify government processes, provide better customer service and improve data quality and privacy controls


com.infyblockchain.mywallet-Signed.apk
	UAT Readme doc

Key Concepts

Liz Tanner Presentation on RI SSI Digital Identity Solution MVP - Hyperledger Global Forum - 2022

https://www.youtube.com/watch?v=0W5rMRU3714

https://hgf22.sched.com/event/14H6e/hosted-discussion-rhode-island-leads-on-digital-identity-solutions-with-hyperledger-liz-tanner-state-of-rhode-island-jim-mason-dtcc

Thanks for the updates on portable digital identity. I agree the EU Digital Identity initiative ( https://tinyurl.com/eu-digital-wallet ) will be a big leap forward. In the US, Liz Tanner, RI Secretary of Commerce, has led Rhode Island's roll out of the first US State Digital Identity solution based on Self-Sovereign Identities using Hyperledger software ( https://www.youtube.com/watch?v=0W5rMRU3714 ). The RI solution was tested with individual and corporate identities and verifiable credentials. That's a big step forward over the basic digital drivers licenses that are becoming more common today in the US.

POC Test Environments

1.1 Environments - Blockchain Infrastructure Setup and Implementation

BR 1

Physical Infrastructure Requirements

Procurement Responsibility

BR 1.1

Dev Environment Setup

· Number of VMs: 3

· VM Configuration: 2 Cores, 4 GB RAM, 100 GB storage

· OS (for each): Ubuntu 18.0.4 LTS

Infosys

BR 1.2

RI AWS POC Environment Setup

· Number of VMs: 3

· VM Configuration: 2 x (2 Cores, 4 GB RAM, 500 GB storage); 1 x (4 Cores, 16 GB RAM, 500 GB storage)

· OS (for each): Ubuntu 18.0.4 LTS

Please note: This is planned as part of initial requirement definition; there can be deviations based on final implementation requirements

DBR

POC Test Conceptual Model

POC Test Limits

================================
a> POC demo limits ....

If I demo to users using my existing wallet..

1> I can't create different ids once the user agent is selected
2> I can't delete my wallet app because the host can't delete my ids
3> I can't delete connections, credentials to recreate them

MY ONLY option to show user setup, credential creation is...
delete the app
reinstall the app
use a different agent name and "steal" that id, credentials

POC Test Setup

Create hosts file entries for test web site urls

On Android Phone

Chrome App config

phone settings > apps > chrome > install unknown apps

allow from this source = allowed

Chrome browser settings on Android

stop insecure content message

Chrome > settings

On your Android phone or tablet, open the Chrome app .
On the page where you see a warning, tap Details.
Tap Visit this unsafe site.
The page will load.

set automatic downloads for this test poc site

Chrome > settings > Automatic downloads = blocked

enter >

add site exception

use IP address if needed

15.206.181.97

On Laptop

Set Chrome to allow site access

POC Test Steps

POC Test Issues

T201030 - issues list

-------------
poc.#test>

wallet setup

	agent name 
		any
	use phone pin to access app vs fingerprint

on dmv-public
	change browser settings to allow insecure site in mobile chrome

i>> indy sdk 
	compatible w ios question


a>> meet w jovonna 
	android phone
	laptop camera

i>> which version of indy sdk 
	works w ios


i>> should we use TLS on server only to avoid client issues on insecure site?  our users can't create a hosts file on their laptops


i>> how to improve user experience in Pilot ( vs poc )?
	no hosts file needed
	too many connections start at the browser, not the phone

	go to RI web site to get first mobile app download, connection

	all other connections are created on mobile app

i>> digital id application ( on browser not phone)
	runs only on browser vs phone
	can't edit browser screen for demographics

	logging on as dmvUser to dmv-admin.com I can edit the request data
	there

i>> after did submit, redirected to scan qr code to connect to dmv
	BUT connection already exists 
	should not need to rescan, just open existing connection

i>> icon logo on fake dmv site uses "official RI web site icon"
	we should change 
	priority - low


i>> after DID submit, I go to requests to check my DID app request
	it doesn't exist 
	no email sent on request to james.mason.ctr@doit.ri.gov

i>> after edit request in dmv-admin and submit
	error dialog returns
	retry shows bad url

i>> re-entry to dmv-admin shows setup again
	setup should only be done once unless cleared.
	show requests screen
	make setup screen a "non-selected" option on the admin screen
		user should explicitly choose that option
		otherwise unintentional reruns of setup can occur


i>> install app
	failed because I used the wrong qr code
	instead of the code to install the app
	I was using the DMV connection invitation
	>> error msg was good: said you need to use the agent app

<< create a milestone flow chart for installing, running client app


dmv apply for DID

i>> the mobile app SHOULD have the app functions from the web site 
	once a connection is defined, you should be able to run
	from mobile or web for each id, credential function

i>> ideally connections don't require qr code to connect after established once

i> why isn't there an option to apply for DID in the app on the phone?


i>>> can't edit the form displayed for input ....





t>> compare my journey to s3 video for differences


a>> get tester access to test servers

	view source repos
	run postman or curl to test apis




h>> assume data was entered we should edit


h>> swipe connection to delete


q.br>> if individual moves -- license won't match cpa app

	warning -- do you want to update your license??

q.br>> what are the rules are recovering the wallet, creds??

q.br>> who hosts the DIDs - Sovrin or RI?

d>> setting expectations in the POC doc

d>> deck - split user viewable benefits vs non-functional benefits


before Monday ...

Jim initial test results of DBR Identity & Licensing POC

/Users/jimmason/Documents/Zoom/_201102-dbr-poc-mobile-app-test-v1-Jim 7559713046

_201102-dbr-poc-mobile-app-test-v1-Jim.mp4

Video does not show the mobile app

POC app is well done

my fumbling through multiple roles was done poorly

transcribe the audio file and get the right screen shots for a pptx

Potential Value Opportunities

Key Use Cases for DIDs and VCs in a State Government scenario

UC1 - Not all residents have access to digital equipment for digital services

UC2 - residents with digital access may lose their access ( eg lost phone )

UC3 - Residents need free, reliable digital vaults for backup of digital wallets, ids, credentials

UC4 - Residents need full recovery capabilities to securely restore access to their digital wallets, vaults

UC5 - A state has many applications for residents usually accessible through a user id and password today, a digital ID should provide the same access

Use OAuth2 and OICD enabled access to all State apps so the digital ID can provide access to all apps not just those setup for digital ID authentication

Potential Challenges

Candidate Solutions

Potential Blockchain Solution Opportunities

Hi Liz,

Don't know much about them except they are a very small startup in NYC.

They haven't done a lot.

I believe Connecticut was their first SSI blockchain project.

https://github.com/d8tamgitadmin

They are using the same software stack ( Indy / Aries ) that we used for your identity and credentials solution.

Nothing new there.

Not sure where RI IT initiatives are now that Chirag is gone.

With COVID moving behind us, the governor change done, I assume there would a Digital Government Transformation Plan in progress now.

Technologies like blockchain, SSI, automation, analytics, intelligent device integration, AI are driving Digital Government in many places.

One of the key items would be leveraging the MVP work already done.

There are obvious places in RI that should be building on the MVP solution you created and blockchain in general:

Land registries
Vehicle registries
DOR for corporate identities ( that is really just a variant of the existing VONX app in theory ) and taxation
State education credentials
Unemployment insurance claims
Carbon offsets
Corrections
Audits of quasi-public agencies
Child Support Agencies
Public Safety Grant Administration Org
Purchasing Bid Process Management
Housing
State Retirement Plans
Water Resources Management
http://www.transparency.ri.gov/

Anything that involves compliance, regulation, governance.

In some cases, blockchain is just a part of the solution that improves transparency, trust, compliance.

As such, other Hyperledger frameworks like Fabric are often used to add that as a service to existing applications.

That's possible using models like REST APIs and database monitoring fairly easily.

Who is doing the IT portfolio planning and Enterprise Architecture now for the State?

I assume there is an annual strategic plan and annual tactical plan updates for all agencies in coordination with IT and Finance?

Your MVP project did prove the technology can work.

As Chirag correctly said, a real production pilot has different operational requirements to meet but your project did prove the SSI technology can work for identities and credentials.

My quick thoughts.

RI AWS Test Environment Definition

RIFAN number Please use 10.071.1600101.01.XXXXX.00000.

We have established the following AMS LZ Application Account for this effort: 293873914581

This account has been deployed with Developer Mode Enabled and with Federation to our IdP, Azure AD, completed.

Best,

Andrew Reidl

Assistant Director | Client and Cloud Infrastructure Services

Estimated Duration of Environment

Is it $400 a month? What is the estimated duration so I can tell DBR finance?

Andy Test Environment Setup Plan

I want to be clear that we will not utilize an application account already deployed. I am in the middle of creating a DBR-DEV account with Development Mode Enabled for this effort. I understand the need to start but we will not be deploying these resources into an already existing application account for EOHHS, DLT or DOH. As we discussed, that application account will be delivered on the 9^th and the RFC is set to be created in a moment.

It seems most important to kep this POC isolated, least of which from a cost control perspective. Other than the Security and Data Governance requirements to keep agency applications within their own Application Accounts, this will allow us to move ahead knowing that any and all resources deployed in an application account for this effort will be clearly segregated.

I’ll provide an update as we move forward to delivery of the App Account, Federation and Security Group Access readiness.