|
Andreas Freund <andreas.freund@...>
Hi Oskar, see my comments below, marked
with AF. Apologies for the delay. Work.
Have a great weekend.
Cheers,
Andreas
Dear Andreas Freund,
Thank you for your comment below, which I have received via Google Docs.
As noted in my response to you in the Google Doc, the place to discuss
fundamental requirements issues is at the Hyperledger RequirementsWG mailing
list (this list).
I believe that your comment is missing the essence of my document.
* That opens the door to collusion of all sorts
A qualified majority of validators can always collude (cf. Ethereum+DAO).
An essence of blockchain is that they cannot collude covertly.
AF: Of course validators can collude covertly, that
is exactly the game theoretic problem that Casper is tackling. That is
a hard problem.
But coming back to requirements. To start with I would
suggest that underlying assumptions such as "law abiding consortium"
are validated. I would prefer the assumption that at any moment there is
a malicious set of participants in a consortium which will try to either
censor or subvert decisions. Given what we know about human behavior, this
is a sensible assumption. Besides, would you really want to trust a court
order in a jurisdiction with a history of corruption? See what is happening
with Poland and the EU.
Hence, there are several requirements IMHO that are
spawned from the above threat based assumption. Assumption is that we are
talking about a Blockchain ecosystem:
- External claims such as a court order have
to be validated by a randomly chosen set of validators. Where randomly
refers to a randomized selection process that is performed in the blind
- Only Blockchain identities can become validators
- The status of validator is obtained through
a collusion resistant, privacy preserving process
- Validators are incentivized to make themselves
available to validate an external claim
- Validators are rewarded for validating an
external claim truthfully to the best of their ability
- Validators are censored for not reporting
on external claims truthfully
- An external claim is found to be validated
if a p-majority of validators decides that an external claim is valid within
the predetermined timeframe
- The result of any validation has to be broadcast
to all Blockchain identities
- The validity of a validated external claim
can be challenged by a Blockchain identity by posting a challenge bond
of meaningful size for the claimant within a certain time period of an
external claim being validated.
- In the case of a challenge, a new, randomly
chosen set of validators is assigned and validates the external claim.
If the challenge is resolved in favor of the challenger, the rewards of
the incorrectly reporting majority are given to the challenger. If the
challenge is resolved against the claimant, the challenge bond is lost
and paid out to the truthfully reporting validators
- An outcome of a validation can be challenged
more than once
- The reassigning ownership of a Blockchain
asset be it either fully digital or representing an analog asset has to
follow the process requirements #1 - #11. A digital asset can be anything
from a token to a smart contract code
* running a Blockchain platform does not mean you should
know who controls smart contracts.
My document is not about identity not does it make assumptions about the
implementation. It is a set of requirements for a law-abiding consortium
blockchain that is offering an enterprise-grade blockchain service that
wants to be able to comply to a court order of their applicable jurisdiction.
I believe that the formulated requirements are fair, even if your hypothetical
current implementation cannot comply to them.
AF: See above and "a law-abiding consortium blockchain that is offering
an enterprise-grade blockchain service that wants to be able to comply
to a court order of their applicable jurisdiction" has implicit assumptions
in it that are not defined anywhere. For example, what is enterprise grade?
Why even refer to that, I do not think that this is necessary? What is
an applicable jurisdiction? A court order by a US court trying to be enforced
against an Argentinian national residing in China? Just to show the implicit
complexity of potential requests.
Generally speaking, Blockchain consortium members should not know who owns/controls
assets e.g. smart contracts on the consortium platform as long as applicable
regulatory requirements can be fulfilled. I would formulate that as a requirement.
* validators nodes provided by a consortium should be crytpographically
sealed upon deployment without ability to access the node from the outside.
The Hyperledger RequirementsWG is about requirements, not about implementations
that can or cannot comply to the requirement.
AF: Then let me formulate this as a requirement. Blockchain network nodes
should not be accessible by anyone or anything after deployment, except
for Blockchain identities to submit transactions/blocks. Note Blockchain
identities could be also other nodes. Furthermore, all node processes must
remain hidden and inaccessible to anyone or anything from the outside.
Lastly, node processes have to be structured in such a way that they cannot
influence one another unless it is part of the Blockchain protocol design.
* What can be done is to have a function in a smart contract
that allows reassignment based on m-of-n multisig of registered identities
One cannot “after-the-fact” retrofit an existing and validated smart
contract with m-of-n multisig, nor does my proposed set of requirements
require this. Your solution can be used to addresses the “lost keys”
problem, which is not what my document is about.
AF: First, of course, you can, if you use a smart contract system, secondly,
you must be able to update smart contract systems to delete, add or change
functionality such as m-of-n multi sig. Being able to update smart contract
systems has become a fundamental design requirement and principle in the
ecosystem. Hence, I am truly puzzled by your statement.
Please let me know if I am missing something.
Best regards,
Oskar
toggle quoted message
Show quoted text
From: Andreas Freund (Google Docs) [mailto: d+MTA5ODc1OTgwNjAwMDc1MTUwNjY3-MTAzNTMzNjc5Njk5NDU1ODU5NTU0
at docs.google.com]
Sent: Tuesday, 18 July, 2017 23:39
To: Deventer, M.O. (Oskar) van <oskar.vandeventer
at tno.nl>
Subject: Hyperledger - Aft... - That opens the door to collusion of a...
Andreas Freund added a comment to Hyperledger - After-the-fact mandate
changes<https://docs.google.com/document/d/1psJc9UWuteSzOqIG0VLIdzdlxFb9kq-Csw-dxcjPzEo/edit?disco=AAAAA_gQ6ak&ts=596e7ff5&usp=comment_email_document>
[Andreas Freund]
Andreas Freund
A blockchain consortium shall be able to sign over the authorization over
a smart contract from one user (“anchor”) to another user (“guardian”).
That opens the door to collusion of all sorts ... running a Blockchain
platform does not mean you should know who controls smart contracts. In
fact, validators nodes provided by a consortium should be crytpographically
sealed upon deployment without ability to access the node from the outside.
What can be done is to have a function in a smart contract that allows
reassignment based on m-of-n multisig of registered identities
Open<https://docs.google.com/document/d/1psJc9UWuteSzOqIG0VLIdzdlxFb9kq-Csw-dxcjPzEo/edit?disco=AAAAA_gQ6ak&usp=comment_email_discussion&ts=596e7ff5>
Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
You have received this email because you are subscribed to all discussions
on Hyperledger - After-the-fact mandate changes<https://docs.google.com/document/d/1psJc9UWuteSzOqIG0VLIdzdlxFb9kq-Csw-dxcjPzEo/edit?disco=AAAAA_gQ6ak&ts=596e7ff5&usp=comment_email_document>.Change
what Google Docs sends you.<https://docs.google.com/document/docos/notify?id=1psJc9UWuteSzOqIG0VLIdzdlxFb9kq-Csw-dxcjPzEo&title=Hyperledger+-+After-the-fact+mandate+changes>You
can reply to this email to reply to the discussion.
[cid:image001.png
at 01D30078.4F641170]
Best Regards
Dr. Andreas Freund
Senior Manager, Global Consulting Practice - NextGen Strategy Practice
& Blockchain Advisory
Tata Consultancy Services Limited
Ph:- +1-858-699-7022
Cell:- +1-858-699-7022
Mailto: andreas.freund@...
Website: http://www.tcs.com
____________________________________________
Experience certainty. IT Services
Business Solutions
Consulting
____________________________________________
From:
hyperledger-requirements-wg-request@...
To:
hyperledger-requirements-wg@...
Date:
07/20/2017 08:35 AM
Subject:
Hyperledger-Requirements-WG
Digest, Vol 12, Issue 9
Sent by:
hyperledger-requirements-wg-bounces@...
Send Hyperledger-Requirements-WG mailing list submissions
to
hyperledger-requirements-wg@...
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.hyperledger.org/mailman/listinfo/hyperledger-requirements-wg
or, via email, send a message with subject or body 'help' to
hyperledger-requirements-wg-request@...
You can reach the person managing the list at
hyperledger-requirements-wg-owner@...
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Hyperledger-Requirements-WG digest..."
Today's Topics:
1. Re: FW: Document "After-the-fact mandate changes"
ready for
external review (Deventer, M.O. (Oskar) van)
----------------------------------------------------------------------
Message: 1
Date: Thu, 20 Jul 2017 15:35:12 +0000
From: "Deventer, M.O. (Oskar) van" <oskar.vandeventer@...>
To: Mark Parzygnat <markparz@...>
Cc: "hyperledger-requirements-wg@..."
<hyperledger-requirements-wg@...>
Subject: Re: [Hyperledger-Requirements-WG] FW: Document
"After-the-fact mandate changes" ready for external review
Message-ID:
<BA5A0ED6E909E749AD5CB0D3750A6D2A221E659D@...>
Content-Type: text/plain; charset="utf-8"
Hi Mark,
* The main question I am asking is there a project that doesn't
currently handle these scenarios?
This question can only be answered based on well formulated requirements.
The RequirementsWG has worked on these for the last two months. Initial
feedback suggests that there are Hyperledger projects that do not support
this set of requirements. Moreover, the support may be difficult for some
of them without major architectural changes.
* figure out what features are currently missing
The purpose of the RequirementsWG is to figure out what features are needed.
(The fact that a feature is missing does not imply that there is a market
need, more likely the opposite.)
* UIs for each of the platform projects, interoperability
aspects that could be used from one project into another
So we should spell out the associated use case and requirements, correct?
(By the way, I am particularly interested in inter-project use cases and
requirements.)
Best regards,
Oskar
From: Mark Parzygnat [mailto:markparz@...]
Sent: Thursday, 20 July, 2017 16:30
To: Deventer, M.O. (Oskar) van <oskar.vandeventer@...>
Cc: hyperledger-requirements-wg@...
Subject: RE: [Hyperledger-Requirements-WG] FW: Document "After-the-fact
mandate changes" ready for external review
Hi Oskar,
Thanks. It's probably just my misunderstanding, so apologies for asking
what maybe be silly questions. This particular document looks to be about
access controls, after initial deployments. Broken down nicely in several
different scenarios. The main question I am asking is there a project that
doesn't currently handle these scenarios? Iroha, Sawtooth, and Fabric seem
to handle these scenarios from what I can tell. I'm wondering is this a
document for new projects to verify they fulfill these use cases, or is
there a specific project or area that currently needs these requirements?
IMO, it would be a huge benefit for all of us in the requirements WG to
look across the projects and figure out what features are currently missing
in the projects that should be implemented. For instance, nice UIs for
each of the platform projects, interoperability aspects that could be used
from one project into another, or specific project needs based on what
people are looking for like Fabric needs a JS chaincode, etc. I know it's
a big task, but I think worth the investment.
Hope I'm making sense.
Regards,
Mark
[Inactive hide details for "Deventer, M.O. (Oskar) van" ---07/20/2017
09:21:14 AM---Hi Mark, De document was developed by me in]"Deventer,
M.O. (Oskar) van" ---07/20/2017 09:21:14 AM---Hi Mark, De document
was developed by me in collaboration with several others. It is likely
to becom
From: "Deventer, M.O. (Oskar) van" <oskar.vandeventer@...<mailto:oskar.vandeventer@...>>
To: Mark Parzygnat <markparz@...<mailto:markparz@...>>
Cc: "hyperledger-requirements-wg@...<mailto:hyperledger-requirements-wg@...>"
<hyperledger-requirements-wg@...<mailto:hyperledger-requirements-wg@...>>
Date: 07/20/2017 09:21 AM
Subject: RE: [Hyperledger-Requirements-WG] FW: Document "After-the-fact
mandate changes" ready for external review
________________________________
Hi Mark,
De document was developed by me in collaboration with several others. It
is likely to become an agreed document from the RequirementsWG very soon.
The purpose of the document is input to IdentityWG, ArchitectureWG and
(possibly indirectly) to Hyperledger projects, which includes Hyperledger
Fabric.
* Hyperledger Fabric has all these controls in place
via channels. In order to be able ?
I am not sure how I should read this statement. If Hyperledger Fabric does
already intrinsically support the full set of requirements, then that is
great. If not, then there is potential work for contributors to that project.
Does this make sense?
Best regards,
Oskar
Dr. ir. M.O. (Oskar) van Deventer
Senior Scientist Blockchain Networking
Dept. Networks
T +31 (0)88 866 70 78
M +31 (0)65 191 49 18
E oskar.vandeventer@...<mailto:oskar.vandeventer@...>
Location<http://www.tno.nl/locaties/DHA>
[]<http://www.tno.nl/>
This message may contain information that is not intended for you. If you
are not the addressee or if this message was sent to you by mistake, you
are requested to inform the sender and delete the message. TNO accepts
no liability for the content of this e-mail, for the manner in which you
use it and for damage of any kind resulting from the risks inherent to
the electronic transmission of messages.
From: Mark Parzygnat [mailto:markparz@...]
Sent: Wednesday, 19 July, 2017 19:33
To: Deventer, M.O. (Oskar) van <oskar.vandeventer@...<mailto:oskar.vandeventer@...>>
Cc: Boulton, Clive <clive.boulton@...<mailto:clive.boulton@...>>;
hyperledger-requirements-wg@...<mailto:hyperledger-requirements-wg@...>;
hyperledger-requirements-wg-bounces@...<mailto:hyperledger-requirements-wg-bounces@...>
Subject: Re: [Hyperledger-Requirements-WG] FW: Document "After-the-fact
mandate changes" ready for external review
Hi Everyone,
Apologies I've not been able to attend the req-wg meetings as I have conflicts
with the timing. However looking this over, I would like to know a bit
more about this particular document. Is this to gather input on how this
currently works project by project? Hyperledger Fabric has all these controls
in place via channels. In order to be able to instantiate the chaincode(smart
contract) you have to have the authorization, which also means you have
ownership since it's installed on your file system.
Regards,
Mark
[Inactive hide details for "Deventer, M.O. (Oskar) van" ---07/18/2017
05:35:53 AM---Hi Clive, all, The document "After-the-fact]"Deventer,
M.O. (Oskar) van" ---07/18/2017 05:35:53 AM---Hi Clive, all, The document
"After-the-fact mandate changes" was discussed in detail in the
Hyperled
From: "Deventer, M.O. (Oskar) van" <oskar.vandeventer@...<mailto:oskar.vandeventer@...>>
To: "Boulton, Clive" <clive.boulton@...<mailto:clive.boulton@...>>
Cc: "hyperledger-requirements-wg@...<mailto:hyperledger-requirements-wg@...>"
<hyperledger-requirements-wg@...<mailto:hyperledger-requirements-wg@...>>
Date: 07/18/2017 05:35 AM
Subject: [Hyperledger-Requirements-WG] FW: Document "After-the-fact
mandate changes" ready for external review
Sent by: hyperledger-requirements-wg-bounces@...<mailto:hyperledger-requirements-wg-bounces@...>
________________________________
Hi Clive, all,
The document ?After-the-fact mandate changes? was discussed in detail in
the Hyperledger Identity working group. There were ten participants, including
a person from Hyperledger Indy. There were some discussions about solution
directions and potential implementation issues. The general feedback was
that the document was well written and clear. No further changes were made.
Let us now formally close the document, that is, PDF it, add it to the
Wiki list, and formally share it with the Architecture and Identity working
groups. OK?
Best regards,
Oskar
________________________________
From: hyperledger-requirements-wg-bounces@...<mailto:hyperledger-requirements-wg-bounces@...>
<hyperledger-requirements-wg-bounces@...<mailto:hyperledger-requirements-wg-bounces@...>>
on behalf of Deventer, M.O. (Oskar) van <oskar.vandeventer@...<mailto:oskar.vandeventer@...>>
Sent: Wednesday, July 5, 2017 12:57 AM
To: Boulton, Clive
Cc: hyperledger-requirements-wg@...<mailto:hyperledger-requirements-wg@...>
Subject: [Hyperledger-Requirements-WG] Document "After-the-fact mandate
changes" ready for external review
Hi Clive, all,
I have just updated the document "After-the-fact mandate changes"
(https://docs.google.com/document/d/1psJc9UWuteSzOqIG0VLIdzdlxFb9kq-Csw-dxcjPzEo),
incorporating the comments received at the 26-June RequirementsWG call.
The full set of requirements now reads as follows.
Requirement 1: A user (?anchor?) shall be able to sign over its authorization
over a smart contract to another user (?guardian?) after the fact.
1a: The original user (?anchor?) loses its authorization over the smart
contract.
1b: The original user (?anchor?) maintains its authorization over the smart
contract.
Requirement 2: A blockchain consortium shall be able to sign over the authorization
over a smart contract from one user (?anchor?) to another user (?guardian?).
Requirement 3: It should be possible to re-assign the authorization over
multiple or all a smart contracts for a user (?anchor?) to another user
(?guardian?) in a single action.
Requirement 4: It should be possible to re-assign the authorization over
a smart contract back to the original (?anchor?) user.
Requirement 5: The solution to requirements 1-4 shall not require the handing
over of private keys.
Requirement 6: The solution to requirements 1-4 shall not require mutability
of the blockchain.
Requirement 7: The introduction of a solution to requirements 1-4 should
be backward compatible, such that they also apply to smart contracts that
predate this introduction.
Requirement 8: The solution to requirements 1-4 may be programmable.
Following your suggestion, I shall share the document also with hyperledger-arch-wg@...<mailto:hyperledger-arch-wg@...>
and hyperledger-identity-wg@...<mailto:hyperledger-identity-wg@...>.
As always, reviews, comments and suggestions remain very welcome!
Best regards,
Oskar
From: Deventer, M.O. (Oskar) van
Sent: Wednesday, 05 July, 2017 09:43
To: Aaron Benningfield <aaron.b.benningfield@...<mailto:aaron.b.benningfield@...>>
Cc: clive boulton <clive.boulton@...<mailto:clive.boulton@...>>
Subject: RE: [Hyperledger-Requirements-WG] Minutes from Monday, June 26th
Hi Aaron,
* My comments did not make it
in Oskar's Document for what ever reason
I checked the document history of https://docs.google.com/document/d/1psJc9UWuteSzOqIG0VLIdzdlxFb9kq-Csw-dxcjPzEo,
but I could not find any trace of your comments in earlier versions. Sorry
about that.
* What about returns? As in
merchandise you would have returned, maybe the person was going to take
a flight, vacation etc. and now cannot go.
I am not sure how your comment relates to the subject of my document. My
document is about ?after-the-fact mandate changes?. Here either the authorized
user (?anchor?) himself or the blockchain consortium (as ordered by court)
turns over the authorization to another user (?guardian?).
Oskar
From: Aaron Benningfield [mailto:aaron.b.benningfield@...]
Sent: Wednesday, 05 July, 2017 02:18
To: clive boulton <clive.boulton@...<mailto:clive.boulton@...>>;
Deventer, M.O. (Oskar) van <oskar.vandeventer@...<mailto:oskar.vandeventer@...>>
Subject: Re: [Hyperledger-Requirements-WG] Minutes from Monday, June 26th
What about returns? As in merchandise you would have returned, maybe the
person was going to take a flight, vacation etc. and now cannot go. My
comments did not make it in Oskar's Document for what ever reason so I
was going to add the aforementioned (returns) as one to think about,
________________________________
From: clive boulton <clive.boulton@...<mailto:clive.boulton@...>>
Sent: Monday, July 3, 2017 3:41:25 PM
To: Aaron Benningfield
Cc: Deventer, M.O. (Oskar) van
Subject: Fwd: [Hyperledger-Requirements-WG] Minutes from Monday, June 26th
Hi Aaron,
Do you know any mandated cases?
What about a corporate bankruptcy: Assets and liabilities are often about
the same. But who gets paid first is somehow always mandated.
Assuming so, how do we stop smart contracts auto paying out funds after
a bankruptcy / untimely death from bank making automatic mortgage payments.
-Clive.
---------- Forwarded message ----------
From: clive boulton <clive.boulton@...<mailto:clive.boulton@...>>
Date: Mon, Jul 3, 2017 at 3:21 PM
Subject: [Hyperledger-Requirements-WG] Minutes from Monday, June 26th
To: Hyperledger Requirements <hyperledger-requirements-wg@...<mailto:hyperledger-requirements-wg@...>>
The minutes from [last] Monday's Requirements Working Group bi-weekly are
here:
https://wiki.hyperledger.org/groups/requirements/requirements-wg/minutes#june_26th_2017
Domain experts please review the use case:
?After-the-fact mandate changes?<https://docs.google.com/document/d/1psJc9UWuteSzOqIG0VLIdzdlxFb9kq-Csw-dxcjPzEo/edit>
Our next meeting July 10 - 1pm EST / 10am PST
-Clive
This message may contain information that is not intended for you. If you
are not the addressee or if this message was sent to you by mistake, you
are requested to inform the sender and delete the message. TNO accepts
no liability for the content of this e-mail, for the manner in which you
use it and for damage of any kind resulting from the risks inherent to
the electronic transmission of messages._______________________________________________
Hyperledger-Requirements-WG mailing list
Hyperledger-Requirements-WG@...<mailto:Hyperledger-Requirements-WG@...>
https://lists.hyperledger.org/mailman/listinfo/hyperledger-requirements-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.hyperledger.org/pipermail/hyperledger-requirements-wg/attachments/20170720/28626f4d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 105 bytes
Desc: image001.gif
URL: <http://lists.hyperledger.org/pipermail/hyperledger-requirements-wg/attachments/20170720/28626f4d/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.gif
Type: image/gif
Size: 2396 bytes
Desc: image002.gif
URL: <http://lists.hyperledger.org/pipermail/hyperledger-requirements-wg/attachments/20170720/28626f4d/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 166 bytes
Desc: image004.png
URL: <http://lists.hyperledger.org/pipermail/hyperledger-requirements-wg/attachments/20170720/28626f4d/attachment.png>
------------------------------
_______________________________________________
Hyperledger-Requirements-WG mailing list
Hyperledger-Requirements-WG@...
https://lists.hyperledger.org/mailman/listinfo/hyperledger-requirements-wg
End of Hyperledger-Requirements-WG Digest, Vol 12, Issue 9
**********************************************************
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
|
|
|
Deventer, M.O. (Oskar) van <oskar.vandeventer@...>
Dear Andreas,
Thank you for your detailed analysis, which is highly appreciated!
- Assumption is that we are talking about a Blockchain ecosystem:
- 1 … 12
Many of your bullets seem to be requirements for a solution to be qualified as “blockchain”. If these requirements have not yet been formally documented by the Hyperledger RequirementsWG,
then I hope that they will be in due process. Some of your bullets (e.g. “An external claim is found to be validated if a p-majority of validators… ”) seem to describe a technical solution. I’d love to discuss these with you and get a better understanding
of the concept that you are describing. The HyperledgerArchitectureWG may be a good place for that.
However,
-
How do your points relate to my set of requirements?
-
What do they mean in terms of work to be done, either in the RequirementsWG or elsewhere?
- underlying assumptions such as "law abiding consortium" are validated.
That is a fair point. I have started a document about functional roles in a Hyperledger blockchain, see
https://docs.google.com/document/d/1CIMzpsCYNyFuJ_IgJhrsIY-ZxEk23w-pf8sQ2d79ASc. In the functional model, the service layer hosts consortium(s) of blockchain service providers (“validators”). The document did not get much
traction in the RequirementsWG, so I have abandoned it for now.
Within the Netherlands, a consortium of disparate Dutch companies (“Techruption”, with banks, telco’s, universities, start-ups, government branches,
…) is now working on the “Techruption Consortium Blockchain”. “Consortium Blockchain” (a.k.a. permissioned blockchain) is the experimental blockchain that will be run by the partners. So this is a Dutch Consortium running nodes in The Netherlands for Dutch
users under Dutch law. The use cases from my “after-the-fact” document came up at a consortium meeting.
- what is enterprise grade?
This is blockchain network and technology that a major enterprise would rely on for core business processes. This currently disqualifies the highly volatile and unclearly governed public
Bitcoin and public Ethereum blockchains. Our conjecture is that a consortium of disparate companies may create a blockchain that enterprises and government can rely on not to be colluding.
- What is an applicable jurisdiction? A court order by a US court trying to be enforced against an Argentinian national residing in China?
As JFK said, “we are not doing this because it is easy”. As Google has learned in China and Europe, multinational organisations are not above the law. The same is true for multinational
consortia. My document is not a legal treatise. It is formulating a set of requirements that a law-abiding blockchain consortium would want to be able to satisfy.
- Being able to update smart contract systems has become a fundamental design requirement and principle in the ecosystem. Hence, I am
truly puzzled by your statement.
Are you saying that all the Hyperledger projects satisfy my set of eight requirements already? If that is correct, then our work is done. However, based on feedback from others I am
not sure whether this is indeed the case.
- Besides, would you really want to trust a court order in a jurisdiction with a history of corruption?
See what is happening with Poland and the EU.
Let us discuss that over beer some time.
Thank you again, and looking forward to the continuation of this discussion. I shall participate in the RequirementsWG call of this Monday 24 July.
Best regards,
Oskar
toggle quoted message
Show quoted text
From: Andreas Freund [mailto:andreas.freund@...]
Sent: Saturday, 22 July, 2017 01:20
To: hyperledger-requirements-wg@...; Deventer, M.O. (Oskar) van <oskar.vandeventer@...>
Subject: Re: Hyperledger-Requirements-WG Digest, Vol 12, Issue 9
Hi Oskar, see my comments below, marked with AF. Apologies for the delay. Work.
Have a great weekend.
Cheers,
Andreas
Dear Andreas Freund,
Thank you for your comment below, which I have received via Google Docs. As noted in my response to you in the Google Doc, the place to discuss fundamental requirements issues is at the Hyperledger RequirementsWG mailing list (this list).
I believe that your comment is missing the essence of my document.
* That opens the door to collusion of all sorts
A qualified majority of validators can always collude (cf. Ethereum+DAO). An essence of blockchain is that they cannot collude covertly.
AF: Of course validators can collude covertly, that is exactly the game theoretic problem that Casper is tackling. That is a hard problem.
But coming back to requirements. To start with I would suggest that underlying assumptions such as "law abiding consortium" are validated. I would prefer the assumption that at any moment there is a malicious set of participants
in a consortium which will try to either censor or subvert decisions. Given what we know about human behavior, this is a sensible assumption. Besides, would you really want to trust a court order in a jurisdiction with a history of corruption? See what is
happening with Poland and the EU.
Hence, there are several requirements IMHO that are spawned from the above threat based assumption. Assumption is that we are talking about a Blockchain ecosystem:
-
External claims such as a court order have to be validated by a randomly chosen set of validators. Where randomly refers to a randomized selection process that is performed in the blind
-
Only Blockchain identities can become validators
-
The status of validator is obtained through a collusion resistant, privacy preserving process
-
Validators are incentivized to make themselves available to validate an external claim
-
Validators are rewarded for validating an external claim truthfully to the best of their ability
-
Validators are censored for not reporting on external claims truthfully
-
An external claim is found to be validated if a p-majority of validators decides that an external claim is valid within the predetermined timeframe
-
The result of any validation has to be broadcast to all Blockchain identities
-
The validity of a validated external claim can be challenged by a Blockchain identity by posting a challenge bond of meaningful size for the claimant within a certain time period of an external claim being validated.
-
In the case of a challenge, a new, randomly chosen set of validators is assigned and validates the external claim. If the challenge is resolved in favor of the challenger, the rewards of the incorrectly reporting majority
are given to the challenger. If the challenge is resolved against the claimant, the challenge bond is lost and paid out to the truthfully reporting validators
-
An outcome of a validation can be challenged more than once
-
The reassigning ownership of a Blockchain asset be it either fully digital or representing an analog asset has to follow the process requirements #1 - #11. A digital asset can be anything from a token to a smart contract code
* running a Blockchain platform does not mean you should know who controls smart contracts.
My document is not about identity not does it make assumptions about the implementation. It is a set of requirements for a law-abiding consortium blockchain that is offering an enterprise-grade blockchain service that wants to be able to comply to a court
order of their applicable jurisdiction. I believe that the formulated requirements are fair, even if your hypothetical current implementation cannot comply to them.
AF: See above and "a law-abiding consortium blockchain that is offering an enterprise-grade blockchain service that wants to be able to comply to a court order of their applicable jurisdiction" has implicit assumptions in it that are not defined anywhere.
For example, what is enterprise grade? Why even refer to that, I do not think that this is necessary? What is an applicable jurisdiction? A court order by a US court trying to be enforced against an Argentinian national residing in China? Just to show the
implicit complexity of potential requests.
Generally speaking, Blockchain consortium members should not know who owns/controls assets e.g. smart contracts on the consortium platform as long as applicable regulatory requirements can be fulfilled. I would formulate that as a requirement.
* validators nodes provided by a consortium should be crytpographically sealed upon deployment without ability to access the node from the outside.
The Hyperledger RequirementsWG is about requirements, not about implementations that can or cannot comply to the requirement.
AF: Then let me formulate this as a requirement. Blockchain network nodes should not be accessible by anyone or anything after deployment, except for Blockchain identities to submit transactions/blocks. Note Blockchain identities could be also other nodes.
Furthermore, all node processes must remain hidden and inaccessible to anyone or anything from the outside. Lastly, node processes have to be structured in such a way that they cannot influence one another unless it is part of the Blockchain protocol design.
* What can be done is to have a function in a smart contract that allows reassignment based on m-of-n multisig of registered identities
One cannot “after-the-fact” retrofit an existing and validated smart contract with m-of-n multisig, nor does my proposed set of requirements require this. Your solution can be used to addresses the “lost keys” problem, which is not what my document is about.
AF: First, of course, you can, if you use a smart contract system, secondly, you must be able to update smart contract systems to delete, add or change functionality such as m-of-n multi sig. Being able to update smart contract systems has become a fundamental
design requirement and principle in the ecosystem. Hence, I am truly puzzled by your statement.
Please let me know if I am missing something.
Best regards,
Oskar
From: Andreas Freund (Google Docs) [mailto:d+MTA5ODc1OTgwNjAwMDc1MTUwNjY3-MTAzNTMzNjc5Njk5NDU1ODU5NTU0 at docs.google.com]
Sent: Tuesday, 18 July, 2017 23:39
To: Deventer, M.O. (Oskar) van <oskar.vandeventer at tno.nl>
Subject: Hyperledger - Aft... - That opens the door to collusion of a...
Andreas Freund added a comment to Hyperledger - After-the-fact mandate changes<https://docs.google.com/document/d/1psJc9UWuteSzOqIG0VLIdzdlxFb9kq-Csw-dxcjPzEo/edit?disco=AAAAA_gQ6ak&ts=596e7ff5&usp=comment_email_document>
[Andreas Freund]
Andreas Freund
A blockchain consortium shall be able to sign over the authorization over a smart contract from one user (“anchor”) to another user (“guardian”).
That opens the door to collusion of all sorts ... running a Blockchain platform does not mean you should know who controls smart contracts. In fact, validators nodes provided by a consortium should be crytpographically sealed upon deployment without ability
to access the node from the outside. What can be done is to have a function in a smart contract that allows reassignment based on m-of-n multisig of registered identities
Open<https://docs.google.com/document/d/1psJc9UWuteSzOqIG0VLIdzdlxFb9kq-Csw-dxcjPzEo/edit?disco=AAAAA_gQ6ak&usp=comment_email_discussion&ts=596e7ff5>
Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
You have received this email because you are subscribed to all discussions on Hyperledger - After-the-fact mandate changes<https://docs.google.com/document/d/1psJc9UWuteSzOqIG0VLIdzdlxFb9kq-Csw-dxcjPzEo/edit?disco=AAAAA_gQ6ak&ts=596e7ff5&usp=comment_email_document>.Change
what Google Docs sends you.<https://docs.google.com/document/docos/notify?id=1psJc9UWuteSzOqIG0VLIdzdlxFb9kq-Csw-dxcjPzEo&title=Hyperledger+-+After-the-fact+mandate+changes>You
can reply to this email to reply to the discussion.
[cid:image001.png at 01D30078.4F641170]
Best Regards
Dr. Andreas Freund
Senior Manager, Global Consulting Practice - NextGen Strategy Practice & Blockchain Advisory
Tata Consultancy Services Limited
Ph:- +1-858-699-7022
Cell:- +1-858-699-7022
Mailto: andreas.freund@...
Website: http://www.tcs.com
____________________________________________
Experience certainty. IT Services
Business Solutions
Consulting
____________________________________________
From: hyperledger-requirements-wg-request@...
To: hyperledger-requirements-wg@...
Date: 07/20/2017 08:35 AM
Subject: Hyperledger-Requirements-WG Digest, Vol 12, Issue 9
Sent by: hyperledger-requirements-wg-bounces@...
Send Hyperledger-Requirements-WG mailing list submissions to
hyperledger-requirements-wg@...
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.hyperledger.org/mailman/listinfo/hyperledger-requirements-wg
or, via email, send a message with subject or body 'help' to
hyperledger-requirements-wg-request@...
You can reach the person managing the list at
hyperledger-requirements-wg-owner@...
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Hyperledger-Requirements-WG digest..."
Today's Topics:
1. Re: FW: Document "After-the-fact mandate changes" ready for
external review (Deventer, M.O. (Oskar) van)
----------------------------------------------------------------------
Message: 1
Date: Thu, 20 Jul 2017 15:35:12 +0000
From: "Deventer, M.O. (Oskar) van" <oskar.vandeventer@...>
To: Mark Parzygnat <markparz@...>
Cc: "hyperledger-requirements-wg@..."
<hyperledger-requirements-wg@...>
Subject: Re: [Hyperledger-Requirements-WG] FW: Document
"After-the-fact mandate changes" ready for external review
Message-ID:
<BA5A0ED6E909E749AD5CB0D3750A6D2A221E659D@...>
Content-Type: text/plain; charset="utf-8"
Hi Mark,
* The main question I am asking is there a project that doesn't currently handle these scenarios?
This question can only be answered based on well formulated requirements. The RequirementsWG has worked on these for the last two months. Initial feedback suggests that there are Hyperledger projects that do not support this set of requirements. Moreover,
the support may be difficult for some of them without major architectural changes.
* figure out what features are currently missing
The purpose of the RequirementsWG is to figure out what features are needed.
(The fact that a feature is missing does not imply that there is a market need, more likely the opposite.)
* UIs for each of the platform projects, interoperability aspects that could be used from one project into another
So we should spell out the associated use case and requirements, correct?
(By the way, I am particularly interested in inter-project use cases and requirements.)
Best regards,
Oskar
From: Mark Parzygnat [mailto:markparz@...]
Sent: Thursday, 20 July, 2017 16:30
To: Deventer, M.O. (Oskar) van <oskar.vandeventer@...>
Cc: hyperledger-requirements-wg@...
Subject: RE: [Hyperledger-Requirements-WG] FW: Document "After-the-fact mandate changes" ready for external review
Hi Oskar,
Thanks. It's probably just my misunderstanding, so apologies for asking what maybe be silly questions. This particular document looks to be about access controls, after initial deployments. Broken down nicely in several different scenarios. The main question
I am asking is there a project that doesn't currently handle these scenarios? Iroha, Sawtooth, and Fabric seem to handle these scenarios from what I can tell. I'm wondering is this a document for new projects to verify they fulfill these use cases, or is there
a specific project or area that currently needs these requirements?
IMO, it would be a huge benefit for all of us in the requirements WG to look across the projects and figure out what features are currently missing in the projects that should be implemented. For instance, nice UIs for each of the platform projects, interoperability
aspects that could be used from one project into another, or specific project needs based on what people are looking for like Fabric needs a JS chaincode, etc. I know it's a big task, but I think worth the investment.
Hope I'm making sense.
Regards,
Mark
[Inactive hide details for "Deventer, M.O. (Oskar) van" ---07/20/2017 09:21:14 AM---Hi Mark, De document was developed by me in]"Deventer, M.O. (Oskar) van" ---07/20/2017 09:21:14 AM---Hi Mark, De document was developed by me in collaboration with several
others. It is likely to becom
From: "Deventer, M.O. (Oskar) van" <oskar.vandeventer@...<mailto:oskar.vandeventer@...>>
To: Mark Parzygnat <markparz@...<mailto:markparz@...>>
Cc: "hyperledger-requirements-wg@...<mailto:hyperledger-requirements-wg@...>"
<hyperledger-requirements-wg@...<mailto:hyperledger-requirements-wg@...>>
Date: 07/20/2017 09:21 AM
Subject: RE: [Hyperledger-Requirements-WG] FW: Document "After-the-fact mandate changes" ready for external review
________________________________
Hi Mark,
De document was developed by me in collaboration with several others. It is likely to become an agreed document from the RequirementsWG very soon. The purpose of the document is input to IdentityWG, ArchitectureWG and (possibly indirectly) to Hyperledger
projects, which includes Hyperledger Fabric.
* Hyperledger Fabric has all these controls in place via channels. In order to be able ?
I am not sure how I should read this statement. If Hyperledger Fabric does already intrinsically support the full set of requirements, then that is great. If not, then there is potential work for contributors to that project.
Does this make sense?
Best regards,
Oskar
Dr. ir. M.O. (Oskar) van Deventer
Senior Scientist Blockchain Networking
Dept. Networks
T +31 (0)88 866 70 78
M +31 (0)65 191 49 18
E oskar.vandeventer@...<mailto:oskar.vandeventer@...>
Location<http://www.tno.nl/locaties/DHA>
[]<http://www.tno.nl/>
This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. TNO accepts no liability for the content of this
e-mail, for the manner in which you use it and for damage of any kind resulting from the risks inherent to the electronic transmission of messages.
From: Mark Parzygnat [mailto:markparz@...]
Sent: Wednesday, 19 July, 2017 19:33
To: Deventer, M.O. (Oskar) van <oskar.vandeventer@...<mailto:oskar.vandeventer@...>>
Cc: Boulton, Clive <clive.boulton@...<mailto:clive.boulton@...>>; hyperledger-requirements-wg@...<mailto:hyperledger-requirements-wg@...>;
hyperledger-requirements-wg-bounces@...<mailto:hyperledger-requirements-wg-bounces@...>
Subject: Re: [Hyperledger-Requirements-WG] FW: Document "After-the-fact mandate changes" ready for external review
Hi Everyone,
Apologies I've not been able to attend the req-wg meetings as I have conflicts with the timing. However looking this over, I would like to know a bit more about this particular document. Is this to gather input on how this currently works project by project?
Hyperledger Fabric has all these controls in place via channels. In order to be able to instantiate the chaincode(smart contract) you have to have the authorization, which also means you have ownership since it's installed on your file system.
Regards,
Mark
[Inactive hide details for "Deventer, M.O. (Oskar) van" ---07/18/2017 05:35:53 AM---Hi Clive, all, The document "After-the-fact]"Deventer, M.O. (Oskar) van" ---07/18/2017 05:35:53 AM---Hi Clive, all, The document "After-the-fact mandate changes" was discussed
in detail in the Hyperled
From: "Deventer, M.O. (Oskar) van" <oskar.vandeventer@...<mailto:oskar.vandeventer@...>>
To: "Boulton, Clive" <clive.boulton@...<mailto:clive.boulton@...>>
Cc: "hyperledger-requirements-wg@...<mailto:hyperledger-requirements-wg@...>"
<hyperledger-requirements-wg@...<mailto:hyperledger-requirements-wg@...>>
Date: 07/18/2017 05:35 AM
Subject: [Hyperledger-Requirements-WG] FW: Document "After-the-fact mandate changes" ready for external review
Sent by: hyperledger-requirements-wg-bounces@...<mailto:hyperledger-requirements-wg-bounces@...>
________________________________
Hi Clive, all,
The document ?After-the-fact mandate changes? was discussed in detail in the Hyperledger Identity working group. There were ten participants, including a person from Hyperledger Indy. There were some discussions about solution directions and potential implementation
issues. The general feedback was that the document was well written and clear. No further changes were made.
Let us now formally close the document, that is, PDF it, add it to the Wiki list, and formally share it with the Architecture and Identity working groups. OK?
Best regards,
Oskar
________________________________
From: hyperledger-requirements-wg-bounces@...<mailto:hyperledger-requirements-wg-bounces@...>
<hyperledger-requirements-wg-bounces@...<mailto:hyperledger-requirements-wg-bounces@...>>
on behalf of Deventer, M.O. (Oskar) van <oskar.vandeventer@...<mailto:oskar.vandeventer@...>>
Sent: Wednesday, July 5, 2017 12:57 AM
To: Boulton, Clive
Cc: hyperledger-requirements-wg@...<mailto:hyperledger-requirements-wg@...>
Subject: [Hyperledger-Requirements-WG] Document "After-the-fact mandate changes" ready for external review
Hi Clive, all,
I have just updated the document "After-the-fact mandate changes" (https://docs.google.com/document/d/1psJc9UWuteSzOqIG0VLIdzdlxFb9kq-Csw-dxcjPzEo),
incorporating the comments received at the 26-June RequirementsWG call. The full set of requirements now reads as follows.
Requirement 1: A user (?anchor?) shall be able to sign over its authorization over a smart contract to another user (?guardian?) after the fact.
1a: The original user (?anchor?) loses its authorization over the smart contract.
1b: The original user (?anchor?) maintains its authorization over the smart contract.
Requirement 2: A blockchain consortium shall be able to sign over the authorization over a smart contract from one user (?anchor?) to another user (?guardian?).
Requirement 3: It should be possible to re-assign the authorization over multiple or all a smart contracts for a user (?anchor?) to another user (?guardian?) in a single action.
Requirement 4: It should be possible to re-assign the authorization over a smart contract back to the original (?anchor?) user.
Requirement 5: The solution to requirements 1-4 shall not require the handing over of private keys.
Requirement 6: The solution to requirements 1-4 shall not require mutability of the blockchain.
Requirement 7: The introduction of a solution to requirements 1-4 should be backward compatible, such that they also apply to smart contracts that predate this introduction.
Requirement 8: The solution to requirements 1-4 may be programmable.
Following your suggestion, I shall share the document also with hyperledger-arch-wg@...<mailto:hyperledger-arch-wg@...>
and hyperledger-identity-wg@...<mailto:hyperledger-identity-wg@...>.
As always, reviews, comments and suggestions remain very welcome!
Best regards,
Oskar
From: Deventer, M.O. (Oskar) van
Sent: Wednesday, 05 July, 2017 09:43
To: Aaron Benningfield <aaron.b.benningfield@...<mailto:aaron.b.benningfield@...>>
Cc: clive boulton <clive.boulton@...<mailto:clive.boulton@...>>
Subject: RE: [Hyperledger-Requirements-WG] Minutes from Monday, June 26th
Hi Aaron,
* My comments did not make it in Oskar's Document for what ever reason
I checked the document history of https://docs.google.com/document/d/1psJc9UWuteSzOqIG0VLIdzdlxFb9kq-Csw-dxcjPzEo,
but I could not find any trace of your comments in earlier versions. Sorry about that.
* What about returns? As in merchandise you would have returned, maybe the person was going to take a flight, vacation etc. and now cannot go.
I am not sure how your comment relates to the subject of my document. My document is about ?after-the-fact mandate changes?. Here either the authorized user (?anchor?) himself or the blockchain consortium (as ordered by court) turns over the authorization
to another user (?guardian?).
Oskar
From: Aaron Benningfield [mailto:aaron.b.benningfield@...]
Sent: Wednesday, 05 July, 2017 02:18
To: clive boulton <clive.boulton@...<mailto:clive.boulton@...>>; Deventer, M.O. (Oskar) van <oskar.vandeventer@...<mailto:oskar.vandeventer@...>>
Subject: Re: [Hyperledger-Requirements-WG] Minutes from Monday, June 26th
What about returns? As in merchandise you would have returned, maybe the person was going to take a flight, vacation etc. and now cannot go. My comments did not make it in Oskar's Document for what ever reason so I was going to add the aforementioned (returns)
as one to think about,
________________________________
From: clive boulton <clive.boulton@...<mailto:clive.boulton@...>>
Sent: Monday, July 3, 2017 3:41:25 PM
To: Aaron Benningfield
Cc: Deventer, M.O. (Oskar) van
Subject: Fwd: [Hyperledger-Requirements-WG] Minutes from Monday, June 26th
Hi Aaron,
Do you know any mandated cases?
What about a corporate bankruptcy: Assets and liabilities are often about the same. But who gets paid first is somehow always mandated.
Assuming so, how do we stop smart contracts auto paying out funds after a bankruptcy / untimely death from bank making automatic mortgage payments.
-Clive.
---------- Forwarded message ----------
From: clive boulton <clive.boulton@...<mailto:clive.boulton@...>>
Date: Mon, Jul 3, 2017 at 3:21 PM
Subject: [Hyperledger-Requirements-WG] Minutes from Monday, June 26th
To: Hyperledger Requirements <hyperledger-requirements-wg@...<mailto:hyperledger-requirements-wg@...>>
The minutes from [last] Monday's Requirements Working Group bi-weekly are here:
https://wiki.hyperledger.org/groups/requirements/requirements-wg/minutes#june_26th_2017
Domain experts please review the use case:
?After-the-fact mandate changes?<https://docs.google.com/document/d/1psJc9UWuteSzOqIG0VLIdzdlxFb9kq-Csw-dxcjPzEo/edit>
Our next meeting July 10 - 1pm EST / 10am PST
-Clive
This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. TNO accepts no liability for the content of this
e-mail, for the manner in which you use it and for damage of any kind resulting from the risks inherent to the electronic transmission of messages._______________________________________________
Hyperledger-Requirements-WG mailing list
Hyperledger-Requirements-WG@...<mailto:Hyperledger-Requirements-WG@...>
https://lists.hyperledger.org/mailman/listinfo/hyperledger-requirements-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.hyperledger.org/pipermail/hyperledger-requirements-wg/attachments/20170720/28626f4d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 105 bytes
Desc: image001.gif
URL: <http://lists.hyperledger.org/pipermail/hyperledger-requirements-wg/attachments/20170720/28626f4d/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.gif
Type: image/gif
Size: 2396 bytes
Desc: image002.gif
URL: <http://lists.hyperledger.org/pipermail/hyperledger-requirements-wg/attachments/20170720/28626f4d/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 166 bytes
Desc: image004.png
URL: <http://lists.hyperledger.org/pipermail/hyperledger-requirements-wg/attachments/20170720/28626f4d/attachment.png>
------------------------------
_______________________________________________
Hyperledger-Requirements-WG mailing list
Hyperledger-Requirements-WG@...
https://lists.hyperledger.org/mailman/listinfo/hyperledger-requirements-wg
End of Hyperledger-Requirements-WG Digest, Vol 12, Issue 9
**********************************************************
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
|
|
|
Andreas Freund <andreas.freund@...>
Hi Oskar,
My requirements are in fact quite general and not necessarily predicated to a blockchain. However since were talking about block chain consortium, the qualifier is OK in my opinion.
The requirements are stated with the assumption that a consortium is not necessarily collusion free and that certain members are not always law-abiding. The requirements are a security layer that can ensure fairness in decision-making through game theoretic means.
Which brings me to your comment about the technical implementation when I mentioned P-majority. This is a mathematical term. And has nothing to do with a specific technical implementation. Happy to discuss all of these requirements further. I see these requirements as foundational building blocks for a consortium running one or more block trains for either the public or Enterprises.
To see a direct application of such requirements in an active project, I would recommend that you look at the Augur project that is currently being finalized on Ethereum. Augur is a decentralized prediction market.
I see the requirements I stated in addition to what you have written down and not in replacement of them. As well as these being more of a clarification at certain points.
I will try and see if I can join the working group call on Monday. But I might be traveling.
Cheers,
On Jul 22, 2017, at 9:11 AM, Deventer, M.O. (Oskar) van < oskar.vandeventer@...> wrote:
Dear Andreas,
Thank you for your detailed analysis, which is highly appreciated!
- Assumption is that we are talking about a Blockchain ecosystem:
- 1 … 12
Many of your bullets seem to be requirements for a solution to be qualified as “blockchain”. If these requirements have not yet been formally documented by the Hyperledger RequirementsWG,
then I hope that they will be in due process. Some of your bullets (e.g. “An external claim is found to be validated if a p-majority of validators… ”) seem to describe a technical solution. I’d love to discuss these with you and get a better understanding
of the concept that you are describing. The HyperledgerArchitectureWG may be a good place for that.
However,
-
How do your points relate to my set of requirements?
-
What do they mean in terms of work to be done, either in the RequirementsWG or elsewhere?
- underlying assumptions such as "law abiding consortium" are validated.
That is a fair point. I have started a document about functional roles in a Hyperledger blockchain, see
https://docs.google.com/document/d/1CIMzpsCYNyFuJ_IgJhrsIY-ZxEk23w-pf8sQ2d79ASc. In the functional model, the service layer hosts consortium(s) of blockchain service providers (“validators”). The document did not get much
traction in the RequirementsWG, so I have abandoned it for now.
Within the Netherlands, a consortium of disparate Dutch companies (“Techruption”, with banks, telco’s, universities, start-ups, government branches,
…) is now working on the “Techruption Consortium Blockchain”. “Consortium Blockchain” (a.k.a. permissioned blockchain) is the experimental blockchain that will be run by the partners. So this is a Dutch Consortium running nodes in The Netherlands for Dutch
users under Dutch law. The use cases from my “after-the-fact” document came up at a consortium meeting.
- what is enterprise grade?
This is blockchain network and technology that a major enterprise would rely on for core business processes. This currently disqualifies the highly volatile and unclearly governed public
Bitcoin and public Ethereum blockchains. Our conjecture is that a consortium of disparate companies may create a blockchain that enterprises and government can rely on not to be colluding.
- What is an applicable jurisdiction? A court order by a US court trying to be enforced against an Argentinian national residing in China?
As JFK said, “we are not doing this because it is easy”. As Google has learned in China and Europe, multinational organisations are not above the law. The same is true for multinational
consortia. My document is not a legal treatise. It is formulating a set of requirements that a law-abiding blockchain consortium would want to be able to satisfy.
- Being able to update smart contract systems has become a fundamental design requirement and principle in the ecosystem. Hence, I am
truly puzzled by your statement.
Are you saying that all the Hyperledger projects satisfy my set of eight requirements already? If that is correct, then our work is done. However, based on feedback from others I am
not sure whether this is indeed the case.
- Besides, would you really want to trust a court order in a jurisdiction with a history of corruption?
See what is happening with Poland and the EU.
Let us discuss that over beer some time.
Thank you again, and looking forward to the continuation of this discussion. I shall participate in the RequirementsWG call of this Monday 24 July.
Best regards,
Oskar
From: Andreas Freund [mailto:andreas.freund@...]
Sent: Saturday, 22 July, 2017 01:20
To: hyperledger-requirements-wg@...; Deventer, M.O. (Oskar) van <oskar.vandeventer@...>
Subject: Re: Hyperledger-Requirements-WG Digest, Vol 12, Issue 9
Hi Oskar, see my comments below, marked with AF. Apologies for the delay. Work.
Have a great weekend.
Cheers,
Andreas
Dear Andreas Freund,
Thank you for your comment below, which I have received via Google Docs. As noted in my response to you in the Google Doc, the place to discuss fundamental requirements issues is at the Hyperledger RequirementsWG mailing list (this list).
I believe that your comment is missing the essence of my document.
* That opens the door to collusion of all sorts
A qualified majority of validators can always collude (cf. Ethereum+DAO). An essence of blockchain is that they cannot collude covertly.
AF: Of course validators can collude covertly, that is exactly the game theoretic problem that Casper is tackling. That is a hard problem.
But coming back to requirements. To start with I would suggest that underlying assumptions such as "law abiding consortium" are validated. I would prefer the assumption that at any moment there is a malicious set of participants
in a consortium which will try to either censor or subvert decisions. Given what we know about human behavior, this is a sensible assumption. Besides, would you really want to trust a court order in a jurisdiction with a history of corruption? See what is
happening with Poland and the EU.
Hence, there are several requirements IMHO that are spawned from the above threat based assumption. Assumption is that we are talking about a Blockchain ecosystem:
-
External claims such as a court order have to be validated by a randomly chosen set of validators. Where randomly refers to a randomized selection process that is performed in the blind
-
Only Blockchain identities can become validators
-
The status of validator is obtained through a collusion resistant, privacy preserving process
-
Validators are incentivized to make themselves available to validate an external claim
-
Validators are rewarded for validating an external claim truthfully to the best of their ability
-
Validators are censored for not reporting on external claims truthfully
-
An external claim is found to be validated if a p-majority of validators decides that an external claim is valid within the predetermined timeframe
-
The result of any validation has to be broadcast to all Blockchain identities
-
The validity of a validated external claim can be challenged by a Blockchain identity by posting a challenge bond of meaningful size for the claimant within a certain time period of an external claim being validated.
-
In the case of a challenge, a new, randomly chosen set of validators is assigned and validates the external claim. If the challenge is resolved in favor of the challenger, the rewards of the incorrectly reporting majority
are given to the challenger. If the challenge is resolved against the claimant, the challenge bond is lost and paid out to the truthfully reporting validators
-
An outcome of a validation can be challenged more than once
-
The reassigning ownership of a Blockchain asset be it either fully digital or representing an analog asset has to follow the process requirements #1 - #11. A digital asset can be anything from a token to a smart contract code
* running a Blockchain platform does not mean you should know who controls smart contracts.
My document is not about identity not does it make assumptions about the implementation. It is a set of requirements for a law-abiding consortium blockchain that is offering an enterprise-grade blockchain service that wants to be able to comply to a court
order of their applicable jurisdiction. I believe that the formulated requirements are fair, even if your hypothetical current implementation cannot comply to them.
AF: See above and "a law-abiding consortium blockchain that is offering an enterprise-grade blockchain service that wants to be able to comply to a court order of their applicable jurisdiction" has implicit assumptions in it that are not defined anywhere.
For example, what is enterprise grade? Why even refer to that, I do not think that this is necessary? What is an applicable jurisdiction? A court order by a US court trying to be enforced against an Argentinian national residing in China? Just to show the
implicit complexity of potential requests.
Generally speaking, Blockchain consortium members should not know who owns/controls assets e.g. smart contracts on the consortium platform as long as applicable regulatory requirements can be fulfilled. I would formulate that as a requirement.
* validators nodes provided by a consortium should be crytpographically sealed upon deployment without ability to access the node from the outside.
The Hyperledger RequirementsWG is about requirements, not about implementations that can or cannot comply to the requirement.
AF: Then let me formulate this as a requirement. Blockchain network nodes should not be accessible by anyone or anything after deployment, except for Blockchain identities to submit transactions/blocks. Note Blockchain identities could be also other nodes.
Furthermore, all node processes must remain hidden and inaccessible to anyone or anything from the outside. Lastly, node processes have to be structured in such a way that they cannot influence one another unless it is part of the Blockchain protocol design.
* What can be done is to have a function in a smart contract that allows reassignment based on m-of-n multisig of registered identities
One cannot “after-the-fact” retrofit an existing and validated smart contract with m-of-n multisig, nor does my proposed set of requirements require this. Your solution can be used to addresses the “lost keys” problem, which is not what my document is about.
AF: First, of course, you can, if you use a smart contract system, secondly, you must be able to update smart contract systems to delete, add or change functionality such as m-of-n multi sig. Being able to update smart contract systems has become a fundamental
design requirement and principle in the ecosystem. Hence, I am truly puzzled by your statement.
Please let me know if I am missing something.
Best regards,
Oskar
From: Andreas Freund (Google Docs) [mailto:d+MTA5ODc1OTgwNjAwMDc1MTUwNjY3-MTAzNTMzNjc5Njk5NDU1ODU5NTU0 at docs.google.com]
Sent: Tuesday, 18 July, 2017 23:39
To: Deventer, M.O. (Oskar) van <oskar.vandeventer at tno.nl>
Subject: Hyperledger - Aft... - That opens the door to collusion of a...
Andreas Freund added a comment to Hyperledger - After-the-fact mandate changes<https://docs.google.com/document/d/1psJc9UWuteSzOqIG0VLIdzdlxFb9kq-Csw-dxcjPzEo/edit?disco=AAAAA_gQ6ak&ts=596e7ff5&usp=comment_email_document>
[Andreas Freund]
Andreas Freund
A blockchain consortium shall be able to sign over the authorization over a smart contract from one user (“anchor”) to another user (“guardian”).
That opens the door to collusion of all sorts ... running a Blockchain platform does not mean you should know who controls smart contracts. In fact, validators nodes provided by a consortium should be crytpographically sealed upon deployment without ability
to access the node from the outside. What can be done is to have a function in a smart contract that allows reassignment based on m-of-n multisig of registered identities
Open<https://docs.google.com/document/d/1psJc9UWuteSzOqIG0VLIdzdlxFb9kq-Csw-dxcjPzEo/edit?disco=AAAAA_gQ6ak&usp=comment_email_discussion&ts=596e7ff5>
Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
You have received this email because you are subscribed to all discussions on Hyperledger - After-the-fact mandate changes<https://docs.google.com/document/d/1psJc9UWuteSzOqIG0VLIdzdlxFb9kq-Csw-dxcjPzEo/edit?disco=AAAAA_gQ6ak&ts=596e7ff5&usp=comment_email_document>.Change
what Google Docs sends you.<https://docs.google.com/document/docos/notify?id=1psJc9UWuteSzOqIG0VLIdzdlxFb9kq-Csw-dxcjPzEo&title=Hyperledger+-+After-the-fact+mandate+changes>You
can reply to this email to reply to the discussion.
[cid:image001.png at 01D30078.4F641170]
Best Regards
Dr. Andreas Freund
Senior Manager, Global Consulting Practice - NextGen Strategy Practice & Blockchain Advisory
Tata Consultancy Services Limited
Ph:- +1-858-699-7022
Cell:- +1-858-699-7022
Mailto: andreas.freund@...
Website: http://www.tcs.com
____________________________________________
Experience certainty. IT Services
Business Solutions
Consulting
____________________________________________
From: hyperledger-requirements-wg-request@...
To: hyperledger-requirements-wg@...
Date: 07/20/2017 08:35 AM
Subject: Hyperledger-Requirements-WG Digest, Vol 12, Issue 9
Sent by: hyperledger-requirements-wg-bounces@...
Send Hyperledger-Requirements-WG mailing list submissions to
hyperledger-requirements-wg@...
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.hyperledger.org/mailman/listinfo/hyperledger-requirements-wg
or, via email, send a message with subject or body 'help' to
hyperledger-requirements-wg-request@...
You can reach the person managing the list at
hyperledger-requirements-wg-owner@...
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Hyperledger-Requirements-WG digest..."
Today's Topics:
1. Re: FW: Document "After-the-fact mandate changes" ready for
external review (Deventer, M.O. (Oskar) van)
----------------------------------------------------------------------
Message: 1
Date: Thu, 20 Jul 2017 15:35:12 +0000
From: "Deventer, M.O. (Oskar) van" <oskar.vandeventer@...>
To: Mark Parzygnat <markparz@...>
Cc: "hyperledger-requirements-wg@..."
<hyperledger-requirements-wg@...>
Subject: Re: [Hyperledger-Requirements-WG] FW: Document
"After-the-fact mandate changes" ready for external review
Message-ID:
<BA5A0ED6E909E749AD5CB0D3750A6D2A221E659D@...>
Content-Type: text/plain; charset="utf-8"
Hi Mark,
* The main question I am asking is there a project that doesn't currently handle these scenarios?
This question can only be answered based on well formulated requirements. The RequirementsWG has worked on these for the last two months. Initial feedback suggests that there are Hyperledger projects that do not support this set of requirements. Moreover,
the support may be difficult for some of them without major architectural changes.
* figure out what features are currently missing
The purpose of the RequirementsWG is to figure out what features are needed.
(The fact that a feature is missing does not imply that there is a market need, more likely the opposite.)
* UIs for each of the platform projects, interoperability aspects that could be used from one project into another
So we should spell out the associated use case and requirements, correct?
(By the way, I am particularly interested in inter-project use cases and requirements.)
Best regards,
Oskar
From: Mark Parzygnat [mailto:markparz@...]
Sent: Thursday, 20 July, 2017 16:30
To: Deventer, M.O. (Oskar) van <oskar.vandeventer@...>
Cc: hyperledger-requirements-wg@...
Subject: RE: [Hyperledger-Requirements-WG] FW: Document "After-the-fact mandate changes" ready for external review
Hi Oskar,
Thanks. It's probably just my misunderstanding, so apologies for asking what maybe be silly questions. This particular document looks to be about access controls, after initial deployments. Broken down nicely in several different scenarios. The main question
I am asking is there a project that doesn't currently handle these scenarios? Iroha, Sawtooth, and Fabric seem to handle these scenarios from what I can tell. I'm wondering is this a document for new projects to verify they fulfill these use cases, or is there
a specific project or area that currently needs these requirements?
IMO, it would be a huge benefit for all of us in the requirements WG to look across the projects and figure out what features are currently missing in the projects that should be implemented. For instance, nice UIs for each of the platform projects, interoperability
aspects that could be used from one project into another, or specific project needs based on what people are looking for like Fabric needs a JS chaincode, etc. I know it's a big task, but I think worth the investment.
Hope I'm making sense.
Regards,
Mark
[Inactive hide details for "Deventer, M.O. (Oskar) van" ---07/20/2017 09:21:14 AM---Hi Mark, De document was developed by me in]"Deventer, M.O. (Oskar) van" ---07/20/2017 09:21:14 AM---Hi Mark, De document was developed by me in collaboration with several
others. It is likely to becom
From: "Deventer, M.O. (Oskar) van" <oskar.vandeventer@...<mailto:oskar.vandeventer@...>>
To: Mark Parzygnat <markparz@...<mailto:markparz@...>>
Cc: "hyperledger-requirements-wg@...<mailto:hyperledger-requirements-wg@...>"
<hyperledger-requirements-wg@...<mailto:hyperledger-requirements-wg@...>>
Date: 07/20/2017 09:21 AM
Subject: RE: [Hyperledger-Requirements-WG] FW: Document "After-the-fact mandate changes" ready for external review
________________________________
Hi Mark,
De document was developed by me in collaboration with several others. It is likely to become an agreed document from the RequirementsWG very soon. The purpose of the document is input to IdentityWG, ArchitectureWG and (possibly indirectly) to Hyperledger
projects, which includes Hyperledger Fabric.
* Hyperledger Fabric has all these controls in place via channels. In order to be able ?
I am not sure how I should read this statement. If Hyperledger Fabric does already intrinsically support the full set of requirements, then that is great. If not, then there is potential work for contributors to that project.
Does this make sense?
Best regards,
Oskar
Dr. ir. M.O. (Oskar) van Deventer
Senior Scientist Blockchain Networking
Dept. Networks
T +31 (0)88 866 70 78
M +31 (0)65 191 49 18
E oskar.vandeventer@...<mailto:oskar.vandeventer@...>
Location<http://www.tno.nl/locaties/DHA>
[]<http://www.tno.nl/>
This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. TNO accepts no liability for the content of this
e-mail, for the manner in which you use it and for damage of any kind resulting from the risks inherent to the electronic transmission of messages.
From: Mark Parzygnat [mailto:markparz@...]
Sent: Wednesday, 19 July, 2017 19:33
To: Deventer, M.O. (Oskar) van <oskar.vandeventer@...<mailto:oskar.vandeventer@...>>
Cc: Boulton, Clive <clive.boulton@...<mailto:clive.boulton@...>>; hyperledger-requirements-wg@...<mailto:hyperledger-requirements-wg@...>;
hyperledger-requirements-wg-bounces@...<mailto:hyperledger-requirements-wg-bounces@...>
Subject: Re: [Hyperledger-Requirements-WG] FW: Document "After-the-fact mandate changes" ready for external review
Hi Everyone,
Apologies I've not been able to attend the req-wg meetings as I have conflicts with the timing. However looking this over, I would like to know a bit more about this particular document. Is this to gather input on how this currently works project by project?
Hyperledger Fabric has all these controls in place via channels. In order to be able to instantiate the chaincode(smart contract) you have to have the authorization, which also means you have ownership since it's installed on your file system.
Regards,
Mark
[Inactive hide details for "Deventer, M.O. (Oskar) van" ---07/18/2017 05:35:53 AM---Hi Clive, all, The document "After-the-fact]"Deventer, M.O. (Oskar) van" ---07/18/2017 05:35:53 AM---Hi Clive, all, The document "After-the-fact mandate changes" was discussed
in detail in the Hyperled
From: "Deventer, M.O. (Oskar) van" <oskar.vandeventer@...<mailto:oskar.vandeventer@...>>
To: "Boulton, Clive" <clive.boulton@...<mailto:clive.boulton@...>>
Cc: "hyperledger-requirements-wg@...<mailto:hyperledger-requirements-wg@...>"
<hyperledger-requirements-wg@...<mailto:hyperledger-requirements-wg@...>>
Date: 07/18/2017 05:35 AM
Subject: [Hyperledger-Requirements-WG] FW: Document "After-the-fact mandate changes" ready for external review
Sent by: hyperledger-requirements-wg-bounces@...<mailto:hyperledger-requirements-wg-bounces@...>
________________________________
Hi Clive, all,
The document ?After-the-fact mandate changes? was discussed in detail in the Hyperledger Identity working group. There were ten participants, including a person from Hyperledger Indy. There were some discussions about solution directions and potential implementation
issues. The general feedback was that the document was well written and clear. No further changes were made.
Let us now formally close the document, that is, PDF it, add it to the Wiki list, and formally share it with the Architecture and Identity working groups. OK?
Best regards,
Oskar
________________________________
From: hyperledger-requirements-wg-bounces@...<mailto:hyperledger-requirements-wg-bounces@...>
<hyperledger-requirements-wg-bounces@...<mailto:hyperledger-requirements-wg-bounces@...>>
on behalf of Deventer, M.O. (Oskar) van <oskar.vandeventer@...<mailto:oskar.vandeventer@...>>
Sent: Wednesday, July 5, 2017 12:57 AM
To: Boulton, Clive
Cc: hyperledger-requirements-wg@...<mailto:hyperledger-requirements-wg@...>
Subject: [Hyperledger-Requirements-WG] Document "After-the-fact mandate changes" ready for external review
Hi Clive, all,
I have just updated the document "After-the-fact mandate changes" (https://docs.google.com/document/d/1psJc9UWuteSzOqIG0VLIdzdlxFb9kq-Csw-dxcjPzEo),
incorporating the comments received at the 26-June RequirementsWG call. The full set of requirements now reads as follows.
Requirement 1: A user (?anchor?) shall be able to sign over its authorization over a smart contract to another user (?guardian?) after the fact.
1a: The original user (?anchor?) loses its authorization over the smart contract.
1b: The original user (?anchor?) maintains its authorization over the smart contract.
Requirement 2: A blockchain consortium shall be able to sign over the authorization over a smart contract from one user (?anchor?) to another user (?guardian?).
Requirement 3: It should be possible to re-assign the authorization over multiple or all a smart contracts for a user (?anchor?) to another user (?guardian?) in a single action.
Requirement 4: It should be possible to re-assign the authorization over a smart contract back to the original (?anchor?) user.
Requirement 5: The solution to requirements 1-4 shall not require the handing over of private keys.
Requirement 6: The solution to requirements 1-4 shall not require mutability of the blockchain.
Requirement 7: The introduction of a solution to requirements 1-4 should be backward compatible, such that they also apply to smart contracts that predate this introduction.
Requirement 8: The solution to requirements 1-4 may be programmable.
Following your suggestion, I shall share the document also with hyperledger-arch-wg@...<mailto:hyperledger-arch-wg@...>
and hyperledger-identity-wg@...<mailto:hyperledger-identity-wg@...>.
As always, reviews, comments and suggestions remain very welcome!
Best regards,
Oskar
From: Deventer, M.O. (Oskar) van
Sent: Wednesday, 05 July, 2017 09:43
To: Aaron Benningfield <aaron.b.benningfield@...<mailto:aaron.b.benningfield@...>>
Cc: clive boulton <clive.boulton@...<mailto:clive.boulton@...>>
Subject: RE: [Hyperledger-Requirements-WG] Minutes from Monday, June 26th
Hi Aaron,
* My comments did not make it in Oskar's Document for what ever reason
I checked the document history of https://docs.google.com/document/d/1psJc9UWuteSzOqIG0VLIdzdlxFb9kq-Csw-dxcjPzEo,
but I could not find any trace of your comments in earlier versions. Sorry about that.
* What about returns? As in merchandise you would have returned, maybe the person was going to take a flight, vacation etc. and now cannot go.
I am not sure how your comment relates to the subject of my document. My document is about ?after-the-fact mandate changes?. Here either the authorized user (?anchor?) himself or the blockchain consortium (as ordered by court) turns over the authorization
to another user (?guardian?).
Oskar
From: Aaron Benningfield [mailto:aaron.b.benningfield@...]
Sent: Wednesday, 05 July, 2017 02:18
To: clive boulton <clive.boulton@...<mailto:clive.boulton@...>>; Deventer, M.O. (Oskar) van <oskar.vandeventer@...<mailto:oskar.vandeventer@...>>
Subject: Re: [Hyperledger-Requirements-WG] Minutes from Monday, June 26th
What about returns? As in merchandise you would have returned, maybe the person was going to take a flight, vacation etc. and now cannot go. My comments did not make it in Oskar's Document for what ever reason so I was going to add the aforementioned (returns)
as one to think about,
________________________________
From: clive boulton <clive.boulton@...<mailto:clive.boulton@...>>
Sent: Monday, July 3, 2017 3:41:25 PM
To: Aaron Benningfield
Cc: Deventer, M.O. (Oskar) van
Subject: Fwd: [Hyperledger-Requirements-WG] Minutes from Monday, June 26th
Hi Aaron,
Do you know any mandated cases?
What about a corporate bankruptcy: Assets and liabilities are often about the same. But who gets paid first is somehow always mandated.
Assuming so, how do we stop smart contracts auto paying out funds after a bankruptcy / untimely death from bank making automatic mortgage payments.
-Clive.
---------- Forwarded message ----------
From: clive boulton <clive.boulton@...<mailto:clive.boulton@...>>
Date: Mon, Jul 3, 2017 at 3:21 PM
Subject: [Hyperledger-Requirements-WG] Minutes from Monday, June 26th
To: Hyperledger Requirements <hyperledger-requirements-wg@...<mailto:hyperledger-requirements-wg@...>>
The minutes from [last] Monday's Requirements Working Group bi-weekly are here:
https://wiki.hyperledger.org/groups/requirements/requirements-wg/minutes#june_26th_2017
Domain experts please review the use case:
?After-the-fact mandate changes?<https://docs.google.com/document/d/1psJc9UWuteSzOqIG0VLIdzdlxFb9kq-Csw-dxcjPzEo/edit>
Our next meeting July 10 - 1pm EST / 10am PST
-Clive
This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. TNO accepts no liability for the content of this
e-mail, for the manner in which you use it and for damage of any kind resulting from the risks inherent to the electronic transmission of messages._______________________________________________
Hyperledger-Requirements-WG mailing list
Hyperledger-Requirements-WG@...<mailto:Hyperledger-Requirements-WG@...>
https://lists.hyperledger.org/mailman/listinfo/hyperledger-requirements-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.hyperledger.org/pipermail/hyperledger-requirements-wg/attachments/20170720/28626f4d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 105 bytes
Desc: image001.gif
URL: <http://lists.hyperledger.org/pipermail/hyperledger-requirements-wg/attachments/20170720/28626f4d/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.gif
Type: image/gif
Size: 2396 bytes
Desc: image002.gif
URL: <http://lists.hyperledger.org/pipermail/hyperledger-requirements-wg/attachments/20170720/28626f4d/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 166 bytes
Desc: image004.png
URL: <http://lists.hyperledger.org/pipermail/hyperledger-requirements-wg/attachments/20170720/28626f4d/attachment.png>
------------------------------
_______________________________________________
Hyperledger-Requirements-WG mailing list
Hyperledger-Requirements-WG@...
https://lists.hyperledger.org/mailman/listinfo/hyperledger-requirements-wg
End of Hyperledger-Requirements-WG Digest, Vol 12, Issue 9
**********************************************************
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
|
|
|
Deventer, M.O. (Oskar) van <oskar.vandeventer@...>
Hi Andreas,
Thank you for further clarifying the assumptions and associated requirements. It would be great if we could properly document these in the RequirementsWG.
Oskar
toggle quoted message
Show quoted text
From: Andreas Freund [mailto:andreas.freund@...]
Sent: Saturday, 22 July, 2017 20:26
To: Deventer, M.O. (Oskar) van <oskar.vandeventer@...>
Cc: hyperledger-requirements-wg@...
Subject: Re: Hyperledger-Requirements-WG Digest, Vol 12, Issue 9
My requirements are in fact quite general and not necessarily predicated to a blockchain. However since were talking about block chain consortium, the qualifier is OK in my opinion.
The requirements are stated with the assumption that a consortium is not necessarily collusion free and that certain members are not always law-abiding. The requirements are a security layer that can ensure fairness in
decision-making through game theoretic means.
Which brings me to your comment about the technical implementation when I mentioned P-majority. This is a mathematical term. And has nothing to do with a specific technical implementation. Happy to discuss all of these requirements further. I see these requirements
as foundational building blocks for a consortium running one or more block trains for either the public or Enterprises.
To see a direct application of such requirements in an active project, I would recommend that you look at the Augur project that is currently being finalized on Ethereum. Augur is a decentralized prediction market.
I see the requirements I stated in addition to what you have written down and not in replacement of them. As well as these being more of a clarification at certain points.
I will try and see if I can join the working group call on Monday. But I might be traveling.
Cheers,
Dear Andreas,
Thank you for your detailed analysis, which is highly appreciated!
Ø
Assumption is that we are talking about a Blockchain ecosystem:
Ø
1 … 12
Many of your bullets seem to be requirements for a solution to be qualified as “blockchain”. If these requirements have not yet been formally documented by the Hyperledger RequirementsWG,
then I hope that they will be in due process. Some of your bullets (e.g. “An external claim is found to be validated if a p-majority of validators… ”) seem to describe a technical solution. I’d love to discuss these with you and get a better understanding
of the concept that you are describing. The HyperledgerArchitectureWG may be a good place for that.
However,
·
How do your points relate to my set of requirements?
·
What do they mean in terms of work to be done, either in the RequirementsWG or elsewhere?
Ø
underlying assumptions such as "law abiding consortium" are validated.
That is a fair point. I have started a document about functional roles in a Hyperledger blockchain, see
https://docs.google.com/document/d/1CIMzpsCYNyFuJ_IgJhrsIY-ZxEk23w-pf8sQ2d79ASc.
In the functional model, the service layer hosts consortium(s) of blockchain service providers (“validators”). The document did not get much traction in the RequirementsWG, so I have abandoned it
for now.
Within the Netherlands, a consortium of disparate Dutch companies (“Techruption”,
with banks, telco’s, universities, start-ups, government branches, …) is now working on the “Techruption Consortium Blockchain”. “Consortium Blockchain” (a.k.a. permissioned blockchain) is the experimental blockchain that will be run by the partners. So this
is a Dutch Consortium running nodes in The Netherlands for Dutch users under Dutch law. The use cases from my “after-the-fact” document came up at a consortium meeting.
Ø
what is enterprise grade?
This is blockchain network and technology that a major enterprise would rely on for core business processes. This currently disqualifies the highly volatile and unclearly governed public
Bitcoin and public Ethereum blockchains. Our conjecture is that a consortium of disparate companies may create a blockchain that enterprises and government can rely on not to be colluding.
Ø
What is an applicable jurisdiction? A court order by a US court trying to be enforced against an Argentinian national residing in China?
As JFK said, “we are not doing this because it is easy”. As Google has learned in China and Europe, multinational organisations are not above the law. The same is true for multinational
consortia. My document is not a legal treatise. It is formulating a set of requirements that a law-abiding blockchain consortium would want to be able to satisfy.
Ø
Being able to update smart contract systems has become a fundamental design requirement and principle in the ecosystem. Hence, I am truly puzzled by your statement.
Are you saying that all the Hyperledger projects satisfy my set of eight requirements already? If that is correct, then our work is done. However, based on feedback from others I am
not sure whether this is indeed the case.
Ø
Besides, would you really want to trust a court order in a jurisdiction with a history of corruption?
See what is happening with Poland and the EU.
Let us discuss that over beer some time.
Thank you again, and looking forward to the continuation of this discussion. I shall participate in the RequirementsWG call of this Monday 24 July.
Best regards,
Oskar
From: Andreas Freund [mailto:andreas.freund@...]
Sent: Saturday, 22 July, 2017 01:20
To: hyperledger-requirements-wg@...; Deventer, M.O. (Oskar) van <oskar.vandeventer@...>
Subject: Re: Hyperledger-Requirements-WG Digest, Vol 12, Issue 9
Hi Oskar, see my comments below, marked with AF. Apologies for the delay. Work.
Have a great weekend.
Cheers,
Andreas
Dear Andreas Freund,
Thank you for your comment below, which I have received via Google Docs. As noted in my response to you in the Google Doc, the place to discuss fundamental requirements issues is at the Hyperledger RequirementsWG
mailing list (this list).
I believe that your comment is missing the essence of my document.
* That opens the door to collusion of all sorts
A qualified majority of validators can always collude (cf. Ethereum+DAO). An essence of blockchain is that they cannot collude covertly.
AF: Of course validators can collude covertly, that is exactly the game theoretic problem that Casper is tackling. That is a hard problem.
But coming back to requirements. To start with I would suggest that underlying assumptions such as "law abiding consortium" are validated. I would prefer the assumption that at any moment there is a malicious
set of participants in a consortium which will try to either censor or subvert decisions. Given what we know about human behavior, this is a sensible assumption. Besides, would you really want to trust a court order in a jurisdiction with a history of corruption?
See what is happening with Poland and the EU.
Hence, there are several requirements IMHO that are spawned from the above threat based assumption. Assumption is that we are talking about a Blockchain ecosystem:
-
External claims such as a court order have to be validated by a randomly chosen set of validators. Where randomly refers to a randomized selection process that is performed in the blind
-
Only Blockchain identities can become validators
-
The status of validator is obtained through a collusion resistant, privacy preserving process
-
Validators are incentivized to make themselves available to validate an external claim
-
Validators are rewarded for validating an external claim truthfully to the best of their ability
-
Validators are censored for not reporting on external claims truthfully
-
An external claim is found to be validated if a p-majority of validators decides that an external claim is valid within the predetermined timeframe
-
The result of any validation has to be broadcast to all Blockchain identities
-
The validity of a validated external claim can be challenged by a Blockchain identity by posting a challenge bond of meaningful size for the claimant within a certain time period of an external claim being validated.
-
In the case of a challenge, a new, randomly chosen set of validators is assigned and validates the external claim. If the challenge is resolved in favor of the challenger, the rewards of the incorrectly reporting
majority are given to the challenger. If the challenge is resolved against the claimant, the challenge bond is lost and paid out to the truthfully reporting validators
-
An outcome of a validation can be challenged more than once
-
The reassigning ownership of a Blockchain asset be it either fully digital or representing an analog asset has to follow the process requirements #1 - #11. A digital asset can be anything from a token to a smart
contract code
* running a Blockchain platform does not mean you should know who controls smart contracts.
My document is not about identity not does it make assumptions about the implementation. It is a set of requirements for a law-abiding consortium blockchain that is offering an enterprise-grade blockchain
service that wants to be able to comply to a court order of their applicable jurisdiction. I believe that the formulated requirements are fair, even if your hypothetical current implementation cannot comply to them.
AF: See above and "a law-abiding consortium blockchain that is offering an enterprise-grade blockchain service that wants to be able to comply to a court order of their applicable jurisdiction" has implicit
assumptions in it that are not defined anywhere. For example, what is enterprise grade? Why even refer to that, I do not think that this is necessary? What is an applicable jurisdiction? A court order by a US court trying to be enforced against an Argentinian
national residing in China? Just to show the implicit complexity of potential requests.
Generally speaking, Blockchain consortium members should not know who owns/controls assets e.g. smart contracts on the consortium platform as long as applicable regulatory requirements can be fulfilled.
I would formulate that as a requirement.
* validators nodes provided by a consortium should be crytpographically sealed upon deployment without ability to access the node from the outside.
The Hyperledger RequirementsWG is about requirements, not about implementations that can or cannot comply to the requirement.
AF: Then let me formulate this as a requirement. Blockchain network nodes should not be accessible by anyone or anything after deployment, except for Blockchain identities to submit transactions/blocks.
Note Blockchain identities could be also other nodes. Furthermore, all node processes must remain hidden and inaccessible to anyone or anything from the outside. Lastly, node processes have to be structured in such a way that they cannot influence one another
unless it is part of the Blockchain protocol design.
* What can be done is to have a function in a smart contract that allows reassignment based on m-of-n multisig of registered identities
One cannot “after-the-fact” retrofit an existing and validated smart contract with m-of-n multisig, nor does my proposed set of requirements require this. Your solution can be used to addresses the “lost
keys” problem, which is not what my document is about.
AF: First, of course, you can, if you use a smart contract system, secondly, you must be able to update smart contract systems to delete, add or change functionality such as m-of-n multi sig. Being able
to update smart contract systems has become a fundamental design requirement and principle in the ecosystem. Hence, I am truly puzzled by your statement.
Please let me know if I am missing something.
Best regards,
Oskar
From: Andreas Freund (Google Docs) [mailto:d+MTA5ODc1OTgwNjAwMDc1MTUwNjY3-MTAzNTMzNjc5Njk5NDU1ODU5NTU0
at docs.google.com]
Sent: Tuesday, 18 July, 2017 23:39
To: Deventer, M.O. (Oskar) van <oskar.vandeventer at tno.nl>
Subject: Hyperledger - Aft... - That opens the door to collusion of a...
Andreas Freund added a comment to Hyperledger - After-the-fact mandate changes<https://docs.google.com/document/d/1psJc9UWuteSzOqIG0VLIdzdlxFb9kq-Csw-dxcjPzEo/edit?disco=AAAAA_gQ6ak&ts=596e7ff5&usp=comment_email_document>
[Andreas Freund]
Andreas Freund
A blockchain consortium shall be able to sign over the authorization over a smart contract from one user (“anchor”) to another user (“guardian”).
That opens the door to collusion of all sorts ... running a Blockchain platform does not mean you should know who controls smart contracts. In fact, validators nodes provided by a consortium should be crytpographically
sealed upon deployment without ability to access the node from the outside. What can be done is to have a function in a smart contract that allows reassignment based on m-of-n multisig of registered identities
Open<https://docs.google.com/document/d/1psJc9UWuteSzOqIG0VLIdzdlxFb9kq-Csw-dxcjPzEo/edit?disco=AAAAA_gQ6ak&usp=comment_email_discussion&ts=596e7ff5>
Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
You have received this email because you are subscribed to all discussions on Hyperledger - After-the-fact mandate changes<https://docs.google.com/document/d/1psJc9UWuteSzOqIG0VLIdzdlxFb9kq-Csw-dxcjPzEo/edit?disco=AAAAA_gQ6ak&ts=596e7ff5&usp=comment_email_document>.Change
what Google Docs sends you.<https://docs.google.com/document/docos/notify?id=1psJc9UWuteSzOqIG0VLIdzdlxFb9kq-Csw-dxcjPzEo&title=Hyperledger+-+After-the-fact+mandate+changes>You
can reply to this email to reply to the discussion.
[cid:image001.png at 01D30078.4F641170]
Best Regards
Dr. Andreas Freund
Senior Manager, Global Consulting Practice - NextGen Strategy Practice & Blockchain Advisory
Tata Consultancy Services Limited
Ph:- +1-858-699-7022
Cell:- +1-858-699-7022
Mailto: andreas.freund@...
Website: http://www.tcs.com
____________________________________________
Experience certainty. IT Services
Business Solutions
Consulting
____________________________________________
From: hyperledger-requirements-wg-request@...
To: hyperledger-requirements-wg@...
Date: 07/20/2017 08:35 AM
Subject: Hyperledger-Requirements-WG Digest, Vol 12, Issue 9
Sent by: hyperledger-requirements-wg-bounces@...
Send Hyperledger-Requirements-WG mailing list submissions to
hyperledger-requirements-wg@...
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.hyperledger.org/mailman/listinfo/hyperledger-requirements-wg
or, via email, send a message with subject or body 'help' to
hyperledger-requirements-wg-request@...
You can reach the person managing the list at
hyperledger-requirements-wg-owner@...
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Hyperledger-Requirements-WG digest..."
Today's Topics:
1. Re: FW: Document "After-the-fact mandate changes" ready for
external review (Deventer, M.O. (Oskar) van)
----------------------------------------------------------------------
Message: 1
Date: Thu, 20 Jul 2017 15:35:12 +0000
From: "Deventer, M.O. (Oskar) van" <oskar.vandeventer@...>
To: Mark Parzygnat <markparz@...>
Cc: "hyperledger-requirements-wg@..."
<hyperledger-requirements-wg@...>
Subject: Re: [Hyperledger-Requirements-WG] FW: Document
"After-the-fact mandate changes" ready for external review
Message-ID:
<BA5A0ED6E909E749AD5CB0D3750A6D2A221E659D@...>
Content-Type: text/plain; charset="utf-8"
Hi Mark,
* The main question I am asking is there a project that doesn't currently handle these scenarios?
This question can only be answered based on well formulated requirements. The RequirementsWG has worked on these for the last two months. Initial feedback suggests that there are Hyperledger projects that do not support this set of requirements. Moreover,
the support may be difficult for some of them without major architectural changes.
* figure out what features are currently missing
The purpose of the RequirementsWG is to figure out what features are needed.
(The fact that a feature is missing does not imply that there is a market need, more likely the opposite.)
* UIs for each of the platform projects, interoperability aspects that could be used from one project into another
So we should spell out the associated use case and requirements, correct?
(By the way, I am particularly interested in inter-project use cases and requirements.)
Best regards,
Oskar
From: Mark Parzygnat [mailto:markparz@...]
Sent: Thursday, 20 July, 2017 16:30
To: Deventer, M.O. (Oskar) van <oskar.vandeventer@...>
Cc: hyperledger-requirements-wg@...
Subject: RE: [Hyperledger-Requirements-WG] FW: Document "After-the-fact mandate changes" ready for external review
Hi Oskar,
Thanks. It's probably just my misunderstanding, so apologies for asking what maybe be silly questions. This particular document looks to be about access controls, after initial deployments. Broken down nicely in several different scenarios. The main question
I am asking is there a project that doesn't currently handle these scenarios? Iroha, Sawtooth, and Fabric seem to handle these scenarios from what I can tell. I'm wondering is this a document for new projects to verify they fulfill these use cases, or is there
a specific project or area that currently needs these requirements?
IMO, it would be a huge benefit for all of us in the requirements WG to look across the projects and figure out what features are currently missing in the projects that should be implemented. For instance, nice UIs for each of the platform projects, interoperability
aspects that could be used from one project into another, or specific project needs based on what people are looking for like Fabric needs a JS chaincode, etc. I know it's a big task, but I think worth the investment.
Hope I'm making sense.
Regards,
Mark
[Inactive hide details for "Deventer, M.O. (Oskar) van" ---07/20/2017 09:21:14 AM---Hi Mark, De document was developed by me in]"Deventer, M.O. (Oskar) van" ---07/20/2017 09:21:14 AM---Hi Mark, De document was developed by me in collaboration with several
others. It is likely to becom
From: "Deventer, M.O. (Oskar) van" <oskar.vandeventer@...<mailto:oskar.vandeventer@...>>
To: Mark Parzygnat <markparz@...<mailto:markparz@...>>
Cc: "hyperledger-requirements-wg@...<mailto:hyperledger-requirements-wg@...>"
<hyperledger-requirements-wg@...<mailto:hyperledger-requirements-wg@...>>
Date: 07/20/2017 09:21 AM
Subject: RE: [Hyperledger-Requirements-WG] FW: Document "After-the-fact mandate changes" ready for external review
________________________________
Hi Mark,
De document was developed by me in collaboration with several others. It is likely to become an agreed document from the RequirementsWG very soon. The purpose of the document is input to IdentityWG, ArchitectureWG and (possibly indirectly) to Hyperledger
projects, which includes Hyperledger Fabric.
* Hyperledger Fabric has all these controls in place via channels. In order to be able ?
I am not sure how I should read this statement. If Hyperledger Fabric does already intrinsically support the full set of requirements, then that is great. If not, then there is potential work for contributors to that project.
Does this make sense?
Best regards,
Oskar
Dr. ir. M.O. (Oskar) van Deventer
Senior Scientist Blockchain Networking
Dept. Networks
T +31 (0)88 866 70 78
M +31 (0)65 191 49 18
E oskar.vandeventer@...<mailto:oskar.vandeventer@...>
Location<http://www.tno.nl/locaties/DHA>
[]<http://www.tno.nl/>
This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. TNO accepts no liability for the content of this
e-mail, for the manner in which you use it and for damage of any kind resulting from the risks inherent to the electronic transmission of messages.
From: Mark Parzygnat [mailto:markparz@...]
Sent: Wednesday, 19 July, 2017 19:33
To: Deventer, M.O. (Oskar) van <oskar.vandeventer@...<mailto:oskar.vandeventer@...>>
Cc: Boulton, Clive <clive.boulton@...<mailto:clive.boulton@...>>;
hyperledger-requirements-wg@...<mailto:hyperledger-requirements-wg@...>;
hyperledger-requirements-wg-bounces@...<mailto:hyperledger-requirements-wg-bounces@...>
Subject: Re: [Hyperledger-Requirements-WG] FW: Document "After-the-fact mandate changes" ready for external review
Hi Everyone,
Apologies I've not been able to attend the req-wg meetings as I have conflicts with the timing. However looking this over, I would like to know a bit more about this particular document. Is this to gather input on how this currently works project by project?
Hyperledger Fabric has all these controls in place via channels. In order to be able to instantiate the chaincode(smart contract) you have to have the authorization, which also means you have ownership since it's installed on your file system.
Regards,
Mark
[Inactive hide details for "Deventer, M.O. (Oskar) van" ---07/18/2017 05:35:53 AM---Hi Clive, all, The document "After-the-fact]"Deventer, M.O. (Oskar) van" ---07/18/2017 05:35:53 AM---Hi Clive, all, The document "After-the-fact mandate changes" was discussed
in detail in the Hyperled
From: "Deventer, M.O. (Oskar) van" <oskar.vandeventer@...<mailto:oskar.vandeventer@...>>
To: "Boulton, Clive" <clive.boulton@...<mailto:clive.boulton@...>>
Cc: "hyperledger-requirements-wg@...<mailto:hyperledger-requirements-wg@...>"
<hyperledger-requirements-wg@...<mailto:hyperledger-requirements-wg@...>>
Date: 07/18/2017 05:35 AM
Subject: [Hyperledger-Requirements-WG] FW: Document "After-the-fact mandate changes" ready for external review
Sent by: hyperledger-requirements-wg-bounces@...<mailto:hyperledger-requirements-wg-bounces@...>
________________________________
Hi Clive, all,
The document ?After-the-fact mandate changes? was discussed in detail in the Hyperledger Identity working group. There were ten participants, including a person from Hyperledger Indy. There were some discussions about solution directions and potential implementation
issues. The general feedback was that the document was well written and clear. No further changes were made.
Let us now formally close the document, that is, PDF it, add it to the Wiki list, and formally share it with the Architecture and Identity working groups. OK?
Best regards,
Oskar
________________________________
From: hyperledger-requirements-wg-bounces@...<mailto:hyperledger-requirements-wg-bounces@...>
<hyperledger-requirements-wg-bounces@...<mailto:hyperledger-requirements-wg-bounces@...>>
on behalf of Deventer, M.O. (Oskar) van <oskar.vandeventer@...<mailto:oskar.vandeventer@...>>
Sent: Wednesday, July 5, 2017 12:57 AM
To: Boulton, Clive
Cc: hyperledger-requirements-wg@...<mailto:hyperledger-requirements-wg@...>
Subject: [Hyperledger-Requirements-WG] Document "After-the-fact mandate changes" ready for external review
Hi Clive, all,
I have just updated the document "After-the-fact mandate changes" (https://docs.google.com/document/d/1psJc9UWuteSzOqIG0VLIdzdlxFb9kq-Csw-dxcjPzEo),
incorporating the comments received at the 26-June RequirementsWG call. The full set of requirements now reads as follows.
Requirement 1: A user (?anchor?) shall be able to sign over its authorization over a smart contract to another user (?guardian?) after the fact.
1a: The original user (?anchor?) loses its authorization over the smart contract.
1b: The original user (?anchor?) maintains its authorization over the smart contract.
Requirement 2: A blockchain consortium shall be able to sign over the authorization over a smart contract from one user (?anchor?) to another user (?guardian?).
Requirement 3: It should be possible to re-assign the authorization over multiple or all a smart contracts for a user (?anchor?) to another user (?guardian?) in a single action.
Requirement 4: It should be possible to re-assign the authorization over a smart contract back to the original (?anchor?) user.
Requirement 5: The solution to requirements 1-4 shall not require the handing over of private keys.
Requirement 6: The solution to requirements 1-4 shall not require mutability of the blockchain.
Requirement 7: The introduction of a solution to requirements 1-4 should be backward compatible, such that they also apply to smart contracts that predate this introduction.
Requirement 8: The solution to requirements 1-4 may be programmable.
Following your suggestion, I shall share the document also with hyperledger-arch-wg@...<mailto:hyperledger-arch-wg@...>
and hyperledger-identity-wg@...<mailto:hyperledger-identity-wg@...>.
As always, reviews, comments and suggestions remain very welcome!
Best regards,
Oskar
From: Deventer, M.O. (Oskar) van
Sent: Wednesday, 05 July, 2017 09:43
To: Aaron Benningfield <aaron.b.benningfield@...<mailto:aaron.b.benningfield@...>>
Cc: clive boulton <clive.boulton@...<mailto:clive.boulton@...>>
Subject: RE: [Hyperledger-Requirements-WG] Minutes from Monday, June 26th
Hi Aaron,
* My comments did not make it in Oskar's Document for what ever reason
I checked the document history of https://docs.google.com/document/d/1psJc9UWuteSzOqIG0VLIdzdlxFb9kq-Csw-dxcjPzEo,
but I could not find any trace of your comments in earlier versions. Sorry about that.
* What about returns? As in merchandise you would have returned, maybe the person was going to take a flight, vacation etc. and now cannot go.
I am not sure how your comment relates to the subject of my document. My document is about ?after-the-fact mandate changes?. Here either the authorized user (?anchor?) himself or the blockchain consortium (as ordered by court) turns over the authorization
to another user (?guardian?).
Oskar
From: Aaron Benningfield [mailto:aaron.b.benningfield@...]
Sent: Wednesday, 05 July, 2017 02:18
To: clive boulton <clive.boulton@...<mailto:clive.boulton@...>>;
Deventer, M.O. (Oskar) van <oskar.vandeventer@...<mailto:oskar.vandeventer@...>>
Subject: Re: [Hyperledger-Requirements-WG] Minutes from Monday, June 26th
What about returns? As in merchandise you would have returned, maybe the person was going to take a flight, vacation etc. and now cannot go. My comments did not make it in Oskar's Document for what ever reason so I was going to add the aforementioned (returns)
as one to think about,
________________________________
From: clive boulton <clive.boulton@...<mailto:clive.boulton@...>>
Sent: Monday, July 3, 2017 3:41:25 PM
To: Aaron Benningfield
Cc: Deventer, M.O. (Oskar) van
Subject: Fwd: [Hyperledger-Requirements-WG] Minutes from Monday, June 26th
Hi Aaron,
Do you know any mandated cases?
What about a corporate bankruptcy: Assets and liabilities are often about the same. But who gets paid first is somehow always mandated.
Assuming so, how do we stop smart contracts auto paying out funds after a bankruptcy / untimely death from bank making automatic mortgage payments.
-Clive.
---------- Forwarded message ----------
From: clive boulton <clive.boulton@...<mailto:clive.boulton@...>>
Date: Mon, Jul 3, 2017 at 3:21 PM
Subject: [Hyperledger-Requirements-WG] Minutes from Monday, June 26th
To: Hyperledger Requirements <hyperledger-requirements-wg@...<mailto:hyperledger-requirements-wg@...>>
The minutes from [last] Monday's Requirements Working Group bi-weekly are here:
https://wiki.hyperledger.org/groups/requirements/requirements-wg/minutes#june_26th_2017
Domain experts please review the use case:
?After-the-fact mandate changes?<https://docs.google.com/document/d/1psJc9UWuteSzOqIG0VLIdzdlxFb9kq-Csw-dxcjPzEo/edit>
Our next meeting July 10 - 1pm EST / 10am PST
-Clive
This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. TNO accepts no liability for the content of this
e-mail, for the manner in which you use it and for damage of any kind resulting from the risks inherent to the electronic transmission of messages._______________________________________________
Hyperledger-Requirements-WG mailing list
Hyperledger-Requirements-WG@...<mailto:Hyperledger-Requirements-WG@...>
https://lists.hyperledger.org/mailman/listinfo/hyperledger-requirements-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.hyperledger.org/pipermail/hyperledger-requirements-wg/attachments/20170720/28626f4d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 105 bytes
Desc: image001.gif
URL: <http://lists.hyperledger.org/pipermail/hyperledger-requirements-wg/attachments/20170720/28626f4d/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.gif
Type: image/gif
Size: 2396 bytes
Desc: image002.gif
URL: <http://lists.hyperledger.org/pipermail/hyperledger-requirements-wg/attachments/20170720/28626f4d/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 166 bytes
Desc: image004.png
URL: <http://lists.hyperledger.org/pipermail/hyperledger-requirements-wg/attachments/20170720/28626f4d/attachment.png>
------------------------------
_______________________________________________
Hyperledger-Requirements-WG mailing list
Hyperledger-Requirements-WG@...
https://lists.hyperledger.org/mailman/listinfo/hyperledger-requirements-wg
End of Hyperledger-Requirements-WG Digest, Vol 12, Issue 9
**********************************************************
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
|
|
|
