decentralized-id.github.io/unsorted/topics/architecture.md

71 lines
11 KiB
Markdown
Raw Normal View History

2023-06-20 11:22:13 -04:00
# System Architecture
* [Good Welfare, Bad Platforms?: The Risks of Centralized Digital Identity Systems](https://points.datasociety.net/good-welfare-bad-platforms-d65b412d962e) 2022-02-02 OpenID
> As S. Shakthi and I noted in a recent [research paper](https://journals.openedition.org/samaj/6279), digital identity systems are widely seen as datafiers by virtue of their core property of reducing the person to machine-readable data. A datafier is a system that performs the crucial operation of converting the physical into digital. A different, contrasting view is also emerging in research: digital identity systems are increasingly seen as platforms, i.e. “technological building blocks” on which different types of complements can be constructed.
* [Identity management is key to increasing security, reducing fraud and developing a seamless customer experience](https://identitypraxis.com/2022/01/07/identity-management-is-key-to-increasing-security-reducing-fraud-and-developing-a-seamless-customer-experience/) 2022-01-07 Identity Praxis
> - Identity management is an iterative process with three core elements initial identification, authentication (re-identifying the individual) and verification (ensuring the individual is who they claim to be)
> - Enterprises employ a vast array of technologies to execute these processes which are growing in scope and complexity
> - Understanding why identity management is necessary to enterprises and how this creates opportunities for vendors
* [Leveraging the Identity Metasystem](https://www.windley.com/archives/2021/12/leveraging_the_identity_metasystem.shtml) 2021-12 Phil Windley
> the [metasystem guarantees the fidelity of the credential exchange](https://www.windley.com/archives/2021/06/ssi_interaction_patterns.shtml). Credential fidelity comprises four important attributes. Credential exchange on the identity metasystem:
>
> 1. Reveals the identifier of the issuer
> 2. Ensures the credential was issued to the party presenting it
> 3. Ensures the credential has not been tampered with
> 4. Reveals whether or not the credential has been revoked
* [Token-Based Identity](https://www.windley.com/archives/2021/10/token-based_identity.shtml) 2021-10 Windley
> Token-based identity systems move us from talking about who, to thinking about what, so that people can operationalize their digital lives. Token-based identity systems support complex online interactions that are flexible, ad hoc, and cross-domain.
* [Your User is Your API](https://www.evernym.com/blog/your-user-is-your-api/) 2021-05-17 Evernym
> The customer becomes the integration point. The customer is the API. Rather than having one huge, expensive, and probably illegal data hub, every customer becomes a data hub in their own right. They provide the data needed, just-in-time, under their control.
* [The Unbundling of Authentication vs Authorization - What You Need to Know](https://www.pingidentity.com/en/company/blog/posts/2021/authentication-vs-authorization.html) 2021-09-08 Ping Identity
> Authentication and authorization are both processes that fall under the category of [identity and access management (IAM)](https://www.pingidentity.com/en/company/blog/posts/2017/what-is-identity-and-access-management-iam.html), but they serve different purposes.
* [To Better Understand Digital Identity, Look to Physics](https://www.pingidentity.com/en/company/blog/posts/2021/digital-identity-physics.html) 2021-05-17 Ping
> In chaotic systems such as those that the discipline of physics seeks to describe, there is also the concept of the “self-organizing principle,” which dictates a tendency for chaotic systems to organize themselves. While this might be a tendency in physics, organization usually needs a nudge in the right direction in the identity world. Proper attention to requirements and a good change control process are a crucial part of the equation.
* [The SSO Practitioners Introduction to Decentralized Identity](https://www.pingidentity.com/en/resources/blog/post/sso-practitioners-introduction-decentralized-identity.html)
*Written for IAM professionals familiar with federations.*
> In most self-sovereign and decentralized identity systems the trust model is fundamentally unidirectional, where a verifier will trust the issuer, but the issuer may have no knowledge of the verifier.
* [The Architecture of Identity Systems](https://www.windley.com/archives/2020/09/the_architecture_of_identity_systems.shtml) 2020-09 Phil Windley
> We can broadly classify identity systems into one of three types based on their architectures and primary root of trust:
> - Administrative
> - Algorithmic
> - Autonomic
* [Authentic Digital Relationships](https://www.windley.com/archives/2020/08/authentic_digital_relationships.shtml) 2020-08 Phil Windley
> Self-sovereign identity (SSI) systems offers an alternative model that supports richer relationships. Rather than provisioning identifiers and accounts in an administrative system where the power imbalance assures that one party to the relationship can dictate the terms of the interaction, SSI is founded on peer relationships that are co-provisioned by the exchange of decentralized identifiers. This architecture implies that both parties will have tools that speak a common protocol.
* [Self-Sovereign vs Administrative Identity](http://blogs.harvard.edu/vrm/2012/03/25/ssi/) 2012-03-25 Doc Searls
> The problem Im trying to surface here is that we need full respect for self-sovereign identities, and identifiers, before we can solve the problem of highly fractured and incompatible administrative identifiers — a problem that has only become worse with the growth of the Web, where by design we are always the submissive and dependent party: calves to administrative cows.
* [Fluid Multi-Pseudonymity](https://www.windley.com/archives/2021/09/fluid_multi-pseudonymity.shtml) 2021-09-07 Windley
> Fluid multi-pseudonymity perfectly describes the way we live our lives and the reality that identity systems must realize if we are to live authentically in the digital sphere.
* [What Is Zero Trust?](https://www.pingidentity.com/en/company/blog/posts/2021/what-is-zero-trust.html) Ping
> 1. The network is always assumed to be hostile.
> 2. External and internal threats exist on the network at all times.
> 3. Network locality is not sufficient for deciding trust in a network.
> 4. Every device, user and network flow is authenticated and authorized.
> 5. Policies must be dynamic and calculated from as many sources of data as possible.
* [What's the difference between identification, authentication and authorization?](https://twitter.com/doerkadrian/status/1397566626405421060) 2021-05-26 Adrian Doerk
> - Identification: Who are you?
> - Authentication: Is it you again?
> - Authorization: What rights do I want to grant you?
2023-06-22 15:20:18 -04:00
* [Centralized\Federated vs Self Sovereign](https://twitter.com/dominiumssi/status/1564188374529081345) dominiumssi
* [Decentralized Identity Trilemma](https://maciek.blog/p/dit) 2018-08-13 Maciek Laskus
> 1. Self-sovereignty — anybody can create and control as many identities1 as they wish without 3rd party involvement.
> 2. Privacy-preserving — one can acquire and utilize an identifier without revealing their real name or other personality identifying information.
> 3. Sybil-resistant — identity is subject to scarcity; i.e., creating more identifiers cannot be used to manipulate a system2.
2023-06-20 11:22:13 -04:00
## Related
* [Understanding Digital Credentials](https://www.bcdiploma.com/en/blog/understanding-digital-credentials-21-05-12) BCdiploma
> We are freeing ourselves from the management of “data hash” which leads to a centralization or complexification of verification procedures. This makes our solution new compared to traditional blockchain applications on the market.
* [DIGITAL SOVEREIGNTY](https://twit.tv/shows/floss-weekly/episodes/628) 2021-05-05 Doc Searls, Aaron Newcomb FLOSS WEEKLY
> Dr. Andre Kudra of esatus.com discusses SSI, or Self-Sovereign Identity. It's a hot and fast-moving topic with a growing base of hackers, companies, nonprofits, and whole states, provinces and countries. Aaron Newcomb and Doc Searls probe Andre for lots of great intelligence about how SSI puts individuals in full charge of how they present minimized ID credentials safely, and inside a whole new framework. They also talk with Andre about his involvement with the demoscene and retro computing, which are especially huge in Europe. It's a great discussion on this episode of FLOSS Weekly.
* [An Introduction to Digital Trust](https://northernblock.io/verifiable-credentials/introduction-to-digital-trust/) 2021-09-06 Northern Block
> whats the purpose of SSI? Its about enabling Digital Trust (which is quickly becoming an integral part of digital transformation for organizations).
* [Badges and Credentials A new currency for the digital world?](https://www.speexx.com/speexx-resources/podcast/podcast-badges-credentials) 2021-11-12 Speexx Exchange
> Listen to this episode for an entertaining deep dive into the topic of badges and credentials, as Donald Taylor sits down with Dr. Doug Belshaw to discuss the importance, various fields of application
* [Passwordless Authentication Everything You Need to Know](https://imageware.io/passwordless-authentication/) 2021-11-12 Imageware
> When it comes to authentication, passwords were once the safest and most used methods of authentication
* [The Buzz Behind Zero Trust](https://stateofidentity.libsyn.com/zero-trust-architecture) 2021-10-21 State of Identity
> The Zero Trust model is the belief that no one should be trusted from inside or outside your network, until their identity has been verified. Zero trust refers to the alignment of maturing identity practices, an established understanding of user behaviors, and the application of least-privilege access security policy decisions to trust boundOaries
* [Compare and Contrast — Federated Identity vs Self-sovereign Identity](https://academy.affinidi.com/compare-and-contrast-federated-identity-vs-self-sovereign-identity-227a85cbab18) Affinidi
* [Levels of information architecture](https://reb00ted.org/tech/20220815-levels-of-information-architecture/) 2022-08-15 reb00ted
> So I propose this outermost framework to help us think about how to interact with shared information environments
2023-06-22 15:20:18 -04:00
* [Never mind who I am, ask me about my credentials](https://www.linkedin.com/pulse/never-mind-who-i-am-ask-me-my-credentials-john-phillips/) John Phillips
> Many (most) identity systems make a fundamental assumption that is built into their very architecture. This assumption creates three significant problems: privacy erosion; toxic data stores; and poor security.