Awesome-Mirrors
/
decentralized-id.github.io
mirror of https://github.com/Decentralized-ID/decentralized-id.github.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

keri on

This commit is contained in:
⧉ infominer 2023-06-03 05:10:36 +05:30
parent 95a97231e3
commit 356a32444a
2 changed files with 40 additions and 132 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
_data/standards.csv
View File

@ -631,24 +631,51 @@ OpenID Connect,IDCommons,,,David Waite,,,,,IIW,OpenID Connect: Session Managemen
OpenID Connect,Auth0,,,,,,,,,"Identity, Unlocked... SIOP with Kristina Yasuda","As a discovery mechanism to invoke a Self-Issued OP, the discussion on the podcast covered the usage of a custom schema 'openid://'. Alternative mechanisms to address the limitations of custom schemas are being actively explored in the WG.<br><br>The conversation meanders through deeper details, from how the current [SIOP specification draft](https://bitbucket.org/openid/connect/src/master/openid-connect-self-issued-v2-1_0.md) under the OpenID Foundation picks up the mission from a [former attempt under DIF](https://identity.foundation/did-siop/) to encoding approaches for verifiable presentations (embedding in JWTs, [LD proofs](https://w3c-ccg.github.io/ld-proofs/), how to represent attributes",,https://auth0.com/blog/identity-unlocked-explained-season-2-ep-5/,,episode,,,Development,,,,,,,,2021-03-22,,,,,,,,,,,,,
OpenID Connect,SpruceID,,https://blog.spruceid.com/sign-in-with-ethereum-decentralizing-an-identity-provider-server/,,,,,,,Spruce Developer Update #20,We've set up a [release pipeline](https://github.com/spruceid/ens-oidc/) and had our first witnessed deployment for the ENS Community-Maintained OIDC IdP,,https://blog.spruceid.com/spruce-developer-update-20/,,Post,,,Development,,,,,,,,2022-06-01,,,,,,,,,,,,,
OpenID Connect,IETF,,,Sam Goto,,,,,,Browser APIs to enable OpenID Session Management and Privacy,"How does logout in OIDC happen?<br>* Classification problem - browsers do not know it is a logout now<br>* Easiest way<br> * Browser asks for a user consent<br> * Hard from a permission implementation perspective<br> * Tim: No issues with this idea<br> * If user logged into several OPs, user will not look to all the ones they log out from<br>* Option2<br> * Browser classifies signing-in event<br> * On log out does not prompt the user and IdP has no incentives to lie<br> * RPs get to determine if they want to log the user out or not<br> * Whether you can swap generic frame with fenced frame, frame can see its own cookies<br> * May not be able to pass any parameters that you need to pass; no link decoration for framed frame<br> * Subdomains also considered, but not well thought out<br> * Logout URL - other option to add, but more work for RP: Resource metadata. Specification - not much adoption. It just feels like a place where RP metadata could be declared which could be useful in this context of the RP defining its metadata (e.g. what IDP it uses)",,https://iiw.idcommons.net/13L/_Browser_APIs_to_enable_OpenID_Session_Management_and_Privacy,,Session Notes,,,Development,,,,,,,,2021-05-06,,,,,,,,,,,,,
KERI,WebofTrust,,https://keri.one/keri-resources,,,,,,,KERI One - HomePage,,,https://keri.one,,,,,Main,,,,,,,https://identity.foundation/working-groups/keri.html,,https://github.com/WebOfTrust/keri,,,,,,,,,,,,
KERI,Blockchain Bird,,https://iiw.idcommons.net/3K/_KERI_Q%26A_basic_introduction,,,,,,IIW32,KERI Q&A basic introduction,"It has lots of relevant links in it to start your journey in KERI.<br><br>What is KERI?<br>* Key Event Receipt Infrastructure<br>* Intends to repair the Internet<br>* KERI = CT with decentralized CA<br>* NOT a coin, token…<br><br>Why KERI? (and not something else)<br>* Strong autonomous identifiers<br>* Abiding to privacy (laws and good habits)<br>* Portability, delegation, rotatable keys<br>* Direct & Indirect method<br>* <theres more>",,https://blockchainbird.org/downloads/KERI-QA-introduction.pdf,,Presentation,,,Main,,,,,,,,2021,,,,,,,,,,,,,
KERI,DIF,,,,,,,,,"KERI: For every DID, a microledger","The world of digital identifiers (DIDs) and verifiable credentials (VCs) is evolving quickly, giving much cause for optimism. Standards are starting to connect and move towards functional interoperability, governed by testable protocols. Most of this work is happening on the level of VCs. However, DIDs and their infrastructure are also starting to converge and mature as an extensible-yet-interoperable technology.",,https://medium.com/decentralized-identity/keri-for-every-did-a-microledger-f9457fa80d2d,https://miro.medium.com/v2/resize:fit:1000/0*ZdrUkaJCemaCIBAw,Post,,,Main,,,,,,,,2020-10-19,,,,,,,,,,,,,
KERI,personal,,,Samuel Smith,,,,,,Key Event Receipt Infrastructure: A Secure Identifier Overlay for the Internet,Secure attribution of any communication to its source<br>Authentic communication<br>Authentic interactions based an secure attribution of all statements by participants<br>Verifiable authenticity of data<br>Data Provenance<br>Authentic data economy,,https://github.com/SmithSamuelM/Papers/blob/master/presentations/KERI_Overview.web.pdf,,Presentation,2.60,,Main,,,,,,,,2021-03-23,,,,,,,,,,,,,
KERI,,,https://arxiv.org/abs/1907.02143,Samuel Smith,,,,,,KEY EVENT RECEIPT INFRASTRUCTURE (KERI) DESIGN,"An identity system based secure overlay for the Internet is presented. This includes a primary root-of-trust in self-certifying identifiers. It presents a formalism for Autonomic Identifiers (AIDs) and Autonomic Namespaces (ANs). They are part of an Autonomic Identity System (AIS). This system uses the design principle of minimally sufficient means to provide a candidate trust spanning layer for the internet. Associated with this system is a decentralized key management infrastructure (DKMI). The primary root-of-trust are self-certifying identifiers that are strongly bound at issuance to a cryptographic signing (public, private) key-pair. These are self-contained until/unless control needs to be transferred to a new key-pair. In that event an append only chained key-event log of signed transfer statements provides end verifiable control provenance. This makes intervening operational infrastructure replaceable because the event logs may be therefore be served up by ambient infrastructure. End verifiable logs on ambient infrastructure enables ambient verifiability (verifiable by anyone, anywhere, at anytime). The primary key management operation is key rotation (transference) via a novel key pre-rotation scheme. Two primary trust modalities motivated the design, these are a direct (one-to-one) mode and an indirect (one-to-any) mode. In the direct mode, the identity controller establishes control via verified signatures of the controlling key-pair. The indirect mode extends that trust basis with witnessed key event receipt logs (KERLs) for validating events. The security and accountability guarantees of indirect mode are provided by KERIs Agreement Algorithm for Control Establishment (KACE) among a set of witnesses.",,https://raw.githubusercontent.com/SmithSamuelM/Papers/master/whitepapers/KERI_WP_2.x.web.pdf,,,2.54,,Main,,,,,,,,2020-10-22,,,,,,,,,,,,,
KERI,,,,Samuel Smith,Manning,,,,,Decentralized key management,"● Why any form of digital key management is hard<br>● Standardsand best practices for conventional key management<br>● The starting point for key management architectures: roots-of-trust<br>● The special challenges of decentralizedkey management<br>● The new tools that verifiable credentials (VCs), decentralized identifiers (DIDs), and self-sovereign identity (SSI) bring to decentralized key management<br>● Key management for ledger-based DID methods<br>● Key management for peer-based DID methods<br>● Fully autonomous decentralized key management with Key Event Receipt Infrastructure (KERI)",,https://raw.githubusercontent.com/SmithSamuelM/Papers/master/whitepapers/10-ssi-key-management.pdf,,,,,Main,,,,,,,,2020-10-19,,,,,,,,,,,,,
KERI,,,,Samuel Smith,,,,,,UNIVERSAL IDENTIFIER THEORY,Abstract—A universal theory for identifiers is presented. This theory is based on a unified model of identifiers that include cryptographic autonomic identifiers (AIDs) and legitimized (authorized) human meaningful identifiers (LIDs). This model provides truly decentralized trust bases each derived from the cryptographic root-of-trust of a given AID. An AID is based on a self-certifying identifier (SCID) prefix. Self certifying identifiers are not human meaningful but have strong cryptographic properties. The associated self-certifying trust basis gives rise to a trust do- main for associated cryptographically verifiable non-repudiable statements. Every other type of identifier including human meaningful identifiers may then be secured in this resultant trust do- main via an end-verifiable authorization. This authorization legitimizes that human meaningful identifier as an LID though its association with an AID. The result is a secured trust domain specific identifier couplet of aid\|lid. AIDs are provided by the open standard key event receipt infrastructure (KERI). This unified model provides a systematic methodology for the design and implementation of secure decentralized identifier systems that underpin decentralized trust bases and their associated ecosystems of interactions.,,https://raw.githubusercontent.com/SmithSamuelM/Papers/master/whitepapers/IdentifierTheory_web.pdf,,,,,Main,,,,,,,,2020-10-23,,,,,,,,,,,,,
KERI,DIF,,,,,,,,,KERI Whitepaper,,,https://raw.githubusercontent.com/decentralized-identity/keri/master/kids/KERI_WP.pdf,,,,,Main,,,,,,,,2021-01-11,,,,,,,,,,,,,
KERI,DIF,,,,,,,,,"KERI: For every DID, a microledger","The world of digital identifiers (DIDs) and verifiable credentials (VCs) is evolving quickly, giving much cause for optimism. Standards are starting to connect and move towards functional interoperability, governed by testable protocols. Most of this work is happening on the level of VCs. However, DIDs and their infrastructure are also starting to converge and mature as an extensible-yet-interoperable technology.",,https://medium.com/decentralized-identity/keri-for-every-did-a-microledger-f9457fa80d2d,,Post,,,About,,,,,,,,2020-10-19,,,,,,,,,,,,,
KERI,personal,,https://iiw.idcommons.net/23K/_KERI_Composable_Event_Streaming_Representation,Samuel Smith,,,,,,KERI Composable Event Streaming Representation,"The Three KERI Security Sessions presented at IIW32 have the same set of Slides, it takes 3 hours to get through them.<br><br>This session is slides #190 through #208",,https://github.com/SmithSamuelM/Papers/blob/master/presentations/KERI_Overview.web.pdf,,Presentation,,,About,,,,,,,,2021-03-04,,,,,,,,,,,,,
KERI,Harvard,,,Doc Searls,,,,,,On KERI: a way not to reveal more personal info than you need to,"Here in civilization we typically reveal information about ourselves to others on a need-to-know basis: “Im over 18.” “Im a citizen of Canada.” “Heres my Costco card.” “Hi, Im Jane.” We may or may not present credentials in these encounters. And in most we dont say our names. “Michael” being a common name, a guy called “Mike” may tell a barista his name is “Clive” if the guy in front of him just said his name is “Mike.” (My given name is David, a name so common that another David re-branded me Doc. Later I learned that his middle name was David and his first name was Paul. True story.)",,https://blogs.harvard.edu/doc/2020/10/22/keri/,http://blogs.harvard.edu/doc/files/2020/10/name-tag-plastic-card-holder-office-unfilled-paper-design-blank-transparent.jpg,Post,,,About,,,,,,,,2020-10-22,,,,,,,,,,,,,
KERI,Jolocom,,,,Jolocom,,,,,How KERI tackles the problem of trust,"In contrast to blockchain or central registry-based trust systems, KERI is based on a hash-chain data structure called a key event receipt log (KERL). Conceptually, its similar in some ways to the Peer DID Method specification, except that its data model is a KERL rather than a DID document. And while KERI can be used as a DID method, it is fundamentally not reliant on any of the DID specifications and can be used in many other contexts as well. In particular, it is also useful for Internet of Things (IoT) networks and other security-conscious, low-resource use cases.",,https://jolocom.io/blog/how-keri-tackles-the-problem-of-trust/,https://jolocom.io/wp-content/uploads/2020/10/Jolocom-Logbook-KERI-article-main-cover-dark-03-scaled.jpg,Post,,,About,,,,,,,,2020-10-15,,,,,,,,,,,,,
KERI,Definitely Identity,,,,Samuel Smith,,,,,"Tim talks with Sam Smith, creator of KERI","In this episode, we explore the Key Event Receipt Infrastructure (KERI)and how it relates to decentralized identity. We also touch topics in the white paper: trust domains, self-certifying identifiers, architectural implications, and more.",,https://podcasts.apple.com/ca/podcast/definitely-identity-episode-14-with-sam-smith/id1496565155?i=1000494102345,https://is5-ssl.mzstatic.com/image/thumb/Podcasts122/v4/8f/50/9f/8f509f2a-cb8b-e58c-5129-d2fc510549f3/mza_11958365818986440756.jpg/1200x630wp.png,episode,,,About,,,,,,,,2020-10-08,,,,,,,,,,,,,
KERI,Human Colossus Foundation,,,,,,,,,Thinking of DID? KERI On,"The current generation of DIDs has introduced an innovative approach to digital identifiers, which has triggered the SSI movement. However, the inclusion of the method space in the DID syntax has led to fragmentation and weak security properties of the identifier type. These known method-space issues give the community impetus to redress them. In light of these innovative developments, now is the time to embrace KERI as an improved interoperable and secure solution for digital identity.","In this blog post, we address DIDs security from the viewpoint of KERI (Key Event Receipt Infrastructure), a novel, simple, and improved DKMS (Decentralized Key Management System) solution for digital identifiers. KERI provides a unifying solution to DID document authentication and resolution that will prove invaluable to use cases where security and interoperability are essential (e.g., for global supply chains and humanitarian applications).",https://humancolossus.foundation/blog/thinking-of-did-keri-on,http://static1.squarespace.com/static/5ead4c8660689c348c80958e/5eaecb2534916624d94cccf4/6002ce8112a04d6cc486ab94/1611774292795/?format=1500w,Post,,,About,,,,,,,,2021-01-27,,,,,,,,,,,,,
KERI,Gleif,,https://www.gleif.org/lei-solutions/gleifs-digital-strategy-for-the-lei/2022-06-28_lei-digital-strategy-current_version-focus-vlei_v0.17_work.pdf,,,,,,,LEI Digital Strategy,"The Global LEI System (GLEIS) has a unique opportunity to solve the problem of trust for legal entities on a global scale. It can enable digital transformation in a way that is interoperable, independent and autonomous. As a regulatory endorsed system overseen by the Regulatory Oversight Committee (ROC), the GLEIS is the only system that establishes a recognized, monitored and standardized global identity for legal entities that, whenever possible, is linked to the national ID system in that jurisdiction. The system is underpinned by open data, meaning any person or company can access the LEI and its associated reference data. The GLEIS also bridges traditional and online processes by serving as a tool to identify the counterparty in any transaction and can aggregate data on legal entities held in repositories.<br><br>GLEIFs digital strategy for the LEI centers on two methods for cryptographically binding the LEI to its organization digital certificates and Verifiable Credentials.","From banking to production and supply chain management, industries worldwide are adjusting to the digitization of processes and transactions. ",https://www.gleif.org/en/lei-solutions/gleifs-digital-strategy-for-the-lei,https://www.gleif.org/media/pages/lei-solutions/gleifs-digital-strategy-for-the-lei/bfa1d78378-1685436973/digital-certificates-as-well-as-self-sovereign-identity-networks-1200x630-q85.png,Post,,,Organization,,,,,,,,2022-06-08,,,,,,,,,,,,,
KERI,Harvard,,,Doc Searls,,,,,,On KERI: a way not to reveal more personal info than you need to,"Here in civilization we typically reveal information about ourselves to others on a need-to-know basis: “Im over 18.” “Im a citizen of Canada.” “Heres my Costco card.” “Hi, Im Jane.” We may or may not present credentials in these encounters. And in most we dont say our names. “Michael” being a common name, a guy called “Mike” may tell a barista his name is “Clive” if the guy in front of him just said his name is “Mike.” (My given name is David, a name so common that another David re-branded me Doc. Later I learned that his middle name was David and his first name was Paul. True story.)",,https://blogs.harvard.edu/doc/2020/10/22/keri/,,Post,,,About,,,,,,,,2020-10-22,,,,,,,,,,,,,
KERI,Jolocom,,,,Jolocom,,,,,How KERI tackles the problem of trust,"In contrast to blockchain or central registry-based trust systems, KERI is based on a hash-chain data structure called a key event receipt log (KERL). Conceptually, its similar in some ways to the Peer DID Method specification, except that its data model is a KERL rather than a DID document. And while KERI can be used as a DID method, it is fundamentally not reliant on any of the DID specifications and can be used in many other contexts as well. In particular, it is also useful for Internet of Things (IoT) networks and other security-conscious, low-resource use cases.",,https://jolocom.io/blog/how-keri-tackles-the-problem-of-trust/,,Post,,,About,,,,,,,,2020-10-15,,,,,,,,,,,,,
KERI,Definitely Identity,,,,Samuel Smith,,,,,"Tim talks with Sam Smith, creator of KERI","In this episode, we explore the Key Event Receipt Infrastructure (KERI)and how it relates to decentralized identity. We also touch topics in the white paper: trust domains, self-certifying identifiers, architectural implications, and more.",,https://podcasts.apple.com/ca/podcast/definitely-identity-episode-14-with-sam-smith/id1496565155?i=1000494102345,,episode,,,About,,,,,,,,2020-10-08,,,,,,,,,,,,,
KERI,Human Colossus Foundation,,,,,,,,,Thinking of DID? KERI On,"The current generation of DIDs has introduced an innovative approach to digital identifiers, which has triggered the SSI movement. However, the inclusion of the method space in the DID syntax has led to fragmentation and weak security properties of the identifier type. These known method-space issues give the community impetus to redress them. In light of these innovative developments, now is the time to embrace KERI as an improved interoperable and secure solution for digital identity.","In this blog post, we address DIDs security from the viewpoint of KERI (Key Event Receipt Infrastructure), a novel, simple, and improved DKMS (Decentralized Key Management System) solution for digital identifiers. KERI provides a unifying solution to DID document authentication and resolution that will prove invaluable to use cases where security and interoperability are essential (e.g., for global supply chains and humanitarian applications).",https://humancolossus.foundation/blog/thinking-of-did-keri-on,,Post,,,About,,,,,,,,2021-01-27,,,,,,,,,,,,,
KERI,Gleif,,https://www.gleif.org/lei-solutions/gleifs-digital-strategy-for-the-lei/2022-06-28_lei-digital-strategy-current_version-focus-vlei_v0.17_work.pdf,,,,,,,LEI Digital Strategy,"The Global LEI System (GLEIS) has a unique opportunity to solve the problem of trust for legal entities on a global scale. It can enable digital transformation in a way that is interoperable, independent and autonomous. As a regulatory endorsed system overseen by the Regulatory Oversight Committee (ROC), the GLEIS is the only system that establishes a recognized, monitored and standardized global identity for legal entities that, whenever possible, is linked to the national ID system in that jurisdiction. The system is underpinned by open data, meaning any person or company can access the LEI and its associated reference data. The GLEIS also bridges traditional and online processes by serving as a tool to identify the counterparty in any transaction and can aggregate data on legal entities held in repositories.<br><br>GLEIFs digital strategy for the LEI centers on two methods for cryptographically binding the LEI to its organization digital certificates and Verifiable Credentials.","From banking to production and supply chain management, industries worldwide are adjusting to the digitization of processes and transactions. ",https://www.gleif.org/en/lei-solutions/gleifs-digital-strategy-for-the-lei,,Post,,,Organization,,,,,,,,2022-06-08,,,,,,,,,,,,,
KERI,IDCommons,,,,,,,,IIW,GLEIF vLEI with KERI,"The Global Legal Entity Identifier Foundation (GLEIF) proposes that the Legal Enitity Identifier (LEI) can be used to establish a chain of trust for organizational identity.<br><br>In this session, GLEIF shares plans and progress regarding its development program to create an ecosystem and credential governance framework, together with a technical supporting infrastructure, for a verifiable LEI (vLEI), a digitally verifiable credential containing the LEI.",,https://iiw.idcommons.net/20K/_GLEIF_vLEI_with_KERI,,Session Notes,,,Organization,,,,,,,,2021-05-07,,,,,,,,,,,,,
KERI,TOIP,,,,,,,,,ACDC (Authentic Chained Data Container) Task Force,The purpose of the Authentic Chained Data Container (ACDC) Task Force is to help draft and incubate a family of IETF-focused specifications that defines the standard requirements for the semantics of Authentic Chained Data Containers. The semantics of ACDCs include both source provenance and authorization provenance or delegation. The hypothesis is that the W3C Verifiable Credential standard may be expanded to serve as an Authentic Data Container (ADC) with authentic provenance chains (APC) as a super semantic. This may be further expanded to support both a source provenance sub-semantic and a delegated authorization sub-semantic. These are all encapsulated into the semantics with supporting syntax of an ACDC.,,https://wiki.trustoverip.org/display/HOME/ACDC+%28Authentic+Chained+Data+Container%29+Task+Force,,page,,,Organization,,,,,,,,2021-01-19,,,,,,,,,,,,,
KERI,,Trusted Computing Group,,,,,,,,Trusted Computing Group,"The Trusted Computing Group (TCG) is a not-for-profit organization formed to develop, define and promote open, vendor-neutral, global industry specifications and standards, supportive of a hardware-based root of trust, for interoperable trusted computing platforms.TCGs core technologies include specifications and standards for the Trusted Platform Module (TPM), Trusted Network Communications (TNC) and network security and self-encrypting drives. TCG also has work groups to extend core concepts of trust into cloud security, virtualization and other platforms and computing services from the enterprise to the Internet of Things.",,https://trustedcomputinggroup.org/,https://trustedcomputinggroup.org/wp-content/plugins/revslider/public/assets/assets/dummy.png,site,,,Organization,,,,,,,,,,,,,,,,,,,,,
KERI,Micro Controller Tips,,,Maria Guerra,,,,,,What is DICE architecture?,"DICE stands for Device Identifier Composition Engine, and it is a security standard created by the Trusted Computing Group (TCG) which has been addressing security issues for years. TCG announced the establishment of DICE Architecture, or DICE Architecture Work Group to address the need for increased security in the Internet of Things (IoT) therefore targeting products such as MCUs and systems on a chip (SoCs).",,https://www.microcontrollertips.com/what-is-dice-architecture-faq/,https://www.microcontrollertips.com/wp-content/uploads/2018/06/DICE-featured.jpg,faq,,,Organization,,,,,,,,2018-07-27,,,,,,,,,,,,,
KERI,IDCommons,,,Samuel Smith,,,,,IIW,Security Considerations of KERI. Why and how KERI provides secure portability,"Harm that can be done to the a controller: Unavailability, loss of control authority, externally forced duplicity<br><br>Harm that can be done to a validator: Inadvertent acceptance of verifiable - but forged or duplicitous events<br><br>Breaking the promise of global consistency by a controller is a provable liability. However, global consistency may only matter after members of that community need to interact, not before.",,https://iiw.idcommons.net/2K/_Security_Considerations_of_KERI._Why_and_how_KERI_provides_secure_portability,,Session Notes,,,Development,,,,,,,,2021-05-06,,,,,,,,,,,,,
KERI,DIF,,,,,,,,,Q&A about KERIs Security model and Guarantees - Part II Security,"### *Q: What are the security risks of KERI with regard to the identity protocol?<br><br>Harm that can be done to the a controller: Unavailability, loss of control authority, externally forced duplicity<br><br>Harm that can be done to a validator: Inadvertent acceptance of verifiable - but forged or duplicitous events<br><br>Breaking the promise of global consistemcy by a controller is a provable liability. However, global consistency may only matter after members of that community need to interact, not before.<br><br>### Q: How secure is the KERI infrastructure?<br><br>KERI changes the discussion about security. From a discussion about the security of infrastructure to a discussion about the security of your key management infrastructure. Most people when they think security, the think “oh, blockchain!”: permissioned or permissionless, how hard is it to get 51% attack, etc.Non of that matters for KERI. KERI is all about “are your private keys private?!” And if yes, that drastically slims down the security discussion to brute force attacks to public keys. And because the next public keys are in fact protected by a hash, you have to brute force the hash algorithm, that is post-quantum secure. So that is a very high level of infrastructural security.<br><br>So private key management and protection is the root of your security in KERI.<br><br>### *Q: You are arguing KERI affords greater security than a decentralized linear event system like Bitcoin?<br><br>…you would be fundamentally arguing that you can record a singular, immutable linear event history more securely than Bitcoin, and I see nothing in KERI that would indicate that.<br><br>Read the answer to [this](https://identity.foundation/keri/docs/Q-and-A-Security.html#keri-is-basically-a-series-of-pay2publickeyhash-transactions) first.<br><br>If you read Szabos paper on threshold structures, you get security of the same type when ever you use a threshold structure, be it MFA, Multi-Sig, or Distributed consensus. They all are using a combination of multiple relatively weak attack surfaces that must be simulatenously compromised for a successful attack. So multiplying simulatneous weak surfaces = functional equivalent of a stronger attack surface. So when you look at KERI you see that the security is primarily due to cryptographic strength and the witnesses are not the primary source of security but merely secure one thing, that is the availability of the KEL for an identifier. Not the KEL itself. The KEL iteself is secured by signatures.<br><br>From a Validator perspective their security is due to duplicity detection. Successful attack against duplicity detection requires an eclipse attack. Ledgers such as bitcoin are also susceptible to eclipse attacks. So in an apples to apples (resistance to eclipse attack) a KERI watcher network of comparable reach (1000s of watchers) would have comparable resistance to an eclipse attack.<br><br>### Q: Differences between blockchain-based security and KERI security<br><br>* Where KERI doesnt need total ordering in its logs, blockchain do need that. What KERI needs is watchers that construct string of event in the relative order of reception of the KEL {TBW please explain or improve this: what is this, why is it important?}<br><br>* Another characteristic is that KERI identifiers are transferable and blockchain-based identifiers are not, they are bound to their ledger.",Key Event Receipt Infrastructure - the spec and implementation of the KERI protocol,https://identity.foundation/keri/docs/Q-and-A-Security.html#qa-section-keri-security-considerations,https://identity.foundation/keri/images/Direct-mode-kel-kerl.png,page,,,Development,,,,,,,,2021-04-06,,,,,,,,,,,,,
KERI,DIF,,,,,,,,,Q&A about KERIs Security model and Guarantees - Part II Security,"*Q: What are the security risks of KERI with regard to the identity protocol?<br><br>Harm that can be done to the a controller: Unavailability, loss of control authority, externally forced duplicity<br><br>Harm that can be done to a validator: Inadvertent acceptance of verifiable - but forged or duplicitous events<br><br>Breaking the promise of global consistemcy by a controller is a provable liability. However, global consistency may only matter after members of that community need to interact, not before.<br><br>### Q: How secure is the KERI infrastructure?<br><br>KERI changes the discussion about security. From a discussion about the security of infrastructure to a discussion about the security of your key management infrastructure. Most people when they think security, the think “oh, blockchain!”: permissioned or permissionless, how hard is it to get 51% attack, etc.Non of that matters for KERI. KERI is all about “are your private keys private?!” And if yes, that drastically slims down the security discussion to brute force attacks to public keys. And because the next public keys are in fact protected by a hash, you have to brute force the hash algorithm, that is post-quantum secure. So that is a very high level of infrastructural security.<br><br>So private key management and protection is the root of your security in KERI.<br><br>### *Q: You are arguing KERI affords greater security than a decentralized linear event system like Bitcoin?<br><br>…you would be fundamentally arguing that you can record a singular, immutable linear event history more securely than Bitcoin, and I see nothing in KERI that would indicate that.<br><br>Read the answer to [this](https://identity.foundation/keri/docs/Q-and-A-Security.html#keri-is-basically-a-series-of-pay2publickeyhash-transactions) first.<br><br>If you read Szabos paper on threshold structures, you get security of the same type when ever you use a threshold structure, be it MFA, Multi-Sig, or Distributed consensus. They all are using a combination of multiple relatively weak attack surfaces that must be simulatenously compromised for a successful attack. So multiplying simulatneous weak surfaces = functional equivalent of a stronger attack surface. So when you look at KERI you see that the security is primarily due to cryptographic strength and the witnesses are not the primary source of security but merely secure one thing, that is the availability of the KEL for an identifier. Not the KEL itself. The KEL iteself is secured by signatures.<br><br>From a Validator perspective their security is due to duplicity detection. Successful attack against duplicity detection requires an eclipse attack. Ledgers such as bitcoin are also susceptible to eclipse attacks. So in an apples to apples (resistance to eclipse attack) a KERI watcher network of comparable reach (1000s of watchers) would have comparable resistance to an eclipse attack.<br><br>### Q: Differences between blockchain-based security and KERI security<br><br>* Where KERI doesnt need total ordering in its logs, blockchain do need that. What KERI needs is watchers that construct string of event in the relative order of reception of the KEL {TBW please explain or improve this: what is this, why is it important?}<br><br>* Another characteristic is that KERI identifiers are transferable and blockchain-based identifiers are not, they are bound to their ledger.",Key Event Receipt Infrastructure - the spec and implementation of the KERI protocol,https://identity.foundation/keri/docs/Q-and-A-Security.html#qa-section-keri-security-considerations,https://identity.foundation/keri/images/Direct-mode-kel-kerl.png,page,,,Development,,,,,,,,2021-04-06,,,,,,,,,,,,,
KERI,,,,Samuel Smith,,,,,,W3C DID Security Concerns,**Certificate Transparency Solution**<br>- Public end-verifiable append-only event log with consistency and inclusion proofs <br>- End-verifiable duplicity detection = ambient verifiability of duplicity <br>- Event log is third party infrastructure but it is not trusted because logs are verifiable. <br>- Sparse Merkle trees for revocation of certificates<br>- (related EFF SSL Observatory),,https://github.com/SmithSamuelM/Papers/blob/master/presentations/W3C_DID_Security_Concerns.pdf,,,,,Development,,,,,,,,2020-01-14,,,,,,,,,,,,,
KERI,DIF,,https://hackmd.io/orhyiJkLT721v4PCPkvQiA?both,,,,,,,Implementation Notes for KERI,"The interpretation of the data associated with the digest or hash tree root in the seal is independent of KERI. This allows KERI to be agnostic about anchored data semantics. Another way of saying this is that seals are data agnostic; they dont care about the semantics of its associated data. This better preserves privacy because the seal itself does not leak any information about the purpose or specific content of the associated data. Furthermore, because digests are a type of content address, they are self-discoverable. This means there is no need to provide any sort of context or content specific tag or label for the digests. Applications that use KERI may provide discovery of a digest via a hash table (mapping) whose indexes (hash keys) are the digests and the values in the table are the location of the digest in a specific event. To restate, the semantics of the digested data are not needed for discovery of the digest within a key event sequence.",,https://github.com/decentralized-identity/keri/blob/master/implementation.md,,,,,Development,,,,,,,,2020-05-16,,,,,,,,,,,,,
KERI,IDCommons,,,"Samuel Smith, Dave Huseby",,,,,IIW,KERI and ADS Key State Provenance Logs Kumbaya (KEL and ADPL),"This was a meeting of the minds between myself and Sam Smith and Adrian Gropper that was hugely successful. We all decided to use the term ""endorser"" for what we all called ""registrar""/""witness""/""notary"". We also realized that the KERI proposal for encoding is good enough for authentic data provenance logs and we will be using the KERI encoding. Sam has modified the spec for KERI key event logs to include scripting capabilities needed in the authentic data economy for doing things like cross-chain atomic swaps for selling non-fungible authentic data (NFADs).<br><br>The result is that there is grand convergence on the encoding and file format for key event provenance logs that will be supported by both KERI networks and the broader authentic data economy.",,https://iiw.idcommons.net/24H/_KERI_and_ADS_Key_State_Provenance_Logs_Kumbaya_(KEL_and_ADPL),,Session Notes,,,Development,,,,,,,,2021-05-06,,,,,,,,,,,,,
KERI,IDCommons,,,Robert Mitwicki,,,,,IIW,Supply chain ACDC and KERI + DEMO,"Authentic Chain Data Containers (ACDC) - is a technology which allows to secure and chain data in a generic way. It aims to improve the way we do VC and how we think about authentic data.<br><br>After explanation of ACDC, a demo was performed where it was shown how KERI can enable authentic data flow within the supply chain without the need of having any blockchain nor one single network.",,https://iiw.idcommons.net/14K/_Supply_chain_%E2%80%93_ACDC_and_KERI_+_DEMO,,Session Notes,,,Supply Chain,,,,,,,,2021-05-07,,,,,,,,,,,,,
KERI,personal,,,Robert Mitwicki,,,,,,KERI: Facilitating secure data flows in an auditable supply chain,"Supply Chain and why you need Blockchain <br>- Time-stamping, tracking, and automating transactions, so that events can be audited in real time <br>- Minimizing the involvement of intermediaries such as bankers, insurers, and brokers <br>- Setting up a wide range of self-executing contracts to automate repetitive processes such as billing and shipping <br>- Establishing proof of quality, provenance, payment, and performance to minimize counterfeiting and fraud <br>- Making it easier, faster, and cheaper to onboard new vendors and partners by assigning digital IDs<br>Supply Chain and why you DONT want Blockchain <br>- Lack of Interoperability - my ledger vs someone else ledger, how to bridge it and navigate<br>- Problem with Governance Framework - who decided who can join? <br>- Scaling<br>- Privacy",,https://docs.google.com/presentation/d/1tF_OFGAKUz9RKCLTdwDYDu7hJuEbFz-LQ6PAih7HBK8/edit#slide=id.p,https://lh3.googleusercontent.com/docs/ADP-6oEaO2ZhlD4Wi8L0mBMsWKJQgYiou-x-F99nfasMNWe0LHTl4QPnlWz4Y-NRbABf1XhTmrgGg_1mbGg_K7W7lcN5-BQWJi0Y2GwDYU_bfsIC=w1200-h630-p,Presentation,,,Supply Chain,,,,,,,,2020-10-10,,,,,,,,,,,,,
KERI,SSI-Meetup,,https://www.youtube.com/watch?v=izNZ20XSXR0,,,,,,,Key Event Receipt Infrastructure (KERI): A secure identifier overlay for the internet Sam Smith Webinar 58,,,https://ssimeetup.org/key-event-receipt-infrastructure-keri-secure-identifier-overlay-internet-sam-smith-webinar-58/,,,,,Presentations,,,,,,,,2020-05-19,,,,,,,,,,,,,
KERI,,,,Samuel Smith,,,,,,KERI Overview,"**Separation of Control** Shared (permissioned) ledger = shared control over shared data.<br>* Shared data = good, shared control = bad.<br>* Shared control between controller and validator may be problematic for governance, scalability, and performance.KERI = separated control over shared data.<br>* Separated control between controller and validator may provide better decentralization, more flexibility, better scalability, lower cost, higher performance, and more privacy at comparable security.",,https://raw.githubusercontent.com/SmithSamuelM/Papers/master/presentations/KERI2_Overview.web.pdf,,,2.54,,Presentations,,,,,,,,2020-10-22,,,,,,,,,,,,,
KERI,,,,Samuel Smith,,,,,,The Duplicity Game: or why you can trust KERI,"**Inconsistency vs. Duplicity**<br>- inconsistency: lacking agreement, as two or more things in relation to each other<br>- duplicity: acting in two different ways to different people concerning the same matter<br>**Internal vs. External Inconsistency** <br>- Internally inconsistent log = not verifiable.<br>- Log verification from self-certifying root-of-trust protects against internal inconsistency.<br>Externally inconsistent log with a purported copy of log but both verifiable = duplicitous.<br>Duplicity detection protects against external inconsistency.",,https://raw.githubusercontent.com/SmithSamuelM/Papers/master/presentations/DuplicityGame_IIW_2020_A.pdf,,,,,Presentations,,,,,,,,2020-05-09,,,,,,,,,,,,,
KERI,,,,Samuel Smith,,,,,,Key Event Receipt Infrastructure (KERI) Model for a Universal DKMI,"**KERI Nomenclature**<br>* **self-certifying identifier**: includes public key<br>* **digital signature**: unique non-repudiable (cypher suite known)<br>* **digest**: collision resistant hash of content<br>* **signed digest**: commitment to content<br>* **controller**: controlling entity of identifier<br>* **message**: serialized data structure event: actionable message<br>* **key event**: key management operation<br>* **inception event**: unique self-signed event that creates identifier and controlling key(s)<br>* **rotation event**: self-signed uniquely ordered event from a sequence that changes the set of controlling keys<br>* **verifier**: cryptographically verifies signature(s) on an event message.<br>* **witness**: entity that may receive, verify, and store key events for an identifier. Each witness controls its own identifier used to sign key event messages, controller is a special case of witness.<br>* **receipt**: event message or reference with one or more witness signatures<br>* **key event log**: ordered record of all self-signed key event messages key event<br>* **receipt log**: ordered record of all key event receipts for a given set of witnesses<br>* **validator**: determines current authoritative key set for identifier from at least one key event (receipt) log. <br>* **judge**: determines current authoritative key set for identifier from the key event receipt logs from a set of witnesses.<br>* **pre-rotation**: commitment to next rotated key set in previous rotation or inception event",,https://raw.githubusercontent.com/SmithSamuelM/Papers/master/presentations/KERI_Overview.pdf,,,,,Presentations,,,,,,,,2019-12,,,,,,,,,,,,,
KERI,,,,Samuel Smith,,,,,,KERI for Muggles IIW #31 Day 1 - Session #220 October 2020,KERI is a new approach to decentralized identifiers and decentralized key management that promises significant benefits for SSI (self-sovereign identity) and ToIP (Trust over IP) infrastructure,,https://raw.githubusercontent.com/SmithSamuelM/Papers/master/presentations/KERI_for_Muggles.pdf,,,,,Presentations,,,,,,,,2020-10-21,,,,,,,,,,,,,
KERI,,,,Samuel Smith,,,,,,Verifiable Trust Bases,"* KERI enables cryptographic proof-of-control-authority (provenance) for each identifier.<br>* A proof is in the form of an identifiers key event receipt log (KERL).<br>* KERLs are *End Verifiable*:<br> * End user alone may verify. Zero trust in intervening infrastructure.<br>* KERLs may be *Ambient Verifiable*:<br> * Anyone may verify anylog, anywhere, at anytime.<br>* KERI = self-cert root-of-trust + certificate transparency + KA2CE + recoverable + post-quantum.",,https://raw.githubusercontent.com/SmithSamuelM/Papers/master/presentations/KERIVerifiableTrustBases.web.pdf,,,2.53,,Presentations,,,,,,,,2020-10-20,,,,,,,,,,,,,
KERI,Springer,,,"Girault, M.",,,,,EUROCRYPT 1991,Self-certifiepublic keys,,,https://link.springer.com/content/pdf/11007%2F3-540-46416-6_42.pdf,,,,,Literature; Self-Certifying Identifiers,,,,,,,,1991,,,,,,,,,,,,,
KERI,MIT,,,"Kaminsky M., Banks E.",,,,,,SFS-HTTP: Securing the Web with Self-Certifying URLs,,,https://pdos.csail.mit.edu/~kaminsky/sfs-http.ps,,,,,Literature; Self-Certifying Identifiers,,,,,,,,1999,,,,,,,,,,,,,
KERI,Sigops,,,"Mazieres D., Kaashoek M. F.",MIT,,,,,Escaping the Evils of Centralized Control with self-certifying pathnames,,,http://www.sigops.org/ew-history/1998/papers/mazieres.ps,,,,,Literature; Self-Certifying Identifiers,,,,,,,,2000,,,,,,,,,,,,,
KERI,CSAIL,,,Mazieres D.,,,,,,Self-certifying File System,,,https://pdos.csail.mit.edu/~ericp/doc/sfs-thesis.ps,,,,,Literature; Self-Certifying Identifiers,,,,,,,,2000-06-01,,,,,,,,,,,,,
KERI,Trusted Computing Group,,,,,,,,,Implicit Identity Based Device Attestation,,,https://trustedcomputinggroup.org/wp-content/uploads/TCG-DICE-Arch-Implicit-Identity-Based-Device-Attestation-v1-rev93.pdf,,,,,Literature; Self-Certifying Identifiers,,,,,,,,2018-03-05,,,,,,,,,,,,,
KERI,,,,Samuel Smith,,,,,,Open Reputation Framework,,,https://github.com/SmithSamuelM/Paperblob/master/whitepapers/open-reputation-low-level-whitepaper.pdf,,,,,Literature; Autonomic Identifiers,,,,,,,,2015-05-13,,,,,,,,,,,,,
KERI,,,,"Samuel Smith, Khovratovich D.",,,,,,Identity System Essentials,,,https://github.com/SmithSamuelM/Papers/blob/master/whitepapers/Identity-System-Essentials.pdf,,,,,Literature; Autonomic Identifiers,,,,,,,,2016-03-29,,,,,,,,,,,,,
KERI,,,,Samuel Smith,,,,,,Decentralized Autonomic Data (DAD) and the three Rs of Key Management,"Rebooting the Web of Trust RWOT 6, Spring 2018",,https://github.com/SmithSamuelM/Papers/blob/master/whitepapers/DecentralizedAutonomicData.pdf,,,,,Literature; Autonomic Identifiers,,,,,,,,2018-05-23,,,,,,,,,,,,,
KERI,arXiv,,,Samuel Smith,,,,,,Key Event Receipt Infrastructure (KERI) Design and Build,,,https://arxiv.org/abs/1907.02143,,,,,Literature; Autonomic Identifiers,,,,,,,,2019-07-03,,,,,,,,,,,,,
KERI,,,,"Conway S, Hughes A",,,,,RWOT 7,A DID for Everything,,,https://github.com/SmithSamuelM/Papers/blob/master/whitepapers/A_DID_for_everything.pdf,,,,,Literature; Autonomic Identifiers,,,,,,,,2018-09-26,,,,,,,,,,,,,
KERI,WeboftrustInfo,,,"Stocker C, Samuel Smith, Juan Caballero",,,,,RWOT10,Quantum Secure DIDs,,,https://github.com/WebOfTrustInfo/rwot10-buenosaires/blob/master/final-documents/quantum-secure-dids.pdf,,,,,Literature; Autonomic Identifiers,,,,,,,,2020-07-09,,,,,,,,,,,,,
KERI,ACMQueue,,http://www.certificate-transparency.org/home,Ben Laurie,,,,,,"Certificate Transparency: Public, verifiable, append-only log",,,https://queue.acm.org/detail.cfm?id=2668154,,,,,Literature; Certificate Transparency,,,,,,,,2014-09-08,,,,,,,,,,,,,
KERI,Links,,,"Ben Laurie, Emilia Kasper",,,,,,Revocation Transparency,,,https://web.archive.org/web/20230309211444/https://www.links.org/files/RevocationTransparency.pdf,,,,,Literature; Certificate Transparency,,,,,,,,2015,,,,,,,,,,,,,
KERI,,,,Steve Tout,,,,,,Non Conformist Innovation Summit Closing Keynote #2 - Sam Smith,The Economics of Its & Bits - Digital Identity - Freedom Privacy Control Security,,https://www.youtube.com/watch?v=L82O9nqHjRE,,,,,Assorted,,,,,,,,2020-07-23,,,,,,,,,,,,,
KERI,IDCommons,,,Robert Mitwicki,,,,,IIW,Supply chain ACDC and KERI + DEMO,"Authentic Chain Data Containers (ACDC) - is a technology which allows to secure and chain data in a generic way. It aims to improve the way we do VC and how we think about authentic data.<br><br>After explanation of ACDC, a demo was performed where it was shown how KERI can enable authentic data flow within the supply chain without the need of having any blockchain nor one single network.",,https://iiw.idcommons.net/14K/_Supply_chain_%E2%80%93_ACDC_and_KERI_+_DEMO,,Session Notes,,,Assorted,,,,,,,,2021-05-07,,,,,,,,,,,,,
KERI,personal,,,Robert Mitwicki,,,,,,KERI: Facilitating secure data flows in an auditable supply chain,"Supply Chain and why you need Blockchain <br>- Time-stamping, tracking, and automating transactions, so that events can be audited in real time <br>- Minimizing the involvement of intermediaries such as bankers, insurers, and brokers <br>- Setting up a wide range of self-executing contracts to automate repetitive processes such as billing and shipping <br>- Establishing proof of quality, provenance, payment, and performance to minimize counterfeiting and fraud <br>- Making it easier, faster, and cheaper to onboard new vendors and partners by assigning digital IDs<br>Supply Chain and why you DONT want Blockchain <br>- Lack of Interoperability - my ledger vs someone else ledger, how to bridge it and navigate<br>- Problem with Governance Framework - who decided who can join? <br>- Scaling<br>- Privacy",,https://docs.google.com/presentation/d/1tF_OFGAKUz9RKCLTdwDYDu7hJuEbFz-LQ6PAih7HBK8/edit#slide=id.p,,Presentation,,,Assorted,,,,,,,,2020-10-10,,,,,,,,,,,,,
Cryptography,SRI,,https://lists.w3.org/Archives/Public/public-credentials/2022Apr/0109.html,"David Balenson, Nick Genise",,,,,,Cryptography Review of W3C Verifiable Credentials Data Model (VCDM) and Decentralized Identifiers (DIDs) Standards and Cryptography Implementation Recommendations,"Cryptography used by U.S. government entities in operational systems must conform to relevant federal government standards and requirements, including the Federal Information Security Management Act (FISMA) and National Institute of Technology (NIST) standards for use of cryptography. As part of its in-depth technical due-diligence to enable operational capabilities for DHS/CBP, DHS/PRIV and DHS/USCIS, the U.S. Department of Homeland Securitys Silicon Valley Innovation Program (SVIP) sponsored independent nonprofit research center SRI International to conduct a cryptographic review of the W3C Verifiable Credentials Data Model and W3C Decentralized Identifiers standards. The review provided constructive feedback and recommendations for technology developers and W3C standards developers to increase their level of compliance with federal government standards.",,http://www.csl.sri.com/papers/vcdm-did-crypto-recs/,,Paper,,,Assorted,,,,,,Verifiable Credentials,,2023-01-01,,,,,,,,,,,,,
Cryptography,Zero Knowledge,,,,ZeroKnowledge,,,,,ZK for Authentication With Nolan and Locke from NuID,"Here are a few of the articles mentioned in the episode:<br>[Universally Composable Direct Anonymous Attestation](https://eprint.iacr.org/2015/1246.pdf) by Jan Camenisch , Manu Drijvers , and Anja Lehmann<br>[Practical UC-Secure Delegatable Credentials with Attributes and Their Application to Blockchain](https://eprint.iacr.org/2015/1246.pdf) by Jan Camenisch , Manu Drijvers , and Anja Lehmann<br>[Privacy-Preserving User-Auditable Pseudonym Systems](https://researcher.watson.ibm.com/researcher/files/zurich-ANJ/main_nymlog.pdf) by Jan Camenisch & Anja Lehmann IBM Research Zurich","Zero Knowledge Podcast is a show about zk proofs and other blockchain tech. Learn about the latest in zero knowledge research, cryptography-enabled privacy tech.",https://www.zeroknowledge.fm/154,https://i0.wp.com/zeroknowledge.fm/wp-content/uploads/2021/06/Discourse_icon.svg.png?fit=800%2C815&ssl=1,episode,,,Assorted,,,,,,,,2020-11-04,,,,,,,,,,,,,
Cryptography,Soatok,,https://lists.w3.org/Archives/Public/public-credentials/2022May/0048.html,,,,,,,Guidance for Choosing an Elliptic Curve Signature Algorithm in 2022,"Most people just defer to SafeCurves, but its a little dated: We have complete addition formulas for Weierstrass curves now, but SafeCurves doesnt reflect that.<br><br>For the purpose of simplicity, Im not going to focus on a general treatment of Elliptic Curve Cryptography (ECC), which includes pairing-based cryptography, Elliptic-Curve Diffie-Hellman, and (arguably) isogeny cryptography.<br><br>Instead, Im going to focus entirely on elliptic curve digital signature algorithms.",A cartoon wild canid on the Internet provides general guidance on elliptic curve cryptography parameter choices.,https://soatok.blog/2022/05/19/guidance-for-choosing-an-elliptic-curve-signature-algorithm-in-2022/,,Post,,,Assorted,,,,,,,,2022-05-19,,,,,,,,,,,,,

1 main parent name supporting authors related location serving policy event title text description link image type status platform section sector industry market focus projects tech working group date github twitter youtube list feed discord crunchbase linkedin docs devtools app telegram forum
631 OpenID Connect Auth0 Identity, Unlocked... SIOP with Kristina Yasuda As a discovery mechanism to invoke a Self-Issued OP, the discussion on the podcast covered the usage of a custom schema 'openid://'. Alternative mechanisms to address the limitations of custom schemas are being actively explored in the WG.<br><br>The conversation meanders through deeper details, from how the current [SIOP specification draft](https://bitbucket.org/openid/connect/src/master/openid-connect-self-issued-v2-1_0.md) under the OpenID Foundation picks up the mission from a [former attempt under DIF](https://identity.foundation/did-siop/) to encoding approaches for verifiable presentations (embedding in JWTs, [LD proofs](https://w3c-ccg.github.io/ld-proofs/), how to represent attributes https://auth0.com/blog/identity-unlocked-explained-season-2-ep-5/ episode Development 2021-03-22
632 OpenID Connect SpruceID https://blog.spruceid.com/sign-in-with-ethereum-decentralizing-an-identity-provider-server/ Spruce Developer Update #20 We've set up a [release pipeline](https://github.com/spruceid/ens-oidc/) and had our first witnessed deployment for the ENS Community-Maintained OIDC IdP https://blog.spruceid.com/spruce-developer-update-20/ Post Development 2022-06-01
633 OpenID Connect IETF Sam Goto Browser APIs to enable OpenID Session Management and Privacy How does logout in OIDC happen?<br>* Classification problem - browsers do not know it is a logout now<br>* Easiest way<br> * Browser asks for a user consent<br> * Hard from a permission implementation perspective<br> * Tim: No issues with this idea<br> * If user logged into several OPs, user will not look to all the ones they log out from<br>* Option2<br> * Browser classifies signing-in event<br> * On log out does not prompt the user and IdP has no incentives to lie<br> * RPs get to determine if they want to log the user out or not<br> * Whether you can swap generic frame with fenced frame, frame can see it’s own cookies<br> * May not be able to pass any parameters that you need to pass; no link decoration for framed frame<br> * Subdomains also considered, but not well thought out<br> * Logout URL - other option to add, but more work for RP: Resource metadata. Specification - not much adoption. It just feels like a place where RP metadata could be declared which could be useful in this context of the RP defining its metadata (e.g. what IDP it uses) https://iiw.idcommons.net/13L/_Browser_APIs_to_enable_OpenID_Session_Management_and_Privacy Session Notes Development 2021-05-06
634 KERI WebofTrust https://keri.one/keri-resources KERI One - HomePage https://keri.one Main https://identity.foundation/working-groups/keri.html https://github.com/WebOfTrust/keri
635 KERI Blockchain Bird https://iiw.idcommons.net/3K/_KERI_Q%26A_basic_introduction IIW32 KERI Q&A basic introduction It has lots of relevant links in it to start your journey in KERI.<br><br>What is KERI?<br>* Key Event Receipt Infrastructure<br>* Intends to repair the Internet<br>* KERI = CT with decentralized CA<br>* NOT a coin, token…<br><br>Why KERI? (and not something else)<br>* Strong autonomous identifiers<br>* Abiding to privacy (laws and good habits)<br>* Portability, delegation, rotatable keys<br>* Direct & Indirect method<br>* <there’s more> https://blockchainbird.org/downloads/KERI-QA-introduction.pdf Presentation Main 2021
KERI DIF KERI: For every DID, a microledger The world of digital identifiers (DIDs) and verifiable credentials (VCs) is evolving quickly, giving much cause for optimism. Standards are starting to connect and move towards functional interoperability, governed by testable protocols. Most of this work is happening on the level of VCs. However, DIDs and their infrastructure are also starting to converge and mature as an extensible-yet-interoperable technology. https://medium.com/decentralized-identity/keri-for-every-did-a-microledger-f9457fa80d2d https://miro.medium.com/v2/resize:fit:1000/0*ZdrUkaJCemaCIBAw Post Main 2020-10-19
636 KERI personal Samuel Smith Key Event Receipt Infrastructure: A Secure Identifier Overlay for the Internet Secure attribution of any communication to its source<br>Authentic communication<br>Authentic interactions based an secure attribution of all statements by participants<br>Verifiable authenticity of data<br>Data Provenance<br>Authentic data economy https://github.com/SmithSamuelM/Papers/blob/master/presentations/KERI_Overview.web.pdf Presentation 2.60 Main 2021-03-23
637 KERI https://arxiv.org/abs/1907.02143 Samuel Smith KEY EVENT RECEIPT INFRASTRUCTURE (KERI) DESIGN An identity system based secure overlay for the Internet is presented. This includes a primary root-of-trust in self-certifying identifiers. It presents a formalism for Autonomic Identifiers (AIDs) and Autonomic Namespaces (ANs). They are part of an Autonomic Identity System (AIS). This system uses the design principle of minimally sufficient means to provide a candidate trust spanning layer for the internet. Associated with this system is a decentralized key management infrastructure (DKMI). The primary root-of-trust are self-certifying identifiers that are strongly bound at issuance to a cryptographic signing (public, private) key-pair. These are self-contained until/unless control needs to be transferred to a new key-pair. In that event an append only chained key-event log of signed transfer statements provides end verifiable control provenance. This makes intervening operational infrastructure replaceable because the event logs may be therefore be served up by ambient infrastructure. End verifiable logs on ambient infrastructure enables ambient verifiability (verifiable by anyone, anywhere, at anytime). The primary key management operation is key rotation (transference) via a novel key pre-rotation scheme. Two primary trust modalities motivated the design, these are a direct (one-to-one) mode and an indirect (one-to-any) mode. In the direct mode, the identity controller establishes control via verified signatures of the controlling key-pair. The indirect mode extends that trust basis with witnessed key event receipt logs (KERLs) for validating events. The security and accountability guarantees of indirect mode are provided by KERIs Agreement Algorithm for Control Establishment (KACE) among a set of witnesses. https://raw.githubusercontent.com/SmithSamuelM/Papers/master/whitepapers/KERI_WP_2.x.web.pdf 2.54 Main 2020-10-22
638 KERI Samuel Smith Manning Decentralized key management ● Why any form of digital key management is hard<br>● Standardsand best practices for conventional key management<br>● The starting point for key management architectures: roots-of-trust<br>● The special challenges of decentralizedkey management<br>● The new tools that verifiable credentials (VCs), decentralized identifiers (DIDs), and self-sovereign identity (SSI) bring to decentralized key management<br>● Key management for ledger-based DID methods<br>● Key management for peer-based DID methods<br>● Fully autonomous decentralized key management with Key Event Receipt Infrastructure (KERI) https://raw.githubusercontent.com/SmithSamuelM/Papers/master/whitepapers/10-ssi-key-management.pdf Main 2020-10-19
639 KERI Samuel Smith UNIVERSAL IDENTIFIER THEORY Abstract—A universal theory for identifiers is presented. This theory is based on a unified model of identifiers that include cryptographic autonomic identifiers (AIDs) and legitimized (authorized) human meaningful identifiers (LIDs). This model provides truly decentralized trust bases each derived from the cryptographic root-of-trust of a given AID. An AID is based on a self-certifying identifier (SCID) prefix. Self certifying identifiers are not human meaningful but have strong cryptographic properties. The associated self-certifying trust basis gives rise to a trust do- main for associated cryptographically verifiable non-repudiable statements. Every other type of identifier including human meaningful identifiers may then be secured in this resultant trust do- main via an end-verifiable authorization. This authorization legitimizes that human meaningful identifier as an LID though its association with an AID. The result is a secured trust domain specific identifier couplet of aid\|lid. AIDs are provided by the open standard key event receipt infrastructure (KERI). This unified model provides a systematic methodology for the design and implementation of secure decentralized identifier systems that underpin decentralized trust bases and their associated ecosystems of interactions. https://raw.githubusercontent.com/SmithSamuelM/Papers/master/whitepapers/IdentifierTheory_web.pdf Main 2020-10-23
640 KERI DIF KERI Whitepaper https://raw.githubusercontent.com/decentralized-identity/keri/master/kids/KERI_WP.pdf Main 2021-01-11
641 KERI DIF KERI: For every DID, a microledger The world of digital identifiers (DIDs) and verifiable credentials (VCs) is evolving quickly, giving much cause for optimism. Standards are starting to connect and move towards functional interoperability, governed by testable protocols. Most of this work is happening on the level of VCs. However, DIDs and their infrastructure are also starting to converge and mature as an extensible-yet-interoperable technology. https://medium.com/decentralized-identity/keri-for-every-did-a-microledger-f9457fa80d2d Post About 2020-10-19
642 KERI personal https://iiw.idcommons.net/23K/_KERI_Composable_Event_Streaming_Representation Samuel Smith KERI Composable Event Streaming Representation The Three KERI Security Sessions presented at IIW32 have the same set of Slides, it takes 3 hours to get through them.<br><br>This session is slides #190 through #208 https://github.com/SmithSamuelM/Papers/blob/master/presentations/KERI_Overview.web.pdf Presentation About 2021-03-04
643 KERI Harvard Doc Searls On KERI: a way not to reveal more personal info than you need to Here in civilization we typically reveal information about ourselves to others on a need-to-know basis: “I’m over 18.” “I’m a citizen of Canada.” “Here’s my Costco card.” “Hi, I’m Jane.” We may or may not present credentials in these encounters. And in most we don’t say our names. “Michael” being a common name, a guy called “Mike” may tell a barista his name is “Clive” if the guy in front of him just said his name is “Mike.” (My given name is David, a name so common that another David re-branded me Doc. Later I learned that his middle name was David and his first name was Paul. True story.) https://blogs.harvard.edu/doc/2020/10/22/keri/ http://blogs.harvard.edu/doc/files/2020/10/name-tag-plastic-card-holder-office-unfilled-paper-design-blank-transparent.jpg Post About 2020-10-22
644 KERI Jolocom Jolocom How KERI tackles the problem of trust In contrast to blockchain or central registry-based trust systems, KERI is based on a hash-chain data structure called a ‘key event receipt log’ (KERL). Conceptually, it’s similar in some ways to the Peer DID Method specification, except that its data model is a KERL rather than a DID document. And while KERI can be used as a DID method, it is fundamentally not reliant on any of the DID specifications and can be used in many other contexts as well. In particular, it is also useful for Internet of Things (IoT) networks and other security-conscious, low-resource use cases. https://jolocom.io/blog/how-keri-tackles-the-problem-of-trust/ https://jolocom.io/wp-content/uploads/2020/10/Jolocom-Logbook-KERI-article-main-cover-dark-03-scaled.jpg Post About 2020-10-15
645 KERI Definitely Identity Samuel Smith Tim talks with Sam Smith, creator of KERI In this episode, we explore the Key Event Receipt Infrastructure (KERI)and how it relates to decentralized identity. We also touch topics in the white paper: trust domains, self-certifying identifiers, architectural implications, and more. https://podcasts.apple.com/ca/podcast/definitely-identity-episode-14-with-sam-smith/id1496565155?i=1000494102345 https://is5-ssl.mzstatic.com/image/thumb/Podcasts122/v4/8f/50/9f/8f509f2a-cb8b-e58c-5129-d2fc510549f3/mza_11958365818986440756.jpg/1200x630wp.png episode About 2020-10-08
646 KERI Human Colossus Foundation Thinking of DID? KERI On The current generation of DIDs has introduced an innovative approach to digital identifiers, which has triggered the SSI movement. However, the inclusion of the method space in the DID syntax has led to fragmentation and weak security properties of the identifier type. These known method-space issues give the community impetus to redress them. In light of these innovative developments, now is the time to embrace KERI as an improved interoperable and secure solution for digital identity. In this blog post, we address DIDs security from the viewpoint of KERI (Key Event Receipt Infrastructure), a novel, simple, and improved DKMS (Decentralized Key Management System) solution for digital identifiers. KERI provides a unifying solution to DID document authentication and resolution that will prove invaluable to use cases where security and interoperability are essential (e.g., for global supply chains and humanitarian applications). https://humancolossus.foundation/blog/thinking-of-did-keri-on http://static1.squarespace.com/static/5ead4c8660689c348c80958e/5eaecb2534916624d94cccf4/6002ce8112a04d6cc486ab94/1611774292795/?format=1500w Post About 2021-01-27
647 KERI Gleif https://www.gleif.org/lei-solutions/gleifs-digital-strategy-for-the-lei/2022-06-28_lei-digital-strategy-current_version-focus-vlei_v0.17_work.pdf LEI Digital Strategy The Global LEI System (GLEIS) has a unique opportunity to solve the problem of trust for legal entities on a global scale. It can enable digital transformation in a way that is interoperable, independent and autonomous. As a regulatory endorsed system overseen by the Regulatory Oversight Committee (ROC), the GLEIS is the only system that establishes a recognized, monitored and standardized global identity for legal entities that, whenever possible, is linked to the national ID system in that jurisdiction. The system is underpinned by open data, meaning any person or company can access the LEI and its associated reference data. The GLEIS also bridges traditional and online processes by serving as a tool to identify the counterparty in any transaction and can aggregate data on legal entities held in repositories.<br><br>GLEIF’s digital strategy for the LEI centers on two methods for cryptographically binding the LEI to its organization – digital certificates and Verifiable Credentials. From banking to production and supply chain management, industries worldwide are adjusting to the digitization of processes and transactions. https://www.gleif.org/en/lei-solutions/gleifs-digital-strategy-for-the-lei https://www.gleif.org/media/pages/lei-solutions/gleifs-digital-strategy-for-the-lei/bfa1d78378-1685436973/digital-certificates-as-well-as-self-sovereign-identity-networks-1200x630-q85.png Post Organization 2022-06-08
648 KERI IDCommons IIW GLEIF vLEI with KERI The Global Legal Entity Identifier Foundation (GLEIF) proposes that the Legal Enitity Identifier (LEI) can be used to establish a chain of trust for organizational identity.<br><br>In this session, GLEIF shares plans and progress regarding its development program to create an ecosystem and credential governance framework, together with a technical supporting infrastructure, for a verifiable LEI (vLEI), a digitally verifiable credential containing the LEI. https://iiw.idcommons.net/20K/_GLEIF_vLEI_with_KERI Session Notes Organization 2021-05-07
649 KERI TOIP ACDC (Authentic Chained Data Container) Task Force The purpose of the Authentic Chained Data Container (ACDC) Task Force is to help draft and incubate a family of IETF-focused specifications that defines the standard requirements for the semantics of Authentic Chained Data Containers. The semantics of ACDCs include both source provenance and authorization provenance or delegation. The hypothesis is that the W3C Verifiable Credential standard may be expanded to serve as an Authentic Data Container (ADC) with authentic provenance chains (APC) as a super semantic. This may be further expanded to support both a source provenance sub-semantic and a delegated authorization sub-semantic. These are all encapsulated into the semantics with supporting syntax of an ACDC. https://wiki.trustoverip.org/display/HOME/ACDC+%28Authentic+Chained+Data+Container%29+Task+Force page Organization 2021-01-19
650 KERI Trusted Computing Group Trusted Computing Group The Trusted Computing Group (TCG) is a not-for-profit organization formed to develop, define and promote open, vendor-neutral, global industry specifications and standards, supportive of a hardware-based root of trust, for interoperable trusted computing platforms.TCG’s core technologies include specifications and standards for the Trusted Platform Module (TPM), Trusted Network Communications (TNC) and network security and self-encrypting drives. TCG also has work groups to extend core concepts of trust into cloud security, virtualization and other platforms and computing services from the enterprise to the Internet of Things. https://trustedcomputinggroup.org/ https://trustedcomputinggroup.org/wp-content/plugins/revslider/public/assets/assets/dummy.png site Organization
651 KERI Micro Controller Tips Maria Guerra What is DICE architecture? DICE stands for Device Identifier Composition Engine, and it is a security standard created by the Trusted Computing Group (TCG) which has been addressing security issues for years. TCG announced the establishment of DICE Architecture, or DICE Architecture Work Group to address the need for increased security in the Internet of Things (IoT) therefore targeting products such as MCUs and systems on a chip (SoCs). https://www.microcontrollertips.com/what-is-dice-architecture-faq/ https://www.microcontrollertips.com/wp-content/uploads/2018/06/DICE-featured.jpg faq Organization 2018-07-27
652 KERI IDCommons Samuel Smith IIW Security Considerations of KERI. Why and how KERI provides secure portability Harm that can be done to the a controller: Unavailability, loss of control authority, externally forced duplicity<br><br>Harm that can be done to a validator: Inadvertent acceptance of verifiable - but forged or duplicitous events<br><br>Breaking the promise of global consistency by a controller is a provable liability. However, global consistency may only matter after members of that community need to interact, not before. https://iiw.idcommons.net/2K/_Security_Considerations_of_KERI._Why_and_how_KERI_provides_secure_portability Session Notes Development 2021-05-06
653 KERI DIF Q&A about KERI’s Security model and Guarantees - Part II Security ### *Q: What are the security risks of KERI with regard to the identity protocol?<br><br>Harm that can be done to the a controller: Unavailability, loss of control authority, externally forced duplicity<br><br>Harm that can be done to a validator: Inadvertent acceptance of verifiable - but forged or duplicitous events<br><br>Breaking the promise of global consistemcy by a controller is a provable liability. However, global consistency may only matter after members of that community need to interact, not before.<br><br>### Q: How secure is the KERI infrastructure?<br><br>KERI changes the discussion about security. From a discussion about the security of infrastructure to a discussion about the security of your key management infrastructure. Most people when they think security, the think “oh, blockchain!”: permissioned or permissionless, how hard is it to get 51% attack, etc.Non of that matters for KERI. KERI is all about “are your private keys private?!” And if yes, that drastically slims down the security discussion to brute force attacks to public keys. And because the next public keys are in fact protected by a hash, you have to brute force the hash algorithm, that is post-quantum secure. So that is a very high level of infrastructural security.<br><br>So private key management and protection is the root of your security in KERI.<br><br>### *Q: You are arguing KERI affords greater security than a decentralized linear event system like Bitcoin?<br><br>…you would be fundamentally arguing that you can record a singular, immutable linear event history more securely than Bitcoin, and I see nothing in KERI that would indicate that.<br><br>Read the answer to [this](https://identity.foundation/keri/docs/Q-and-A-Security.html#keri-is-basically-a-series-of-pay2publickeyhash-transactions) first.<br><br>If you read Szabo’s paper on threshold structures, you get security of the same type when ever you use a threshold structure, be it MFA, Multi-Sig, or Distributed consensus. They all are using a combination of multiple relatively weak attack surfaces that must be simulatenously compromised for a successful attack. So multiplying simulatneous weak surfaces = functional equivalent of a stronger attack surface. So when you look at KERI you see that the security is primarily due to cryptographic strength and the witnesses are not the primary source of security but merely secure one thing, that is the availability of the KEL for an identifier. Not the KEL itself. The KEL iteself is secured by signatures.<br><br>From a Validator perspective their security is due to duplicity detection. Successful attack against duplicity detection requires an eclipse attack. Ledgers such as bitcoin are also susceptible to eclipse attacks. So in an apples to apples (resistance to eclipse attack) a KERI watcher network of comparable reach (1000’s of watchers) would have comparable resistance to an eclipse attack.<br><br>### Q: Differences between blockchain-based security and KERI security<br><br>* Where KERI doesn’t need total ordering in its logs, blockchain do need that. What KERI needs is watchers that construct string of event in the relative order of reception of the KEL {TBW please explain or improve this: what is this, why is it important?}<br><br>* Another characteristic is that KERI identifiers are transferable and blockchain-based identifiers are not, they are bound to their ledger. *Q: What are the security risks of KERI with regard to the identity protocol?<br><br>Harm that can be done to the a controller: Unavailability, loss of control authority, externally forced duplicity<br><br>Harm that can be done to a validator: Inadvertent acceptance of verifiable - but forged or duplicitous events<br><br>Breaking the promise of global consistemcy by a controller is a provable liability. However, global consistency may only matter after members of that community need to interact, not before.<br><br>### Q: How secure is the KERI infrastructure?<br><br>KERI changes the discussion about security. From a discussion about the security of infrastructure to a discussion about the security of your key management infrastructure. Most people when they think security, the think “oh, blockchain!”: permissioned or permissionless, how hard is it to get 51% attack, etc.Non of that matters for KERI. KERI is all about “are your private keys private?!” And if yes, that drastically slims down the security discussion to brute force attacks to public keys. And because the next public keys are in fact protected by a hash, you have to brute force the hash algorithm, that is post-quantum secure. So that is a very high level of infrastructural security.<br><br>So private key management and protection is the root of your security in KERI.<br><br>### *Q: You are arguing KERI affords greater security than a decentralized linear event system like Bitcoin?<br><br>…you would be fundamentally arguing that you can record a singular, immutable linear event history more securely than Bitcoin, and I see nothing in KERI that would indicate that.<br><br>Read the answer to [this](https://identity.foundation/keri/docs/Q-and-A-Security.html#keri-is-basically-a-series-of-pay2publickeyhash-transactions) first.<br><br>If you read Szabo’s paper on threshold structures, you get security of the same type when ever you use a threshold structure, be it MFA, Multi-Sig, or Distributed consensus. They all are using a combination of multiple relatively weak attack surfaces that must be simulatenously compromised for a successful attack. So multiplying simulatneous weak surfaces = functional equivalent of a stronger attack surface. So when you look at KERI you see that the security is primarily due to cryptographic strength and the witnesses are not the primary source of security but merely secure one thing, that is the availability of the KEL for an identifier. Not the KEL itself. The KEL iteself is secured by signatures.<br><br>From a Validator perspective their security is due to duplicity detection. Successful attack against duplicity detection requires an eclipse attack. Ledgers such as bitcoin are also susceptible to eclipse attacks. So in an apples to apples (resistance to eclipse attack) a KERI watcher network of comparable reach (1000’s of watchers) would have comparable resistance to an eclipse attack.<br><br>### Q: Differences between blockchain-based security and KERI security<br><br>* Where KERI doesn’t need total ordering in its logs, blockchain do need that. What KERI needs is watchers that construct string of event in the relative order of reception of the KEL {TBW please explain or improve this: what is this, why is it important?}<br><br>* Another characteristic is that KERI identifiers are transferable and blockchain-based identifiers are not, they are bound to their ledger. Key Event Receipt Infrastructure - the spec and implementation of the KERI protocol https://identity.foundation/keri/docs/Q-and-A-Security.html#qa-section-keri-security-considerations https://identity.foundation/keri/images/Direct-mode-kel-kerl.png page Development 2021-04-06
654 KERI Samuel Smith W3C DID Security Concerns **Certificate Transparency Solution**<br>- Public end-verifiable append-only event log with consistency and inclusion proofs <br>- End-verifiable duplicity detection = ambient verifiability of duplicity <br>- Event log is third party infrastructure but it is not trusted because logs are verifiable. <br>- Sparse Merkle trees for revocation of certificates<br>- (related EFF SSL Observatory) https://github.com/SmithSamuelM/Papers/blob/master/presentations/W3C_DID_Security_Concerns.pdf Development 2020-01-14
655 KERI DIF https://hackmd.io/orhyiJkLT721v4PCPkvQiA?both Implementation Notes for KERI The interpretation of the data associated with the digest or hash tree root in the seal is independent of KERI. This allows KERI to be agnostic about anchored data semantics. Another way of saying this is that seals are data agnostic; they don’t care about the semantics of its associated data. This better preserves privacy because the seal itself does not leak any information about the purpose or specific content of the associated data. Furthermore, because digests are a type of content address, they are self-discoverable. This means there is no need to provide any sort of context or content specific tag or label for the digests. Applications that use KERI may provide discovery of a digest via a hash table (mapping) whose indexes (hash keys) are the digests and the values in the table are the location of the digest in a specific event. To restate, the semantics of the digested data are not needed for discovery of the digest within a key event sequence. https://github.com/decentralized-identity/keri/blob/master/implementation.md Development 2020-05-16
656 KERI IDCommons Samuel Smith, Dave Huseby IIW KERI and ADS Key State Provenance Logs Kumbaya (KEL and ADPL) This was a meeting of the minds between myself and Sam Smith and Adrian Gropper that was hugely successful. We all decided to use the term "endorser" for what we all called "registrar"/"witness"/"notary". We also realized that the KERI proposal for encoding is good enough for authentic data provenance logs and we will be using the KERI encoding. Sam has modified the spec for KERI key event logs to include scripting capabilities needed in the authentic data economy for doing things like cross-chain atomic swaps for selling non-fungible authentic data (NFADs).<br><br>The result is that there is grand convergence on the encoding and file format for key event provenance logs that will be supported by both KERI networks and the broader authentic data economy. https://iiw.idcommons.net/24H/_KERI_and_ADS_Key_State_Provenance_Logs_Kumbaya_(KEL_and_ADPL) Session Notes Development 2021-05-06
657 KERI IDCommons SSI-Meetup https://www.youtube.com/watch?v=izNZ20XSXR0 Robert Mitwicki IIW Supply chain – ACDC and KERI + DEMO Key Event Receipt Infrastructure (KERI): A secure identifier overlay for the internet – Sam Smith – Webinar 58 Authentic Chain Data Containers (ACDC) - is a technology which allows to secure and chain data in a generic way. It aims to improve the way we do VC and how we think about authentic data.<br><br>After explanation of ACDC, a demo was performed where it was shown how KERI can enable authentic data flow within the supply chain without the need of having any blockchain nor one single network. https://iiw.idcommons.net/14K/_Supply_chain_%E2%80%93_ACDC_and_KERI_+_DEMO https://ssimeetup.org/key-event-receipt-infrastructure-keri-secure-identifier-overlay-internet-sam-smith-webinar-58/ Session Notes Supply Chain Presentations 2021-05-07 2020-05-19
658 KERI personal Robert Mitwicki Samuel Smith KERI: Facilitating secure data flows in an auditable supply chain KERI Overview Supply Chain and why you need Blockchain <br>- Time-stamping, tracking, and automating transactions, so that events can be audited in real time <br>- Minimizing the involvement of intermediaries such as bankers, insurers, and brokers <br>- Setting up a wide range of self-executing contracts to automate repetitive processes such as billing and shipping <br>- Establishing proof of quality, provenance, payment, and performance to minimize counterfeiting and fraud <br>- Making it easier, faster, and cheaper to onboard new vendors and partners by assigning digital IDs<br>Supply Chain and why you DON’T want Blockchain <br>- Lack of Interoperability - my ledger vs someone else ledger, how to bridge it and navigate<br>- Problem with Governance Framework - who decided who can join? <br>- Scaling<br>- Privacy **Separation of Control** Shared (permissioned) ledger = shared control over shared data.<br>* Shared data = good, shared control = bad.<br>* Shared control between controller and validator may be problematic for governance, scalability, and performance.KERI = separated control over shared data.<br>* Separated control between controller and validator may provide better decentralization, more flexibility, better scalability, lower cost, higher performance, and more privacy at comparable security. https://docs.google.com/presentation/d/1tF_OFGAKUz9RKCLTdwDYDu7hJuEbFz-LQ6PAih7HBK8/edit#slide=id.p https://raw.githubusercontent.com/SmithSamuelM/Papers/master/presentations/KERI2_Overview.web.pdf https://lh3.googleusercontent.com/docs/ADP-6oEaO2ZhlD4Wi8L0mBMsWKJQgYiou-x-F99nfasMNWe0LHTl4QPnlWz4Y-NRbABf1XhTmrgGg_1mbGg_K7W7lcN5-BQWJi0Y2GwDYU_bfsIC=w1200-h630-p Presentation 2.54 Supply Chain Presentations 2020-10-10 2020-10-22
659 KERI Samuel Smith The Duplicity Game: or why you can trust KERI **Inconsistency vs. Duplicity**<br>- inconsistency: lacking agreement, as two or more things in relation to each other<br>- duplicity: acting in two different ways to different people concerning the same matter<br>**Internal vs. External Inconsistency** <br>- Internally inconsistent log = not verifiable.<br>- Log verification from self-certifying root-of-trust protects against internal inconsistency.<br>Externally inconsistent log with a purported copy of log but both verifiable = duplicitous.<br>Duplicity detection protects against external inconsistency. https://raw.githubusercontent.com/SmithSamuelM/Papers/master/presentations/DuplicityGame_IIW_2020_A.pdf Presentations 2020-05-09
660 KERI Samuel Smith Key Event Receipt Infrastructure (KERI) Model for a Universal DKMI **KERI Nomenclature**<br>* **self-certifying identifier**: includes public key<br>* **digital signature**: unique non-repudiable (cypher suite known)<br>* **digest**: collision resistant hash of content<br>* **signed digest**: commitment to content<br>* **controller**: controlling entity of identifier<br>* **message**: serialized data structure event: actionable message<br>* **key event**: key management operation<br>* **inception event**: unique self-signed event that creates identifier and controlling key(s)<br>* **rotation event**: self-signed uniquely ordered event from a sequence that changes the set of controlling keys<br>* **verifier**: cryptographically verifies signature(s) on an event message.<br>* **witness**: entity that may receive, verify, and store key events for an identifier. Each witness controls its own identifier used to sign key event messages, controller is a special case of witness.<br>* **receipt**: event message or reference with one or more witness signatures<br>* **key event log**: ordered record of all self-signed key event messages key event<br>* **receipt log**: ordered record of all key event receipts for a given set of witnesses<br>* **validator**: determines current authoritative key set for identifier from at least one key event (receipt) log. <br>* **judge**: determines current authoritative key set for identifier from the key event receipt logs from a set of witnesses.<br>* **pre-rotation**: commitment to next rotated key set in previous rotation or inception event https://raw.githubusercontent.com/SmithSamuelM/Papers/master/presentations/KERI_Overview.pdf Presentations 2019-12
661 KERI Samuel Smith KERI for Muggles IIW #31 Day 1 - Session #220 October 2020 KERI is a new approach to decentralized identifiers and decentralized key management that promises significant benefits for SSI (self-sovereign identity) and ToIP (Trust over IP) infrastructure https://raw.githubusercontent.com/SmithSamuelM/Papers/master/presentations/KERI_for_Muggles.pdf Presentations 2020-10-21
662 KERI Samuel Smith Verifiable Trust Bases * KERI enables cryptographic proof-of-control-authority (provenance) for each identifier.<br>* A proof is in the form of an identifier’s key event receipt log (KERL).<br>* KERLs are *End Verifiable*:<br> * End user alone may verify. Zero trust in intervening infrastructure.<br>* KERLs may be *Ambient Verifiable*:<br> * Anyone may verify anylog, anywhere, at anytime.<br>* KERI = self-cert root-of-trust + certificate transparency + KA2CE + recoverable + post-quantum. https://raw.githubusercontent.com/SmithSamuelM/Papers/master/presentations/KERIVerifiableTrustBases.web.pdf 2.53 Presentations 2020-10-20
663 KERI Springer Girault, M. EUROCRYPT 1991 Self-certifiepublic keys https://link.springer.com/content/pdf/11007%2F3-540-46416-6_42.pdf Literature; Self-Certifying Identifiers 1991
664 KERI MIT Kaminsky M., Banks E. SFS-HTTP: Securing the Web with Self-Certifying URLs https://pdos.csail.mit.edu/~kaminsky/sfs-http.ps Literature; Self-Certifying Identifiers 1999
665 KERI Sigops Mazieres D., Kaashoek M. F. MIT Escaping the Evils of Centralized Control with self-certifying pathnames http://www.sigops.org/ew-history/1998/papers/mazieres.ps Literature; Self-Certifying Identifiers 2000
666 KERI CSAIL Mazieres D. Self-certifying File System https://pdos.csail.mit.edu/~ericp/doc/sfs-thesis.ps Literature; Self-Certifying Identifiers 2000-06-01
667 KERI Trusted Computing Group Implicit Identity Based Device Attestation https://trustedcomputinggroup.org/wp-content/uploads/TCG-DICE-Arch-Implicit-Identity-Based-Device-Attestation-v1-rev93.pdf Literature; Self-Certifying Identifiers 2018-03-05
668 KERI Samuel Smith Open Reputation Framework https://github.com/SmithSamuelM/Paperblob/master/whitepapers/open-reputation-low-level-whitepaper.pdf Literature; Autonomic Identifiers 2015-05-13
669 KERI Samuel Smith, Khovratovich D. Identity System Essentials https://github.com/SmithSamuelM/Papers/blob/master/whitepapers/Identity-System-Essentials.pdf Literature; Autonomic Identifiers 2016-03-29
670 KERI Samuel Smith Decentralized Autonomic Data (DAD) and the three R’s of Key Management Rebooting the Web of Trust RWOT 6, Spring 2018 https://github.com/SmithSamuelM/Papers/blob/master/whitepapers/DecentralizedAutonomicData.pdf Literature; Autonomic Identifiers 2018-05-23
671 KERI arXiv Samuel Smith Key Event Receipt Infrastructure (KERI) Design and Build https://arxiv.org/abs/1907.02143 Literature; Autonomic Identifiers 2019-07-03
672 KERI Conway S, Hughes A RWOT 7 A DID for Everything https://github.com/SmithSamuelM/Papers/blob/master/whitepapers/A_DID_for_everything.pdf Literature; Autonomic Identifiers 2018-09-26
673 KERI WeboftrustInfo Stocker C, Samuel Smith, Juan Caballero RWOT10 Quantum Secure DIDs https://github.com/WebOfTrustInfo/rwot10-buenosaires/blob/master/final-documents/quantum-secure-dids.pdf Literature; Autonomic Identifiers 2020-07-09
674 KERI ACMQueue http://www.certificate-transparency.org/home Ben Laurie Certificate Transparency: Public, verifiable, append-only log https://queue.acm.org/detail.cfm?id=2668154 Literature; Certificate Transparency 2014-09-08
675 KERI Links Ben Laurie, Emilia Kasper Revocation Transparency https://web.archive.org/web/20230309211444/https://www.links.org/files/RevocationTransparency.pdf Literature; Certificate Transparency 2015
676 KERI Steve Tout Non Conformist Innovation Summit Closing Keynote #2 - Sam Smith The Economics of Its & Bits - Digital Identity - Freedom Privacy Control Security https://www.youtube.com/watch?v=L82O9nqHjRE Assorted 2020-07-23
677 KERI IDCommons Robert Mitwicki IIW Supply chain – ACDC and KERI + DEMO Authentic Chain Data Containers (ACDC) - is a technology which allows to secure and chain data in a generic way. It aims to improve the way we do VC and how we think about authentic data.<br><br>After explanation of ACDC, a demo was performed where it was shown how KERI can enable authentic data flow within the supply chain without the need of having any blockchain nor one single network. https://iiw.idcommons.net/14K/_Supply_chain_%E2%80%93_ACDC_and_KERI_+_DEMO Session Notes Assorted 2021-05-07
678 KERI personal Robert Mitwicki KERI: Facilitating secure data flows in an auditable supply chain Supply Chain and why you need Blockchain <br>- Time-stamping, tracking, and automating transactions, so that events can be audited in real time <br>- Minimizing the involvement of intermediaries such as bankers, insurers, and brokers <br>- Setting up a wide range of self-executing contracts to automate repetitive processes such as billing and shipping <br>- Establishing proof of quality, provenance, payment, and performance to minimize counterfeiting and fraud <br>- Making it easier, faster, and cheaper to onboard new vendors and partners by assigning digital IDs<br>Supply Chain and why you DON’T want Blockchain <br>- Lack of Interoperability - my ledger vs someone else ledger, how to bridge it and navigate<br>- Problem with Governance Framework - who decided who can join? <br>- Scaling<br>- Privacy https://docs.google.com/presentation/d/1tF_OFGAKUz9RKCLTdwDYDu7hJuEbFz-LQ6PAih7HBK8/edit#slide=id.p Presentation Assorted 2020-10-10
679 Cryptography SRI https://lists.w3.org/Archives/Public/public-credentials/2022Apr/0109.html David Balenson, Nick Genise Cryptography Review of W3C Verifiable Credentials Data Model (VCDM) and Decentralized Identifiers (DIDs) Standards and Cryptography Implementation Recommendations Cryptography used by U.S. government entities in operational systems must conform to relevant federal government standards and requirements, including the Federal Information Security Management Act (FISMA) and National Institute of Technology (NIST) standards for use of cryptography. As part of its in-depth technical due-diligence to enable operational capabilities for DHS/CBP, DHS/PRIV and DHS/USCIS, the U.S. Department of Homeland Security’s Silicon Valley Innovation Program (SVIP) sponsored independent nonprofit research center SRI International to conduct a cryptographic review of the W3C Verifiable Credentials Data Model and W3C Decentralized Identifiers standards. The review provided constructive feedback and recommendations for technology developers and W3C standards developers to increase their level of compliance with federal government standards. http://www.csl.sri.com/papers/vcdm-did-crypto-recs/ Paper Assorted Verifiable Credentials 2023-01-01
680 Cryptography Zero Knowledge ZeroKnowledge ZK for Authentication With Nolan and Locke from NuID Here are a few of the articles mentioned in the episode:<br>–[Universally Composable Direct Anonymous Attestation](https://eprint.iacr.org/2015/1246.pdf) by Jan Camenisch , Manu Drijvers , and Anja Lehmann<br>–[Practical UC-Secure Delegatable Credentials with Attributes and Their Application to Blockchain](https://eprint.iacr.org/2015/1246.pdf) by Jan Camenisch , Manu Drijvers , and Anja Lehmann<br>–[Privacy-Preserving User-Auditable Pseudonym Systems](https://researcher.watson.ibm.com/researcher/files/zurich-ANJ/main_nymlog.pdf) by Jan Camenisch & Anja Lehmann IBM Research – Zurich Zero Knowledge Podcast is a show about zk proofs and other blockchain tech. Learn about the latest in zero knowledge research, cryptography-enabled privacy tech. https://www.zeroknowledge.fm/154 https://i0.wp.com/zeroknowledge.fm/wp-content/uploads/2021/06/Discourse_icon.svg.png?fit=800%2C815&ssl=1 episode Assorted 2020-11-04
681 Cryptography Soatok https://lists.w3.org/Archives/Public/public-credentials/2022May/0048.html Guidance for Choosing an Elliptic Curve Signature Algorithm in 2022 Most people just defer to SafeCurves, but it’s a little dated: We have complete addition formulas for Weierstrass curves now, but SafeCurves doesn’t reflect that.<br><br>For the purpose of simplicity, I’m not going to focus on a general treatment of Elliptic Curve Cryptography (ECC), which includes pairing-based cryptography, Elliptic-Curve Diffie-Hellman, and (arguably) isogeny cryptography.<br><br>Instead, I’m going to focus entirely on elliptic curve digital signature algorithms. A cartoon wild canid on the Internet provides general guidance on elliptic curve cryptography parameter choices. https://soatok.blog/2022/05/19/guidance-for-choosing-an-elliptic-curve-signature-algorithm-in-2022/ Post Assorted 2022-05-19

127
_posts/web-standards/identity-foundation-DIF/2020-11-22-keri.md
View File

@ -1,10 +1,12 @@
---
date: 2020-11-22
name: KERI
layout: standards
headings: ["Main","About","Organization","Development","Presentations","Literature; Self-Certifying Identifiers","Literature; Autonomic Identifiers","Literature; Certificate Transparency","Assorted"]
title: KERI - Key Event Receipt Infrastructure
description: The first truly fully decentralized identity system.
excerpt: >
An identity system based secure overlay for the Internet is presented. This includes a primary root-of-trust in self-certifying identifiers. It presents a formalism for Autonomic Identifiers (AIDs) and Autonomic Namespaces (ANs). They are part of an Autonomic Identity System (AIS). This system uses the design principle of minimally sufficient means to provide a candidate trust spanning layer for the internet. Associated with this system is a decentralized key management infrastructure (DKMI).
layout: single
permalink: organizations/identity-foundation/keri/
canonical_url: 'https://decentralized-id.com/organizations/identity-foundation/keri/'
categories: ["Web Standards"]
@ -12,127 +14,6 @@ tags: ["DIF","KERI","DKMI","DID","RWoT"]
header:
image: /images/keri-header.webp
teaser: /images/keri-teaser.webp
last_modified_at: 2020-11-22
last_modified_at: 2023-06-03
---
[Website](https://keri.one) - [Resources](https://keri.one/keri-resources/) - [GitHub](https://github.com/decentralized-identity/keri) - [Identifiers & Discovery WG](https://identity.foundation/working-groups/identifiers-discovery.html)
* [KEY EVENT RECEIPT INFRASTRUCTURE (KERI) DESIGN](https://raw.githubusercontent.com/SmithSamuelM/Papers/master/whitepapers/KERI_WP_2.x.web.pdf) Samuel M. Smith Ph.D. v2.54 2020/10/22, v1.60 2019/07/03 [[arXiv](https://arxiv.org/abs/1907.02143)]
> An identity system based secure overlay for the Internet is presented. This includes a primary root-of-trust in self-certifying identifiers. It presents a formalism for Autonomic Identifiers (AIDs) and Autonomic Namespaces (ANs). They are part of an Autonomic Identity System (AIS). This system uses the design principle of minimally sufficient means to provide a candidate trust spanning layer for the internet. Associated with this system is a decentralized key management infrastructure (DKMI). The primary root-of-trust are self-certifying identifiers that are strongly bound at issuance to a cryptographic signing (public, private) key-pair. These are self-contained until/unless control needs to be transferred to a new key-pair. In that event an append only chained key-event log of signed transfer statements provides end verifiable control provenance. This makes intervening operational infrastructure replaceable because the event logs may be therefore be served up by ambient infrastructure. End verifiable logs on ambient infrastructure enables ambient verifiability (verifiable by anyone, anywhere, at anytime). The primary key management operation is key rotation (transference) via a novel key pre-rotation scheme. Two primary trust modalities motivated the design, these are a direct (one-to-one) mode and an indirect (one-to-any) mode. In the direct mode, the identity controller establishes control via verified signatures of the controlling key-pair. The indirect mode extends that trust basis with witnessed key event receipt logs (KERLs) for validating events. The security and accountability guarantees of indirect mode are provided by KERIs Agreement Algorithm for Control Establishment (KACE) among a set of witnesses.
* [Decentralized key management](https://raw.githubusercontent.com/SmithSamuelM/Papers/master/whitepapers/10-ssi-key-management.pdf) Sam Smith (Manning)
> ● Why any form of digital key management is hard\
> ● Standardsand best practices for conventional key management\
> ● The starting point for key management architectures: roots-of-trust\
> ● The special challenges of decentralizedkey management\
> ● The new tools that verifiable credentials (VCs), decentralized identifiers (DIDs), and self-sovereign identity (SSI) bring to decentralized key management\
> ● Key management for ledger-based DID methods\
> ● Key management for peer-based DID methods\
> ● Fully autonomous decentralized key management with Key Event Receipt Infrastructure (KERI)
* [UNIVERSAL IDENTIFIER THEORY](https://raw.githubusercontent.com/SmithSamuelM/Papers/master/whitepapers/IdentifierTheory_web.pdf)
> Abstract—A universal theory for identifiers is presented. This theory is based on a unified model of identifiers that include cryptographic autonomic identifiers (AIDs) and legitimized (authorized) human meaningful identifiers (LIDs). This model provides truly decentralized trust bases each derived from the cryptographic root-of-trust of a given AID. An AID is based on a self-certifying identifier (SCID) prefix. Self certifying identifiers are not human meaningful but have strong cryptographic properties. The associated self-certifying trust basis gives rise to a trust do- main for associated cryptographically verifiable non-repudiable statements. Every other type of identifier including human meaningful identifiers may then be secured in this resultant trust do- main via an end-verifiable authorization. This authorization legitimizes that human meaningful identifier as an LID though its association with an AID. The result is a secured trust domain specific identifier couplet of aid\|lid. AIDs are provided by the open standard key event receipt infrastructure (KERI). This unified model provides a systematic methodology for the design and implementation of secure decentralized identifier systems that underpin decentralized trust bases and their associated ecosystems of interactions.
* [Key Event Receipt Infrastructure (KERI): A secure identifier overlay for the internet Sam Smith Webinar 58](https://ssimeetup.org/key-event-receipt-infrastructure-keri-secure-identifier-overlay-internet-sam-smith-webinar-58/) SSI-Meetup
{% include video id="izNZ20XSXR0" provider="youtube" %}
## Presentations
* [KERI Overview](https://raw.githubusercontent.com/SmithSamuelM/Papers/master/presentations/KERI2_Overview.web.pdf) Key Event Receipt Infrastructure Samuel M. Smith Ph.D. sam@keri.one https://keri.oneversion 2.54 2020/10/22
> **Separation of Control**\
> Shared (permissioned) ledger = shared control over shared data.
> * Shared data = good, shared control = bad.
> * Shared control between controller and validator may be problematic for governance, scalability, and performance.\
> KERI = separated control over shared data.
> * Separated control between controller and validator may provide better decentralization, more flexibility, better scalability, lower cost, higher performance, and more privacy at comparable security.
* [The Duplicity Game: or why you can trust KERI](https://raw.githubusercontent.com/SmithSamuelM/Papers/master/presentations/DuplicityGame_IIW_2020_A.pdf)
> **Inconsistency vs. Duplicity**
> - inconsistency: lacking agreement, as two or more things in relation to each other
> - duplicity: acting in two different ways to different people concerning the same matter
> **Internal vs. External Inconsistency**
> - Internally inconsistent log = not verifiable.
> - Log verification from self-certifying root-of-trust protects against internal inconsistency.
> - Externally inconsistent log with a purported copy of log but both verifiable = duplicitous.
> - Duplicity detection protects against external inconsistency.
* [Key Event Receipt Infrastructure (KERI) Model for a Universal DKMI](https://raw.githubusercontent.com/SmithSamuelM/Papers/master/presentations/KERI_Overview.pdf) - December 2019
> **KERI Nomenclature**
> * **self-certifying identifier**: includes public key
> * **digital signature**: unique non-repudiable (cypher suite known)
> * **digest**: collision resistant hash of content
> * **signed digest**: commitment to content
> * **controller**: controlling entity of identifier
> * **message**: serialized data structure event: actionable message
> * **key event**: key management operation
> * **inception event**: unique self-signed event that creates identifier and controlling key(s)
> * **rotation event**: self-signed uniquely ordered event from a sequence that changes the set of controlling keys
> * **verifier**: cryptographically verifies signature(s) on an event message.
> * **witness**: entity that may receive, verify, and store key events for an identifier. Each witness controls its own identifier used to sign key event messages, controller is a special case of witness.
> * **receipt**: event message or reference with one or more witness signatures
> * **key event log**: ordered record of all self-signed key event messages key event
> * **receipt log**: ordered record of all key event receipts for a given set of witnesses
> * **validator**: determines current authoritative key set for identifier from at least one key event (receipt) log.
> * **judge**: determines current authoritative key set for identifier from the key event receipt logs from a set of witnesses.
> * **pre-rotation**: commitment to next rotated key set in previous rotation or inception event
* [KERI for Muggles IIW #31 Day 1 - Session #220 October 2020](https://raw.githubusercontent.com/SmithSamuelM/Papers/master/presentations/KERI_for_Muggles.pdf)
> KERI is a new approach to decentralized identifiers and decentralized key management that promises significant benefits for SSI (self-sovereign identity) and ToIP (Trust over IP) infrastructure
* [Verifiable Trust Bases](https://raw.githubusercontent.com/SmithSamuelM/Papers/master/presentations/KERIVerifiableTrustBases.web.pdf) Samuel M. Smith Ph.D. sam@keri.one https://keri.one version 2.53 2020/10/20 - Renewing the Web of Trust
> * KERI enables cryptographic proof-of-control-authority (provenance) for each identifier.
> * A proof is in the form of an identifiers key event receipt log (KERL).
> * KERLs are *End Verifiable*:
> * End user alone may verify. Zero trust in intervening infrastructure.
> * KERLs may be *Ambient Verifiable*:
> * Anyone may verify anylog, anywhere, at anytime.
> * KERI = self-cert root-of-trust + certificate transparency + KA2CE + recoverable + post-quantum.
## GitHub
- [decentralized-identity/keri](https://github.com/decentralized-identity/keri) - Key Event Receipt Infrastructure - the spec and implementation of the KERI protocol
- [KERI Whitepaper](https://raw.githubusercontent.com/decentralized-identity/keri/master/kids/KERI_WP.pdf)
- [Implementation Notes for KERI](https://github.com/decentralized-identity/keri/blob/master/implementation.md) [[HackMD](https://hackmd.io/orhyiJkLT721v4PCPkvQiA?both)]
> The interpretation of the data associated with the digest or hash tree root in the seal is independent of KERI. This allows KERI to be agnostic about anchored data semantics. Another way of saying this is that seals are data agnostic; they dont care about the semantics of its associated data. This better preserves privacy because the seal itself does not leak any information about the purpose or specific content of the associated data. Furthermore, because digests are a type of content address, they are self-discoverable. This means there is no need to provide any sort of context or content specific tag or label for the digests. Applications that use KERI may provide discovery of a digest via a hash table (mapping) whose indexes (hash keys) are the digests and the values in the table are the location of the digest in a specific event. To restate, the semantics of the digested data are not needed for discovery of the digest within a key event sequence.
- [decentralized-identity/keriox](https://github.com/decentralized-identity/keriox) - Rust Implementation of the KERI Core Library
- [decentralized-identity/keripy](https://github.com/decentralized-identity/keripy) - Python Implementation of the KERI Core Libraries
- [decentralized-identity/kerigo](https://github.com/decentralized-identity/kerigo) - Go implementation of KERI (Key Event Receipt Infrastructure)
- [decentralized-identity/kerijs](https://github.com/decentralized-identity/kerijs) - JavaScript (nodes) Implementation of the KERI core library.
## Background
* [Resources](https://keri.one/keri-resources/)
- [SmithSamuelM/Papers](https://github.com/SmithSamuelM/Papers/)
* [Whitepapers](https://github.com/SmithSamuelM/Papers/tree/master/whitepapers)
* [Presentations](https://github.com/SmithSamuelM/Papers/tree/master/presentations)
**Self-Certifying Identifiers**
* Girault, M., “[Self-certifiepublic keys](https://link.springer.com/content/pdf/11007%2F3-540-46416-6_42.pdf),” EUROCRYPT 1991: Advances in Cryptology, pp. 490-497, 1991
* Kaminsky, M. and Banks, E., “[SFS-HTTP: Securing the Web with Self-Certifying URLs](https://pdos.csail.mit.edu/~kaminsky/sfs-http.ps),” MIT, 1999
* Mazieres, D. and Kaashoek, M. F., “[Escaping the Evils of Centralized Control with self-certifying pathnames](http://www.sigops.org/ew-history/1998/papers/mazieres.ps),” MIT Laboratory for Computer Science, 2000
* Mazieres, D., “[Self-certifying File System](https://pdos.csail.mit.edu/~ericp/doc/sfs-thesis.ps),” MIT Ph.D. Dissertation, 2000/06/01
* TCG, “[Implicit Identity Based Device Attestation](https://trustedcomputinggroup.org/wp-content/uploads/TCG-DICE-Arch-Implicit-Identity-Based-Device-Attestation-v1-rev93.pdf),” Trusted Computing Group, vol. Version 1.0, 2018/03/05
**Autonomic Identifiers**
Smith, S. M., “[Open Reputation Framework](https://github.com/SmithSamuelM/Paperblob/master/whitepapers/open-reputation-low-level-whitepaper.pdf),” vol. Version 1.2, 2015/05/13
Smith, S. M. and Khovratovich, D., “[Identity System Essentials](https://github.com/SmithSamuelM/Papers/blob/master/whitepapers/Identity-System-Essentials.pdf),” 2016/03/29
* Smith, S. M., “[Decentralized Autonomic Data (DAD) and the three Rs of Key Management](https://github.com/SmithSamuelM/Papers/blob/master/whitepapers/DecentralizedAutonomicData.pdf),” Rebooting the Web of Trust RWOT 6, Spring 2018
* Smith, S. M., “[Key Event Receipt Infrastructure (KERI) Design and Build](https://arxiv.org/abs/1907.02143),” arXiv, 2019/07/03
* Conway, S., Hughes, A., Ma, M. et al., “[A DID for Everything](https://github.com/SmithSamuelM/Papers/blob/master/whitepapers/A_DID_for_everything.pdf),” Rebooting the Web of Trust RWOT 7, 2018/09/26
* Stocker, C., Smith, S. and Caballero, J., “[Quantum Secure DIDs](https://github.com/WebOfTrustInfo/rwot10-buenosaires/blob/master/final-documents/quantum-secure-dids.pdf),” RWOT10, 2020/07/09
**Certificate Transparency**
Laurie, B., “[Certificate Transparency: Public, verifiable, append-only log(https://queue.acm.org/detail.cfm?id=2668154),” ACMQueue, vol. Vol 12, Issue 9, 2014/09/08
* Google, “[Certificate Transparency](http://www.certificate-transparency.org/home),”
* Laurie, B. and Kasper, E., “[Revocation Transparency](https://www.links.org/files/RevocationTransparency.pdf),”
### Related
* [W3C DID Security Concerns](https://github.com/SmithSamuelM/Papers/blob/master/presentations/W3C_DID_Security_Concerns.pdf) 2020/01/14
> **Certificate Transparency Solution**
> - Public end-verifiable append-only event log with consistency and inclusion proofs
> - End-verifiable duplicity detection = ambient verifiability of duplicity
> - Event log is third party infrastructure but it is not trusted because logs are verifiable.
> - Sparse Merkle trees for revocation of certificates
> - (related EFF SSL Observatory)
**Non Conformist Innovation Summit Closing Keynote #2 - Sam Smith**
The Economics of Its & Bits - Digital Identity - Freedom Privacy Control Security
{% include video id="L82O9nqHjRE" provider="youtube" %}