organize info

This commit is contained in:
⧉ infominer 2023-05-31 22:36:44 +05:30
parent cf9a6cd556
commit 80ae0a5a0f
22 changed files with 1273 additions and 1357 deletions

View File

@ -222,6 +222,12 @@ Self-sovereign objects are are self-executing and self-owning; capable of determ
* [Tru.net](https://www.tru.net/) is live and ready for communities/users
> If you are looking for an alternative to Facebook that uses DIDs as its foundation and other protocols that are free to use ([JLINC](https://www.jlinc.com/) Kaliya highly recommend Tru.net
### Trustbloc
* [DIDComm for KYC](https://www.youtube.com/watch?v=PWrZxRbCG88) Trustbloc
Demonstrates a financial "KYC" identity proofing using TrustBloc DIDComm capabilities. Stored credentials and real-time attestations can be authorized in a single flow.
### IDPro

View File

@ -22,6 +22,9 @@ Digital identification is the focus of two new reports by the European Union Age
* [Digital Identity: Leveraging the SSI Concept to Build Trust](https://www.enisa.europa.eu/publications/digital-identity-leveraging-the-ssi-concept-to-build-trust)
This report explores the potential of self-sovereign identity (SSI) technologies to ensure secure electronic identification and authentication to access cross-border online services offered by Member States under the eIDAS Regulation. It critically assesses the current literature and reports on the current technological landscape of SSI and existing eID solutions, as well as the standards, communities, and pilot projects that are presently developing in support of these solutions.
* [Self-Sovereign Identity as a Service: Architecture in Practice](https://arxiv.org/pdf/2205.08314.pdf) Yepeng Ding, Hiroyuki Sato, University of Tokyo
We propose a practical architecture by elaborating the service concept, SSI, and DLT to implement SSIaaS platforms and SSI services. Besides, we present an architecture for constructing and customizing SSI services with a set of architectural patterns and provide corresponding evaluations. Furthermore, we demonstrate the feasibility of our proposed architecture in practice with Selfid, an SSIaaS platform based on our proposed architecture.
## Research Papers

View File

@ -8,9 +8,7 @@ https://github.com/cosmos/ibc/
- aggregate well-known-did-1-of-a 1 of a (intermediate)
- aggregate did-spec-registries-1-of-a Signature Implementations 1 of many (intermediate)
- aggregate did-spec-registries-1-of-b did-method 1 of many (intermediate)
- web-idl [Web Interface Definition Language](https://heycam.github.io/webidl) (non-core)
- MATTR bbs-signatures-spec [BBS+ Signature Scheme](https://mattrglobal.github.io/bbs-signatures-spec) (core)
- rdf-dataset-normalization [RDF Dataset Normalization](https://json-ld.github.io/normalization/spec) (non-core)
### W3C
@ -34,48 +32,6 @@ Verifiable Credential
JSON-LD
- [Complementary] JSON-LD ✓ (W3C)
- [W3C] did-core [Decentralized Identifiers (DIDs) V1.0](https://www.w3.org/TR/did-core/) (core)
- [W3C] did-spec-registries [DID Specification Registries](https://w3c.github.io/did-spec-registries) (core)
- [W3C] security-vocab [The Security Vocabulary](https://w3c-ccg.github.io/security-vocab) (core)
- [W3C] Ed25519-signature-2018 [Ed25519 Signature 2018](https://w3c-ccg.github.io/lds-ed25519-2018) (core)
- [W3C] EcdsaSecp256k1-signature-2019 [Ecdsa Secp256k1 Signature 2019](https://w3c-ccg.github.io/lds-ecdsa-secp256k1-2019) (core)
- [W3C] RSA-signaturesuite-2018 [RSA Signature Suite 2018](https://w3c-ccg.github.io/lds-rsa2018) (core)
- [W3C] did-resolution [Decentralized Identifier Resolution](https://w3c-ccg.github.io/did-resolution) (core)
- [W3C] did-method-key [The did:key Method](https://w3c-ccg.github.io/did-method-key) (non-core)
- [W3C]|DIF did-method-peer [Peer DID Method Specification](https://identity.foundation/peer-did-method-spec) (non-core)
- [W3C]|Sovrin did-method-sovrin [Sovrin DID Method Specification](https://sovrin-foundation.github.io/sovrin/spec/did-method-spec-template.html) (non-core)
- [W3C] did-method-web [did:web Method Specification](https://w3c-ccg.github.io/did-method-web) (non-core)
- [W3C] JSON-LD [A JSON-based Serialization for Linked Data](https://www.w3.org/TR/json-ld11) (non-core)
- [W3C] XSD-Part2-Datatypes [XML XSD<53> Part 2: Datatypes](https://www.w3.org/TR/xmlschema11-2/) (non-core)
- [W3C] vc-data-model [Verifiable Credentials Data Model](https://www.w3.org/TR/vc-data-model) (core)
- [W3C] vc-use-cases [Verifiable Credentials Use Cases](https://www.w3.org/TR/vc-use-cases) (core)
- [W3C] vc-imp-guide [Verifiable Credentials Implementation Guidelines 1.0](https://w3c.github.io/vc-imp-guide) (core)
- [W3C] vc-extension-registry [Verifiable Credentials Extension Registry](https://w3c-ccg.github.io/vc-extension-registry) (core)
- [W3C] vc-status-rl-2020 [Revocation List 2020](https://w3c-ccg.github.io/vc-status-rl-2020/) (core)
- [W3C] vc-json-schemas [Verifiable CRedentials JSON Schema Spec](https://w3c-ccg.github.io/vc-json-schemas) (core)
- [W3C] vp-request-spec [Verifiable Presentation Request Specification](https://w3c-ccg.github.io/vp-request-spec) (core)
- [W3C] CHAPI [Credential Handler API](https://w3c-ccg.github.io/credential-handler-api) (core)
- [W3C] credential-management [Credential Management Level 1](https://www.w3.org/TR/credential-management-1) (non-core)
- [W3C] secure-contexts [Secure Contexts](https://www.w3.org/TR/secure-contexts) (non-core)
- [W3C] service-workers-1 [Service Workers 1](https://www.w3.org/TR/service-workers-1) (non-core)
- [W3C] ldp-bbs2020 [BBS+ Signatures 2020](https://w3c-ccg.github.io/ldp-bbs2020) (core)
- [W3C] ld-proofs [Linked Data Proofs](https://w3c-ccg.github.io/ld-proofs) (core)
- [W3C] ld-cryptosuite-registry [Linked Data Cryptographic Suite Registry](https://w3c-ccg.github.io/ld-cryptosuite-registry) (core)
### Data Privacy Vocab
* [https://kantarainitiative.org/confluence/collector/pages.action?key=WA&src=sidebar-pages](https://kantarainitiative.org/confluence/collector/pages.action?key=WA&src=sidebar-pages)
W3C Data Privacy Vocabulary Control
* [https://dpvcg.github.io/dpv/#Representative](https://dpvcg.github.io/dpv/#Representative)
* [Primer] [Data Privacy Vocabulary (DPV)](https://w3c.github.io/dpv/primer/#core-taxonomy) w3c
Call for Comments/Feedbacks for DPV v1.0 release
Please provide your comments by 15-OCT-2022 via [GitHub](https://github.com/w3c/dpv/issues/50) or [public-dpvcg@w3.org](https://lists.w3.org/Archives/Public/public-dpvcg/) (mailing list).
### Credentials Community Group
- [Exchange] CHAPI ✓ (CCG)
@ -89,24 +45,6 @@ Please provide your comments by 15-OCT-2022 via [GitHub](https://github.com/w3c/
- [Authorization] OAuth ✓ (IETF)
- [ID-Non-SSI] OAuth (IETF)
- [ID-Non-SSI] SCIM (IETF)
- [DIF] well-known-did [Well Known DID Configuration](https://identity.foundation/.well-known/resources/did-configuration) (core)
- [DIF] presentation-exchange [Presentation Exchange](https://identity.foundation/presentation-exchange) (core)
- [DIF] didcomm-messaging [DidComm Messaging](https://identity.foundation/didcomm-messaging/spec) (core)
- [DIF] did-comm-messaging-guide [DIDComm Messaging Implementer's Guide](https://identity.foundation/didcomm-messaging/guide) (core)
- [DIF] EcdsaSecp256k1-recoverysignature-2020 [EcdsaSecp256k1RecoverySignature2020](https://identity.foundation/EcdsaSecp256k1RecoverySignature2020) (core)
- [IETF] multibase [Multibase Data Format](https://datatracker.ietf.org/doc/html/draft-multiformats-multibase-03) (non-core)
- [IETF] JWK [JSON Web Key](https://tools.ietf.org/html/rfc7517) (non-core)
- [IETF] Timestamps [Date and Time on the Internet: Timestamps](https://tools.ietf.org/html/rfc3339) (non-core)
- [IETF] JWT [JSON Web Token](https://tools.ietf.org/html/rfc7519) (non-core)
- [IETF] JWS [JSON Web Signtaures](https://tools.ietf.org/html/rfc7515) (non-core)
- [IETF] hashlinks [Cryptograohic Hyperlinks](https://tools.ietf.org/html/draft-sporny-hashlink-06) (non-core)
- [IETF] Token Binding [Token Binding Protocol](https://tools.ietf.org/html/rfc8471) (non-core)
- [IETF] ZLIB [ZLIB Compressed Data Format Spec v3.3](https://tools.ietf.org/html/rfc1950) (non-core)
- [IETF] Base 64 [Base16, Base32, Base 64 Data Encodings](https://tools.ietf.org/html/rfc4648) (non-core)
- [IETF] JWM [JSON Web Message](https://tools.ietf.org/id/draft-looker-jwm-01.html) (non-core)
- [IETF] JWA [JSON Web Algorithms](https://tools.ietf.org/html/rfc7518) (non-core)
- [IETF] JWS-unencoded-payload [JSON Web Signature (JWS) Unencoded Payload Option](https://tools.ietf.org/html/rfc7797) (non-core)
- [IETF] jwk-thumbprint [JSON Web Key (JWK) Thumbprint](https://tools.ietf.org/html/rfc7638) (non-core)
### OASIS
@ -114,10 +52,6 @@ Please provide your comments by 15-OCT-2022 via [GitHub](https://github.com/w3c/
- [ID-Non-SSI] KMIP (OASIS)
- [ID-Non-SSI] Secure QR Code (OASIS)
### ITU-T
- [ITU-T SG17 - Kantara initiative and ITU-T SG 17](https://www.itu.int/en/ITU-T/studygroups/2017-2020/17/Pages/default.aspx)
### ISO/IEC
- mDL 18013-5 ✓ (ISO)
- 22030 ?
@ -131,14 +65,6 @@ Please provide your comments by 15-OCT-2022 via [GitHub](https://github.com/w3c/
- [Exchange] mDL ✓ (ISO)
- [Blockchain] ISOTC 307 ✓ (ISO)
### DIACC
- [TrustFramework] [DIACC](https://diacc.ca/trust-framework/)
### NIST
- [TrustFramework] 800-63-3 ([NIST](https://pages.nist.gov/800-63-3/))
### CEN/CENTLIC
- [Blockchain] CEN/CENTLIC ✓ (CEN)
- [Blockchain] ERC 725 (ERC-EIP)
@ -146,5 +72,3 @@ Please provide your comments by 15-OCT-2022 via [GitHub](https://github.com/w3c/
### FIDO
- [ID-Non-SSI] FIDO (FIDO)
### NGI
- [TrustRegistry] TRAIN ([NGI](https://www.ngi.eu/funded_solution/essi_ioc_38/))

View File

@ -5,6 +5,18 @@
- CEN/CENTLIC
- ERC 725
+++- ISO/TC 307 “Blockchain and distributed ledger technologies” https://www.iso.org/committee/6266604.html
- [ISO/TC 307 “Blockchain and distributed ledger technologies”](https://www.iso.org/committee/6266604.html)
- [CEN/CENELEC JTC 19 “Blockchain and Distributed Ledger Technologies”](https://standards.iteh.ai/catalog/tc/cen/d96ab6b7-aac8-49e9-9ac5-b391bbd2abdc/cen-clc-jtc-19)
+++- CEN/CENELEC JTC 19 “Blockchain and Distributed Ledger Technologies” https://standards.iteh.ai/catalog/tc/cen/d96ab6b7-aac8-49e9-9ac5-b391bbd2abdc/cen-clc-jtc-19
ERC: Proxy Account #725 Standardizing a minimal interface for a smart contract based account allows any interface to operate through these account types.
ERC: Key Manager #734 The following describes standard functions for a key manager to be used in conjunction with ERC725.<br>This contract can hold keys to sign actions (transactions, documents, logins, access, etc), as well as execute instructions through an ERC 725 proxy account. https://github.com/ethereum/EIPs/issues/725
ERC-4337: Account Abstraction Using Alt Mempool An account abstraction proposal which completely avoids consensus-layer protocol changes, instead relying on higher-layer infrastructure. https://eips.ethereum.org/EIPS/eip-4337
https://github.com/ChainAgnostic/CASA
https://www.gov.ca.gov/2022/05/04/governor-newsom-signs-blockchain-executive-order-to-spur-responsible-web3-innovation-grow-jobs-and-protect-consumers/
Global Standards Mapping Initiative (GSMI) Comprehensive resources and recommendations for the blockchain ecosystem to navigate the complexities of the global digital asset landscape, across 6 key areas:<br>- Legislation and Regulatory Development<br>- <br>- Taxonom<br>- <br>- Technical Standard<br>- <br>- Blockchain and Digital Assets Landscap<br>- <br>- University Courses and Degree Program<br>- <br>- Fact Cards on Key Themes https://gbbcouncil.org/gsmi/
GLOBAL STANDARDS MAPPING INITIATIVE 2.0 The Global Standards Mapping Initiative (GSMI) is an industry-led effort to map and assess the blockchain and digital asset landscape across five key areas:<br>1) legislation and regulatory guidance<br>2) technical standards<br>3) industry standards and recommendations<br>4) university courses and degree programs<br>5) industry consortia https://gbbcouncil.org/wp-content/uploads/2021/11/GBBC-GSMI-2.0-Report-1.pdf NOVEMBER 2021

View File

@ -1,26 +1,39 @@
# ISO
## Contents
- mDL 18013-5
- 22030
- Working Group 3 - Travel Documents
### Working Group 3 - Travel Documents
## links
https://www.icao.int/Security/FAL/TRIP/PublishingImages/Pages/Publications/Guiding%20core%20principles%20for%20the%20development%20of%20a%20Digital%20Travel%20Credential%20%20%28DTC%29.PDF
* [WAYF certificeret efter ISO 27001](https://www.wayf.dk/en/node/317)
https://www.icao.int/Meetings/TRIP-Symposium-2021/PublishingImages/Pages/Presentations/Digital%20Travel%20Credential%20(DTC)%20Policy%20and%20Guiding%20Principles.pdf ISO SC17/WG3/TF5
WAYF has now been certified according to the standard for information security ISO 27001. This is the result of the audit that DNV conducted at WAYF on 23 September 2021. Language Danish Read more about WAYF certified according to ISO 27001
* [What Is ISO 27001:2013? A Guide for Businesses](https://auth0.com/blog/what-is-iso-27001-2013-a-guide-for-businesses/)
> ISO 27001 is also the cornerstone of a growing international consensus about data security best practices. Australia based its federal Digital Security Policy on ISO 27001. Likewise, ISO 27001 can provide guidance on how to meet the standards of other data privacy laws, such as the GDPR, which often direct companies to it as an example of universal best practices. So if you abide by ISO 27001s recommendations, youre on the right track for legal compliance, not to mention improved data security.
Distribution of ISO/IEC JTC1/SC 17 MRTD TEST STANDARDS FREE OF CHARGE https://www.icao.int/Meetings/TAG-MRTD/TagMrtd22/TAG-MRTD-22_WP10.pdf
* [ISO/IEC 18013-5 vs Self-Sovereign Identity: A proposal for an mDL Verifiable Credential](https://www.procivis.ch/post/iso-iec-18013-5-vs-self-sovereign-identity-a-proposal-for-an-mdl-verifiable-credential) Procivis
ISO/IEC 7501-1:2008 Identification cards — Machine readable travel documents — Part 1: Machine readable passport https://standards.iso.org/ittf/PubliclyAvailableStandards/c045562_ISO_IEC_7501-1_2008.zip ISO/IEC JTC 1/SC 17
ISO/IEC 7501-2:1997 2nd Identification cards — Machine readable travel documents — Part 2: Machine readable visa https://standards.iso.org/ittf/PubliclyAvailableStandards/s029074_ISO_IEC_7501-2_1997(E).zip ISO/IEC JTC 1/SC 17
ISO/IEC 7501-3:2005
EN 2nd Identification cards — Machine readable travel documents — Part 3: Machine readable official travel documents https://standards.iso.org/ittf/PubliclyAvailableStandards/c042771_ISO_IEC_7501-3_2005.zip ISO/IEC JTC 1/SC 17
in the context of government identity programs we see it as useful to compare them on the following parameters background, credential data model & trust anchor and transmission protocols.
### mDL 18013-5
ISO/IEC 18013-5:2021 This document establishes interface specifications for the implementation of a driving licence in association with a mobile device. This document specifies the interface between the mDL and mDL reader and the interface between the mDL reader and the issuing authority infrastructure. This document also enables parties other than the issuing authority (e.g. other issuing authorities, or mDL verifiers in other countries) to:<br>- use a machine to obtain the mDL data;<br><br>- tie the mDL to the mDL holder;<br><br>- authenticate the origin of the mDL data;<br><br>- verify the integrity of the mDL data.<br>The following items are out of scope for this document:<br><br>- how mDL holder consent to share data is obtained;<br><br>- requirements on storage of mDL data and mDL private keys. Personal identification — ISO-compliant driving licence — Part 5: Mobile driving licence (mDL) application https://www.iso.org/standard/69084.html
* [Verifiable Driver's Licenses and ISO-18013-5 (mDL)](https://lists.w3.org/Archives/Public/public-credentials/2021Nov/0105.html) Manu Sporny (Monday, 29 November)
> Spruce, MATTR, and Digital Bazaar have collaborated on creating an interoperability test suite for something we're calling the "Verifiable Driver's License" (temporary name):
* [ISO/IEC 29100:2011 - Information technology — Security techniques — Privacy framework](https://www.iso.org/standard/45123.html)
* [What Is ISO 27018:2019? Everything Executives Need to Know](https://auth0.com/blog/what-is-iso-27018-2019-everything-executives-need-to-know/)
> ISO 27018 is part of the ISO 27000 family of standards, which define best practices for information security management. ISO 27018 adds new guidelines, enhancements, and security controls to the ISO/IEC 27001 and ISO/IEC 27002 standards, which help cloud service providers better manage the data security risks unique to PII in cloud computing.
++++ ISO/IEC 18013-5 vs Self-Sovereign Identity: A proposal for an mDL Verifiable Credential in the context of government identity programs we see it as useful to compare them on the following parameters background, credential data model & trust anchor and transmission protocols. https://www.procivis.ch/post/iso-iec-18013-5-vs-self-sovereign-identity-a-proposal-for-an-mdl-verifiable-credential
Procivis
Where can the W3C VCs meet the ISO 180135 mDL? Thanks to the sponsorship of Spruce and the support of many who are working on and/or following the W3C Verifiable Credentials (VCs) and ISO 180135 mDL, we have had the pleasure of conducting a community engagement project (Phase 1) in the past two months to find out where the two standards can meet. By “meet,” we mean finding common ground and alignment so that the two standards can be compatible to the fullest extent for the market to understand their respective unique values, for implementers to build on them with ease, and for users to manage credentials based on them with a good experience. https://medium.com/@identitywoman-in-business/where-can-the-w3c-vcs-meet-the-iso-18013-5-mdl-b2d450bb19f8
### ISO 27001
+++> What Is ISO 27001:2013? A Guide for Businesses https://auth0.com/blog/what-is-iso-27001-2013-a-guide-for-businesses/ ISO 27001 is also the cornerstone of a growing international consensus about data security best practices. Australia based its federal Digital Security Policy on ISO 27001. Likewise, ISO 27001 can provide guidance on how to meet the standards of other data privacy laws, such as the GDPR, which often direct companies to it as an example of universal best practices. So if you abide by ISO 27001s recommendations, youre on the right track for legal compliance, not to mention improved data security.
++++ WAYF certificeret efter ISO 27001 WAYF has now been certified according to the standard for information security ISO 27001. This is the result of the audit that DNV conducted at WAYF on 23 September 2021. Language Danish Read more about WAYF certified according to ISO 27001 https://www.wayf.dk/en/node/317
+++> What Is ISO 27018:2019? Everything Executives Need to Know ISO 27018 is part of the ISO 27000 family of standards, which define best practices for information security management. ISO 27018 adds new guidelines, enhancements, and security controls to the ISO/IEC 27001 and ISO/IEC 27002 standards, which help cloud service providers better manage the data security risks unique to PII in cloud computing. https://auth0.com/blog/what-is-iso-27018-2019-everything-executives-need-to-know/
### ISO/IEC 29100
++++ ISO/IEC 29100:2011 - Information technology — Security techniques — Privacy framework https://www.iso.org/standard/45123.html
AAMVA Mobile Driver License The mobile driver's license (mDL) is the future of licensing and proof of identity. An mDL is a driver's license that is provisioned to a mobile device with the capability to be updated in real time. It is comprised of the same data elements that are used to produce a physical driver's license, however, the data is transmitted electronically to a relying party's reader device and authenticated. The mDL is a significant improvement over physical credentials which can easily be lost or stolen, become broken or damaged, contain outdated information, offer too much information (including personally identifiable information), and can more easily be replicated by counterfeiters. The mDL offers safe, secure, and trustable technologies that allow for completely touchless transactions, selective information release, data protection, and so much more. https://www.aamva.org/topics/mobile-driver-license

View File

@ -2,22 +2,30 @@
## Contents
- OpenID
- FIDO
- OAuth
- SCIM
- SAML
- KMIP
- Secure QR Code
* OpenID
* FIDO
* OAuth
* SCIM
* SAML
* KMIP
* Secure QR Code
## OpenID
* [OpenID Foundation Publishes Whitepaper on Open Banking](https://openid.net/2022/03/18/openid-foundation-publishes-whitepaper-on-open-banking/) OpenID
> The paper documents the international movement towards Open Banking, Open Finance, and secure, consent driven access to all user data. It describes the OpenID Foundation and in particular the Financial-Grade API (FAPI) Working Groups experience with Open Banking ecosystems internationally.
* [OpenID Foundation Publishes Whitepaper on Open Banking](https://openid.net/2022/03/18/openid-foundation-publishes-whitepaper-on-open-banking/)
++++ OpenID Foundation Publishes Whitepaper on Open Banking https://openid.net/2022/03/18/openid-foundation-publishes-whitepaper-on-open-banking/ The paper documents the international movement towards Open Banking, Open Finance, and secure, consent driven access to all user data. It describes the OpenID Foundation and in particular the Financial-Grade API (FAPI) Working Groups experience with Open Banking ecosystems internationally. OpenID
++++ OpenID Foundation Publishes Whitepaper on Open Banking https://openid.net/2022/03/18/openid-foundation-publishes-whitepaper-on-open-banking/
The OpenID Foundation is pleased to share its new whitepaper, “[Open Banking, Open Data and Financial-Grade APIs](https://openid.net/wordpress-content/uploads/2022/03/OIDF-Whitepaper_Open-Banking-Open-Data-and-Financial-Grade-APIs_2022-03-16.pdf)”. The paper documents the international movement towards Open Banking, Open Finance, and secure, consent driven access to all user data. It describes the OpenID Foundation and in particular the Financial-Grade API (FAPI) Working Groups experience with Open Banking ecosystems internationally.
* [The 7 Laws of Identity Standards](https://openid.net/2021/04/10/the-7-laws-of-identity-standards/) OpenID
++++ The 7 Laws of Identity Standards https://openid.net/2021/04/10/the-7-laws-of-identity-standards/
OpenID
1. A identity standards adoption is driven by its value of the reliability, repeatability and security of its implementations.
2. A standards value can be measured by the number of instances of certified technical conformance extant in the market.
@ -26,52 +34,54 @@ The OpenID Foundation is pleased to share its new whitepaper, “[Open Banking,
5. When Libraries/Directories/ Registries act as authoritative sources they amplify awareness, extend adoption and promote certification.
6. Certified technical conformance importantly complements legal compliance and together optimize interoperability.
7. Interoperability enhances security, contains costs and drives profitability.
* [Security Event Tokens, Subject Identifiers, and SSE/CAEP/RISC Java implementation](https://domsch.com/IIW32/IIW32-openid-sse-model.pdf) Matt Domsch, VP & Engineering Fellow
> • Security Event Tokens RFC 8417
> • Subject Identifiers Internet Draft RFC
> • Shared Signals & Events OpenID Foundation WG
> • Includes RISC, CAEP, and Oauth event profiles
* [Introducing the Global Assured Identity Network (GAIN) Proof of Concept Community Group](https://openid.net/2022/03/02/introducing-the-global-assured-identity-network-gain-proof-of-concept-community-group/)
> The OpenID Foundation is pleased to announce the launch of the Global Assured Identity Network (GAIN) Proof of Concept Community Group, which aims to test the technical hypotheses underlying the [“GAIN Digital Trust”](https://gainforum.org/GAINWhitePaper.pdf) white paper.
* [2021 OpenID Foundation Board Update](https://openid.net/2021/02/09/2021-openid-foundation-board-update/)
> Nat Sakimura and John Bradley were re-elected to new two-year terms as community member representatives. Nat and Johns well-known technical expertise and global thought leadership ensures continuity across working groups and as the Foundation transitions to new leadership in 2021.
* [OpenID Foundation is Hiring a new Executive Director](https://openid.net/2020/11/17/openid-foundation-executive-director-job-description/)
> The OpenID Foundation is seeking an Executive Director with the experience, skills, strategic vision, and commitment to advancing the Foundations open standards initiatives. This is a unique opportunity to lead a well-respected, member-driven, vendor-neutral, international standardization organization.
* [How GAIN Happens, Slowly Then All at Once](https://openid.net/2022/06/03/how-gain-happens-slowly-then-all-at-once/) OpenID
+++A Security Event Tokens, Subject Identifiers, and SSE/CAEP/RISC Java implementation https://domsch.com/IIW32/IIW32-openid-sse-model.pdf • Security Event Tokens RFC 8417\n$5 Matt Domsch, VP & Engineering Fellow • Subject Identifiers Internet Draft RFC • Shared Signals & Events OpenID Foundation WG • Includes RISC, CAEP, and Oauth event profiles
+++> Introducing the Global Assured Identity Network (GAIN) Proof of Concept Community Group https://openid.net/2022/03/02/introducing-the-global-assured-identity-network-gain-proof-of-concept-community-group/ The OpenID Foundation is pleased to announce the launch of the Global Assured Identity Network (GAIN) Proof of Concept Community Group, which aims to test the technical hypotheses underlying the [“GAIN Digital Trust”](https://gainforum.org/GAINWhitePaper.pdf) white paper.
+++> 2021 OpenID Foundation Board Update https://openid.net/2021/02/09/2021-openid-foundation-board-update/ Nat Sakimura and John Bradley were re-elected to new two-year terms as community member representatives. Nat and Johns well-known technical expertise and global thought leadership ensures continuity across working groups and as the Foundation transitions to new leadership in 2021.
+++> OpenID Foundation is Hiring a new Executive Director https://openid.net/2020/11/17/openid-foundation-executive-director-job-description/ The OpenID Foundation is seeking an Executive Director with the experience, skills, strategic vision, and commitment to advancing the Foundations open standards initiatives. This is a unique opportunity to lead a well-respected, member-driven, vendor-neutral, international standardization organization.
++++ How GAIN Happens, Slowly Then All at Once https://openid.net/2022/06/03/how-gain-happens-slowly-then-all-at-once/
OpenID
GAIN is marked by a cross sector, crowd sourced, open, global due diligence. GAINs self organized participants are actively seeking evidence that disconfirms the GAIN hypothesis.
* [2022 OpenID Foundation Kim Cameron Award Recipients Announced](https://openid.net/2022/04/29/2022-openid-foundation-kim-cameron-award-recipients-announced/)
> This was the first IIW without Kim Cameron. This was a very fitting announcement.
>
> The OpenID Foundation is pleased to announce the first cohort of awardees for inaugural launch of the Kim Cameron Award Program. We first must thank the many well-qualified applicants who presented compelling interest in user-centric identity.
* [Kim Cameron Award Winner Reflects on EIC](https://openid.net/2022/07/05/rachelle-sellung-2022-kim-cameron-award/) Rachelle Sellung
> In a matter of a few days, I heard many inspiring presentations, had many interesting conversations, and met many wonderful people in this field at the Conference. It has already led to multiple conversations of working together regarding future stakeholder research that will hopefully be useful and support the identity community.
* [OpenID Foundation Publishes “Open Banking and Open Data: Ready to Cross Borders?”](https://openid.net/2022/07/29/whitepaper-open-banking-and-open-data/) OpenID
+++> 2022 OpenID Foundation Kim Cameron Award Recipients Announced https://openid.net/2022/04/29/2022-openid-foundation-kim-cameron-award-recipients-announced/ This was the first IIW without Kim Cameron. This was a very fitting announcement. The OpenID Foundation is pleased to announce the first cohort of awardees for inaugural launch of the Kim Cameron Award Program. We first must thank the many well-qualified applicants who presented compelling interest in user-centric identity.
++++ Kim Cameron Award Winner Reflects on EIC https://openid.net/2022/07/05/rachelle-sellung-2022-kim-cameron-award/ In a matter of a few days, I heard many inspiring presentations, had many interesting conversations, and met many wonderful people in this field at the Conference. It has already led to multiple conversations of working together regarding future stakeholder research that will hopefully be useful and support the identity community. Rachelle Sellung
++++ OpenID Foundation Publishes “Open Banking and Open Data: Ready to Cross Borders?” https://openid.net/2022/07/29/whitepaper-open-banking-and-open-data/
OpenID
* [OpenID Foundation Publishes “The Global Open Health Movement: Empowering People and Saving Lives by Unlocking Data” Whitepaper](https://openid.net/2022/07/22/the-global-open-health-movement-empowering-people-and-saving-lives-by-unlocking-data-whitepaper/) OpenID
* [Passing the Torch at the OpenID Foundation](https://self-issued.info/?p=2170) Mike Jones
> Today marks an important milestone in the life of the OpenID Foundation and the worldwide digital identity community. Following [Don Thibeaus decade of exemplary service to the OpenID Foundation as its Executive Director](https://openid.net/2021/02/19/resolution-thanking-don-thibeau-for-his-service/), today we [welcomed Gail Hodges as our new Executive Director](https://openid.net/2021/04/28/welcoming-gail-hodges-as-our-new-executive-director/).
* [Announcing the 2022 OpenID Foundation Individual Community Board Member Election](https://openid.net/2021/12/30/announcing-the-2022-openid-foundation-individual-community-board-member-election/)
++++ Passing the Torch at the OpenID Foundation https://self-issued.info/?p=2170 Today marks an important milestone in the life of the OpenID Foundation and the worldwide digital identity community. Following [Don Thibeaus decade of exemplary service to the OpenID Foundation as its Executive Director](https://openid.net/2021/02/19/resolution-thanking-don-thibeau-for-his-service/), today we [welcomed Gail Hodges as our new Executive Director](https://openid.net/2021/04/28/welcoming-gail-hodges-as-our-new-executive-director/). Mike Jones
++++ Announcing the 2022 OpenID Foundation Individual Community Board Member Election https://openid.net/2021/12/30/announcing-the-2022-openid-foundation-individual-community-board-member-election/
Board participation requires a substantial investment of time and energy. It is a volunteer effort that should not be undertaken lightly. Should you be elected, expect to be called upon to serve both on the board and on its committees. You should have your employers agreement to attend two or more in-person board meetings a year, which are typically collocated with important identity conferences around the world.
* [The OpenID Foundation Welcomes Visa to the Board of Directors](https://openid.net/2021/12/07/the-openid-foundation-welcomes-visa-to-the-board-of-directors/) OpenID
> Visas leadership in global payments and identity services as well as their longstanding commitment to standards will be of great value as we tailor our strategy to this moment.
* [Okta Joins the OpenID Foundation Board to Further Advance Open Identity Standards](https://openid.net/2021/12/10/okta-joins-the-openid-foundation-board-to-further-advance-open-identity-standards/) OpenID
> “OpenID Connect is one of the most adopted identity standards, providing essential functionality to core solutions across the industry,” said Vittorio Bertocci, Principal Architect, Auth0.
* [Registration - OpenID Foundation Virtual Workshop](https://openid.net/2021/03/01/registration-open-for-openid-foundation-virtual-workshop-april-29-2021/) April 29, 2021
> updates on all active OpenID Foundation Working Groups as well the OpenID Certification Program
* [Public Review Period for Second Proposed RISC Profile Implementers Draft](https://openid.net/2022/07/05/public-review-period-for-second-proposed-risc-profile-implementers-draft/)
++++ The OpenID Foundation Welcomes Visa to the Board of Directors https://openid.net/2021/12/07/the-openid-foundation-welcomes-visa-to-the-board-of-directors/ Visas leadership in global payments and identity services as well as their longstanding commitment to standards will be of great value as we tailor our strategy to this moment. OpenID
++++ Okta Joins the OpenID Foundation Board to Further Advance Open Identity Standards https://openid.net/2021/12/10/okta-joins-the-openid-foundation-board-to-further-advance-open-identity-standards/ “OpenID Connect is one of the most adopted identity standards, providing essential functionality to core solutions across the industry,” said Vittorio Bertocci, Principal Architect, Auth0. OpenID
++++ Registration - OpenID Foundation Virtual Workshop https://openid.net/2021/03/01/registration-open-for-openid-foundation-virtual-workshop-april-29-2021/ updates on all active OpenID Foundation Working Groups as well the OpenID Certification Program April 29, 2021
++++ Public Review Period for Second Proposed RISC Profile Implementers Draft https://openid.net/2022/07/05/public-review-period-for-second-proposed-risc-profile-implementers-draft/
This specification defines event types and their contents based on the [SSE Framework](https://openid.net/specs/openid-risc-profile-specification-1_0-02.html#SSE-FRAMEWORK) that are required to implement Risk Incident Sharing and Coordination.
* [Global Assured Identity Network White Paper](https://openid.net/2021/09/20/global-assured-identity-network-white-paper/)
* [Announcing the 2022 OpenID Foundation Kim Cameron Scholarship](https://openid.net/2022/04/08/announcing-the-2022-openid-foundation-kim-cameron-scholarship/) OpenID
> Scholarship recipients will be studying, researching, interning or working in a field relevant to one or more [OpenID Foundation working groups](https://openid.net/wg/) and consistent with Foundations Mission. The scholarship recipients will also be invited to participate in Foundation breakout meetings at the European Identity Conference and Identiverse which will provide exposure to both the Foundations business as well as leading technologists.
* [Security Event Tokens, Subject Identifiers, and SSE/CAEP/RISC Java implementation](https://iiw.idcommons.net/13A/_Security_Event_Tokens,_Subject_Identifiers,_and_SSE/CAEP/RISC_Java_implementation) by Matt Domsch
> Matt presented an overview of the OpenID Foundation Shared Signals and Events Working Group, and his implementation of the object model in an open source Java library at [https://github.com/sailpoint-oss/openid-sse-model/](https://github.com/sailpoint-oss/openid-sse-model/)* [Shared Signal and Events (SSE) working group](https://openid.net/wg/sse/) in the OpenID Foundation.
++++ Global Assured Identity Network White Paper https://openid.net/2021/09/20/global-assured-identity-network-white-paper/
++++ Announcing the 2022 OpenID Foundation Kim Cameron Scholarship https://openid.net/2022/04/08/announcing-the-2022-openid-foundation-kim-cameron-scholarship/ Scholarship recipients will be studying, researching, interning or working in a field relevant to one or more [OpenID Foundation working groups](https://openid.net/wg/) and consistent with Foundations Mission. The scholarship recipients will also be invited to participate in Foundation breakout meetings at the European Identity Conference and Identiverse which will provide exposure to both the Foundations business as well as leading technologists. OpenID
++++ Security Event Tokens, Subject Identifiers, and SSE/CAEP/RISC Java implementation https://iiw.idcommons.net/13A/_Security_Event_Tokens,_Subject_Identifiers,_and_SSE/CAEP/RISC_Java_implementation Matt presented an overview of the OpenID Foundation Shared Signals and Events Working Group, and his implementation of the object model in an open source Java library at [https://github.com/sailpoint-oss/openid-sse-model/](https://github.com/sailpoint-oss/openid-sse-model/)* [Shared Signal and Events (SSE) working group](https://openid.net/wg/sse/) in the OpenID Foundation. Matt Domsch
* [OpenID Connect for Identity Assurance (eKYC & IDA) Enables More than 30 Million Bank Customers to Identify Themselves with Third Parties](https://openid.net/2021/03/03/openid-connect-for-identity-assurance-ekyc-ida-enables-more-than-30m-bank-customers-to-identify-themselves-with-3rd-parties/)
* [EIC Speaker Spotlight: Nat Sakimura](https://www.youtube.com/watch?v=QG_gkZkpJwQ) Introducing Gain • OpenID Foundation
if you look at the the cost structure of the financial industry a lot of cost Is towards anti-money laundering and related activities and that actually is identity problem [...] we should try to solve the use case with a user centricity in mind
## OAuth
@ -86,13 +96,12 @@ This specification defines event types and their contents based on the [SSE Fram
## RDF
## RDF
* [Technical Report on the Universal RDF Dataset Normalization Algorithm](https://lists.w3.org/Archives/Public/public-credentials/2021Apr/att-0032/Mirabolic_Graph_Iso_Report_2020_10_19.pdf) - [Bill Bradley](https://lists.w3.org/Archives/Public/public-credentials/2021Apr/0032.html)
> The goal of this technical report is to review the Universal RDF Dataset Normalization Algorithm (URDNA2015) for correctness and to provide satisfactory evidence that possible issues with URDNA2015 have been considered and dismissed. We do not lay out the algorithm in its considerable technical detail here, but refer the reader to the proposed technical specification 1 [Longley], a set of proofs by Rachel Arnold and Dave Longely [Arnold], and a reference implementation in Python [DigitalBazaar]
++++ Technical Report on the Universal RDF Dataset Normalization Algorithm https://lists.w3.org/Archives/Public/public-credentials/2021Apr/att-0032/Mirabolic_Graph_Iso_Report_2020_10_19.pdf The goal of this technical report is to review the Universal RDF Dataset Normalization Algorithm (URDNA2015) for correctness and to provide satisfactory evidence that possible issues with URDNA2015 have been considered and dismissed. We do not lay out the algorithm in its considerable technical detail here, but refer the reader to the proposed technical specification 1 [Longley], a set of proofs by Rachel Arnold and Dave Longely [Arnold], and a reference implementation in Python [DigitalBazaar] - [Bill Bradley](https://lists.w3.org/Archives/Public/public-credentials/2021Apr/0032.html)
* [Importing Verifiable Data as Labeled Property Graphs](https://lists.w3.org/Archives/Public/public-credentials/2022Jun/0022.html)  Orie Steele (Wednesday, 15 June)
++++ Importing Verifiable Data as Labeled Property Graphs https://lists.w3.org/Archives/Public/public-credentials/2022Jun/0022.html
Orie Steele
I think what happens is that a first blank node is created for the proof, and since that node has `@container` `@graph`, instead of being able to trace the relationships directly from credential to proof to verification method...
@ -102,9 +111,10 @@ I suspect this is solvable with a more complicated graph config: [https://neo4j.
But I wonder if we might correct this behavior in VC Data Model 2.0, such that RDF representations don't have this odd behavior when imported as labeled property graphs. [...]
answer on the github issue for the standard, I raised it here: [](https://github.com/w3c/vc-data-model/issues/881)[https://github.com/w3c/vc-data-model/issues/881](https://github.com/w3c/vc-data-model/issues/881)
answer on the github issue for the standard, I raised it here:[https://github.com/w3c/vc-data-model/issues/881](https://github.com/w3c/vc-data-model/issues/881)
* [Proposed W3C Charter: RDF Dataset Canonicalization and Hash Working Group](https://lists.w3.org/Archives/Public/public-credentials/2022May/0033.html)  Manu Sporny (Tuesday, 17 May)
++++ Proposed W3C Charter: RDF Dataset Canonicalization and Hash Working Group https://lists.w3.org/Archives/Public/public-credentials/2022May/0033.html
Manu Sporny
The goal of this group is to standardize the way many of us digitally sign Verifiable Credentials. This working group has been about decade in the making (some would say two decades) and is important for achieving things like BBS+ selective disclosure as well as standardizing the way we format Verifiable Credentials before they are digitally signed.
@ -112,52 +122,61 @@ The [announcement](https://lists.w3.org/Archives/Public/public-new-work/2022May/
The [proposed charter](https://www.w3.org/2022/05/04-proposed-rch-wg-charter/) is here
* [URDNA2015 Implementation Question](https://lists.w3.org/Archives/Public/public-credentials/2022Jul/0017.html)  Daniel Petranek (Thursday, 7 July)
++++ URDNA2015 Implementation Question https://lists.w3.org/Archives/Public/public-credentials/2022Jul/0017.html
Daniel Petranek
I've instrumented the rdf-canonicalize library so I can inspect the order of execution, and it appears that what differs between my implementation and the Javascript one is the order of the permutations. The spec doesn't say how the permutations should be ordered, and my intuition is that the order does indeed matter - though I'm happy to be corrected if I'm wrong.
So, here is my question(s):
- Does the order of the permutations matter?
- If so, what order should they be in?
* Does the order of the permutations matter?
* [OIDF Workshop at EIC 2022 — Tuesday, May 10, 2022](https://openid.net/workshops/workshop-at-eic-2022/)
> The OpenID Foundation hosted a workshop at [EIC 2022 in Berlin](https://www.kuppingercole.com/events/eic2022/) that was part of the pre-conference workshops on Tuesday, May 10, 2022.\
> The Foundation was thrilled to welcome and introduce two of the 2022 Kim Cameron Award winners, Rachelle Sellung and Alen Horvat at the workshop. The Foundation will soon publish blogs from Rachelle and Alen describing their experiences at EIC 2022.-
* [Download workshop presentations](http://openid.net/wordpress-content/uploads/2022/05/OIDF_Workshop-at-EIC_FINAL_2022-05-11.pptx)
* [Announcing the 2022 OpenID Foundation Kim Cameron Award](https://openid.net/2022/04/08/announcing-the-2022-openid-foundation-kim-cameron-scholarship/) OpenID
* If so, what order should they be in?
+++> OIDF Workshop at EIC 2022 — Tuesday, May 10, 2022 https://openid.net/workshops/workshop-at-eic-2022/ The OpenID Foundation hosted a workshop at [EIC 2022 in Berlin](https://www.kuppingercole.com/events/eic2022/) that was part of the pre-conference workshops on Tuesday, May 10, 2022.\ The Foundation was thrilled to welcome and introduce two of the 2022 Kim Cameron Award winners, Rachelle Sellung and Alen Horvat at the workshop. The Foundation will soon publish blogs from Rachelle and Alen describing their experiences at EIC 2022.-
++++ Download workshop presentations http://openid.net/wordpress-content/uploads/2022/05/OIDF_Workshop-at-EIC_FINAL_2022-05-11.pptx
++++ Announcing the 2022 OpenID Foundation Kim Cameron Award https://openid.net/2022/04/08/announcing-the-2022-openid-foundation-kim-cameron-scholarship/
OpenID
Award recipients will be studying, researching, interning or working in a field relevant to one or more [OpenID Foundation working groups](https://openid.net/wg/) and consistent with Foundations Mission. The recipients will also be invited to participate in Foundation breakout meetings at the European Identity Conference and Identiverse which will provide exposure to both the Foundations business as well as leading technologists.
GAIN was a big topic of discussion
* [Nat Sakimura @_nat_en · May 12](https://twitter.com/_nat_en/status/1524654753917153280)
++++ Nat Sakimura @_nat_en · May 12 https://twitter.com/_nat_en/status/1524654753917153280
GAIN: The Global Assured Identity Network [@OIX_Nick](https://twitter.com/OIX_Nick) and [@gailhodges](https://twitter.com/gailhodges) on the main stage.
![https://www.notion.soimages/image4.png](https://www.notion.soimages/image4.png)
* [Protocols, Standards, Alliances: How to Re-GAIN the Future Internet from the Big Platforms](https://www.kuppingercole.com/watch/eic2022-panel-gain-future-internet) Kuppinger Cole
++++ Protocols, Standards, Alliances: How to Re-GAIN the Future Internet from the Big Platforms https://www.kuppingercole.com/watch/eic2022-panel-gain-future-internet
Kuppinger Cole
just like trade unions helped the working class during the industrial revolution to fight for their rights. In this panel session, we will discuss about the enablers of such a different approach and the requirements to actually be successfull.
* [Shared Signals: An Open Standard for Webhooks](https://openid.net/2021/08/24/shared-signals-an-open-standard-for-webhooks/) OpenID
++++ Shared Signals: An Open Standard for Webhooks https://openid.net/2021/08/24/shared-signals-an-open-standard-for-webhooks/
OpenID
The OpenID Foundation formed the “[Shared Signals and Events](https://openid.net/wg/sse/)” (SSE) Working Group as a combination of the previous OpenID RISC working group and an informal industry group that was focused on standardizing [Googles CAEP proposal](https://cloud.google.com/blog/products/identity-security/re-thinking-federated-identity-with-the-continuous-access-evaluation-protocol). These represented two distinct applications of the same underlying mechanism of managing asynchronous streams of events. Therefore the [SSE Framework](https://openid.net/specs/openid-sse-framework-1_0-01.html) is now proposed to be a standard for managing such streams of events for any application, not just CAEP and RISC. In effect, it is a standard for generalized Webhooks.
* [Proof-of-possession (pop) AMR method added to OpenID Enhanced Authentication Profile spec](https://self-issued.info/?p=2198) Mike Jones
++++ Proof-of-possession (pop) AMR method added to OpenID Enhanced Authentication Profile spec https://self-issued.info/?p=2198
Mike Jones
Ive defined an Authentication Method Reference (AMR) value called “pop” to indicate that Proof-of-possession of a key was performed. Unlike the existing “hwk” (hardware key) and “swk” (software key) methods [...] Among other use cases, this AMR method is applicable whenever a [WebAuthn](https://www.w3.org/TR/2021/REC-webauthn-2-20210408/) or [FIDO](https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html) authenticator are used.
- [https://openid.net/specs/openid-connect-eap-acr-values-1_0-01.html](https://openid.net/specs/openid-connect-eap-acr-values-1_0-01.html)
- [https://openid.net/specs/openid-connect-eap-acr-values-1_0.html](https://openid.net/specs/openid-connect-eap-acr-values-1_0.html)
* [OpenID Foundation is Hiring a new Executive Director](https://openid.net/2020/11/17/openid-foundation-executive-director-job-description/)
> The OpenID Foundation is seeking an Executive Director with the experience, skills, strategic vision, and commitment to advancing the Foundations open standards initiatives. This is a unique opportunity to lead a well-respected, member-driven, vendor-neutral, international standardization organization.
>
> extension the semantics, of the set of claims comprising a Verifiable Credential. A shared Credential Schema allows all parties to reference data in a known way
* [Vote for First Implementers Drafts of OIDConnect SIOPV2 and OIDC4VP Specifications](https://openid.net/2022/01/18/notice-of-vote-for-first-implementers-drafts-of-openid-connect-siopv2-and-oidc4vp-specifications/) OpenID
+++- https://openid.net/specs/openid-connect-eap-acr-values-1_0-01.html https://openid.net/specs/openid-connect-eap-acr-values-1_0-01.html
+++- https://openid.net/specs/openid-connect-eap-acr-values-1_0.html https://openid.net/specs/openid-connect-eap-acr-values-1_0.html
+++> OpenID Foundation is Hiring a new Executive Director https://openid.net/2020/11/17/openid-foundation-executive-director-job-description/ The OpenID Foundation is seeking an Executive Director with the experience, skills, strategic vision, and commitment to advancing the Foundations open standards initiatives. This is a unique opportunity to lead a well-respected, member-driven, vendor-neutral, international standardization organization. extension the semantics, of the set of claims comprising a Verifiable Credential. A shared Credential Schema allows all parties to reference data in a known way
++++ Vote for First Implementers Drafts of OIDConnect SIOPV2 and OIDC4VP Specifications https://openid.net/2022/01/18/notice-of-vote-for-first-implementers-drafts-of-openid-connect-siopv2-and-oidc4vp-specifications/
OpenID
The official voting period will be between Tuesday, February 1, 2022 and Tuesday, February 8, 2022, following the [45-day review](https://openid.net/2021/12/17/first-public-review-period-for-openid-connect-siopv2-and-oidc4vp-specifications-started/) of the specifications.
* [OpenID for Verifiable Credentials](http://openid.net/wordpress-content/uploads/2022/05/OIDF-Whitepaper_OpenID-for-Verifiable-Credentials_FINAL_2022-05-12.pdf) [...]
++++ OpenID for Verifiable Credentials http://openid.net/wordpress-content/uploads/2022/05/OIDF-Whitepaper_OpenID-for-Verifiable-Credentials_FINAL_2022-05-12.pdf
[...]
The goal of this whitepaper is to inform and educate the readers about the work on the OpenID for Verifiable Credentials (OpenID4VC) specifications family. It addresses use-cases referred to as Self-Sovereign Identity, Decentralized Identity, or User-Centric Identity.

View File

@ -1,37 +1,49 @@
# Fido Alliance
* [LoginWithFIDO.com](https://loginwithfido.com/)
* [Consumer Research](https://fidoalliance.org/consumerresearch/)
* [A WebAuthn Apache module?](https://hanszandbelt.wordpress.com/2022/05/05/a-webauthn-apache-module/) Hans Zandbelt
> any sensible WebAuthn/FIDO2 Apache module would rely on an externally running “Provider” software component to offload the heavy-lifting of onboarding and managing users and credentials.
* [2021 FIDO Developer Challenge: Outcomes and Winners](https://fidoalliance.org/2021-fido-developer-challenge-outcomes-and-winners/)
++++ LoginWithFIDO.com https://loginwithfido.com/
++++ Consumer Research https://fidoalliance.org/consumerresearch/
++++ A WebAuthn Apache module? https://hanszandbelt.wordpress.com/2022/05/05/a-webauthn-apache-module/ any sensible WebAuthn/FIDO2 Apache module would rely on an externally running “Provider” software component to offload the heavy-lifting of onboarding and managing users and credentials. Hans Zandbelt
++++ 2021 FIDO Developer Challenge: Outcomes and Winners https://fidoalliance.org/2021-fido-developer-challenge-outcomes-and-winners/
1. Gold Winner [Lockdrop](https://lockdrop.com/)
2. Silver Winner [Shaxware](https://www.shaxware.com/)
3. Bronze Winner SoundAuth ([Trillbit](https://www.trillbit.com/)
This years FIDO Developer Challenge reached a successful conclusion, with a ceremonial event during [Authenticate 2021](https://authenticatecon.com/event/authenticate-2021-conference/) of the ceremony is available now, and were pleased to share more detailed stories of the three finalists as well as the rest of the teams that made it to the final stage.
* [Integrating FIDO with Verifiable Credentials (8.30 am start)](https://iiw.idcommons.net/10E/_Integrating_FIDO_with_Verifiable_Credentials_(8.30_am_start)) by David Chadwick
* [The Use of FIDO2 and Verifiable Credentials (David Chadwick)](https://youtube.com/watch?v=l3taGxBdrRU)
++++ Integrating FIDO with Verifiable Credentials (8.30 am start) https://iiw.idcommons.net/10E/_Integrating_FIDO_with_Verifiable_Credentials_(8.30_am_start) David Chadwick
++++ The Use of FIDO2 and Verifiable Credentials (David Chadwick) https://youtube.com/watch?v=l3taGxBdrRU
W3C Web Authentication (FIDO2) provides a mechanism for strong authentication whilst W3C Verifiable Credentials provide a mechanism for strong identification and authorisation. Together they make an unbeatable pair for identity management.
Prof. David Chadwick presented work on sharing W3C Verifiable Crendentials via FIDO2 key setup with issuers of credentials.  In a nutshell, the holder and issuer use the WebAuthN protocol to strongly authenticate before the issuer protects the credentials with its signature.  Upon providing credentials to a relying party, the issuer (acting in an IDP capacity, so they must be online) will verify the identity of the holder via FIDO2 WebAuthN so that the credentials (or selected claims in the credentials for selective disclosure) can be shared with the relying party.  Ephemeral keys are created to bind the holder with such credentials shared to the relying party/verifier.  The relying party/verifier can use X.509 certs to confirm that the issuer is valid by checking the signature on the derived credential from the holder.
* [Fido Passkey](https://www.pingidentity.com/en/resources/blog/post/how-fido-passkeys-accelerate-passwordless-future.html)
++++ Fido Passkey https://www.pingidentity.com/en/resources/blog/post/how-fido-passkeys-accelerate-passwordless-future.html
* * [What is FIDO? Infographic](https://www.scmagazine.com/resource/identity-and-access/what-is-fido)
- [How passkeys pave the way for passwordless authentication](https://www.scmagazine.com/resource/identity-and-access/how-passkeys-pave-the-way-for-passwordless-authentication)
* [FIDO: Everything You Need to Know About Fast Identity Online](https://www.pingidentity.com/en/company/blog/posts/2021/fast-identity-online-fido.html)
* [Use Fido2 Passwords Authentication with Azure AD](https://damienbod.com/2022/01/17/use-fido2-passwordless-authentication-with-azure-ad/) Damion Bod
+++- How passkeys pave the way for passwordless authentication https://www.scmagazine.com/resource/identity-and-access/how-passkeys-pave-the-way-for-passwordless-authentication
++++ FIDO: Everything You Need to Know About Fast Identity Online https://www.pingidentity.com/en/company/blog/posts/2021/fast-identity-online-fido.html
++++ Use Fido2 Passwords Authentication with Azure AD https://damienbod.com/2022/01/17/use-fido2-passwordless-authentication-with-azure-ad/
Damion Bod
This article shows how to implement FIDO2 passwordless authentication with Azure AD for users in an Azure tenant.
* [Charting an Accelerated Path Forward for Passwordless Authentication Adoption](https://fidoalliance.org/charting-an-accelerated-path-forward-for-passwordless-authentication-adoption/) FIDO
* [The paper introduces](https://media.fidoalliance.org/wp-content/uploads/2022/03/How-FIDO-Addresses-a-Full-Range-of-Use-CasesFINAL.pdf) multi-device FIDO credentials, also informally referred to by the industry as “passkeys,” which enable users to have their FIDO login credentials readily available across all of the users devices.
* [FIDO passkeys are an existential threat to fintech startups](https://werd.io/2022/fido-passkeys-are-an-existential-threat-to-fintech-startups)
++++ Charting an Accelerated Path Forward for Passwordless Authentication Adoption https://fidoalliance.org/charting-an-accelerated-path-forward-for-passwordless-authentication-adoption/
FIDO
++++ The paper introduces https://media.fidoalliance.org/wp-content/uploads/2022/03/How-FIDO-Addresses-a-Full-Range-of-Use-CasesFINAL.pdf
multi-device FIDO credentials, also informally referred to by the industry as “passkeys,” which enable users to have their FIDO login credentials readily available across all of the users devices.
++++ FIDO passkeys are an existential threat to fintech startups https://werd.io/2022/fido-passkeys-are-an-existential-threat-to-fintech-startups
by definition, screen scraping requires storing a users financial system passwords in clear text. Nonetheless, you can bet that every system that integrates with payroll systems, and almost every system that integrates with banks (at a minimum), uses the technique. The US has badly needed [open banking style standards](https://standards.openbanking.org.uk/api-specifications/) for years.
* [FIDO Alliance Supports Biden Administration EO on Cybersecurity](https://fidoalliance.org/fido-alliance-supports-biden-administration-eo-on-cybersecurity/)
++++ FIDO Alliance Supports Biden Administration EO on Cybersecurity https://fidoalliance.org/fido-alliance-supports-biden-administration-eo-on-cybersecurity/
There have been a number of high profile attacks against critical American infrastructure in recent months, including the Solarwinds supply chain attack that exposed much of the government to potential risk. Top of mind in recent days is the ransomware attack against Colonial Pipeline, which significantly impacted the flow of refined oil across America. These attacks expose the vulnerability of critical infrastructure in the United States, and the Biden Administration is issuing federal directives that will minimize or eliminate risk.

View File

@ -1,117 +1,118 @@
---
published: false
---
*--
# Existing ID Standards Based Tech
## Explainer
### Identity not SSI
++++ 101 Session: UMA - User Manged Access https://iiw.idcommons.net/3B/_101_Session:_UMA_-_User_Managed_Access Eve Maler and George Fletcher
* [101 Session: UMA - User Manged Access](https://iiw.idcommons.net/3B/_101_Session:_UMA_-_User_Managed_Access) by Eve Maler and George Fletcher
* [Police in Latin America are turning activists phones against them](https://restofworld.org/2021/latin-america-phone-security/)
++++ Police in Latin America are turning activists phones against them https://restofworld.org/2021/latin-america-phone-security/
Experts say that seized devices have become a trove of information for authorities cracking down on social movements and opposition leaders.
* [Calls for New FTC Rules to Limit Businesses Data Collection and Stop Data Abuse](https://anonyome.com/2021/07/calls-for-new-ftc-rules-to-limit-businesses-data-collection-and-stop-data-abuse/)
++++ Calls for New FTC Rules to Limit Businesses Data Collection and Stop Data Abuse https://anonyome.com/2021/07/calls-for-new-ftc-rules-to-limit-businesses-data-collection-and-stop-data-abuse/
“I want to sound a note of caution around approaches that are centered around user control. I think transparency and control are important. I think it is really problematic to put the burden on consumers to work through the markets and the use of data, figure out who has their data, how its being used, make decisions … I think you end up with notice fatigue; I think you end up with decision fatigue; you get very abusive manipulation of dark patterns to push people into decisions.
* [NSO rejects](https://www.theguardian.com/news/2021/jul/18/response-from-nso-and-governments) this label. It insists only carefully vetted government intelligence and law enforcement agencies can use Pegasus, and only to penetrate the phones of “legitimate criminal or terror group targets”
++++ NSO rejects https://www.theguardian.com/news/2021/jul/18/response-from-nso-and-governments
this label. It insists only carefully vetted government intelligence and law enforcement agencies can use Pegasus, and only to penetrate the phones of “legitimate criminal or terror group targets”
* [How Social Engineering Has (And Hasnt) Evolved Over Time](https://auth0.com/blog/how-social-engineering-has-and-hasnt-evolved-over-time/) auth0
> In short: you can deploy all the technological measures you want, but unless you address the human element, an attacker can defeat your defenses with a simple phone call or email.
++++ How Social Engineering Has (And Hasnt) Evolved Over Time https://auth0.com/blog/how-social-engineering-has-and-hasnt-evolved-over-time/ In short: you can deploy all the technological measures you want, but unless you address the human element, an attacker can defeat your defenses with a simple phone call or email. auth0
* [My Take on the Misframing of the Authentication Problem](https://kyledenhartog.com/misframing-authn/) Kyle Den Hartog
> If you havent [read this paper](https://www.cl.cam.ac.uk/~fms27/papers/2012-BonneauHerOorSta-password--oakland.pdf) before you design an authentication system youre probably just reinventing something already created or missing a piece of the puzzle \
> [...] can anyone point me to an academic research paper or even some user research that tells me the probability that a users password will be discovered by an attacker in the next year? What about the probability that the user shares their password with a trusted person because the system wasnt deployed with a delegation system? Or how about how the probability will drop as the user reuses their password across many websites? Simply put I think weve been asking the wrong question
* [The Things to Keep in Mind about Auth](https://developer.okta.com/blog/2021/10/29/things-to-keep-in-mind-about-auth) Okta
++++ My Take on the Misframing of the Authentication Problem https://kyledenhartog.com/misframing-authn/ If you havent [read this paper](https://www.cl.cam.ac.uk/~fms27/papers/2012-BonneauHerOorSta-password--oakland.pdf) before you design an authentication system youre probably just reinventing something already created or missing a piece of the puzzle \\n > [...] can anyone point me to an academic research paper or even some user research that tells me the probability that a users password will be discovered by an attacker in the next year? What about the probability that the user shares their password with a trusted person because the system wasnt deployed with a delegation system? Or how about how the probability will drop as the user reuses their password across many websites? Simply put I think weve been asking the wrong question Kyle Den Hartog
* [Developers: SMS Authentication is Challenging](https://medium.com/magiclabs/building-sms-authentication-c2cabccbd5f8) Magic Labs
> SMS (Short Message Service) messaging¹, despite a number of material challenges, has broad adoption, international regulations, and support across platforms.
++++ The Things to Keep in Mind about Auth https://developer.okta.com/blog/2021/10/29/things-to-keep-in-mind-about-auth
Okta
++++ Developers: SMS Authentication is Challenging https://medium.com/magiclabs/building-sms-authentication-c2cabccbd5f8 SMS (Short Message Service) messaging¹, despite a number of material challenges, has broad adoption, international regulations, and support across platforms. Magic Labs
* [What is Knowledge-based Authentication (KBA)?](https://www.pingidentity.com/en/company/blog/posts/2022/what-is-knowledge-based-authentication-kba.html) Ping Identity
++++ What is Knowledge-based Authentication (KBA)? https://www.pingidentity.com/en/company/blog/posts/2022/what-is-knowledge-based-authentication-kba.html
Ping Identity
When you set up a new account, you are often asked to create a password and choose a security question and answer (e.g., What is your mother's maiden name?). Answering security questions based on personal information when you log in to an app or system is called knowledge-based authentication (KBA).
* [Open Badges is now on the plateau of productivity](https://dougbelshaw.com/blog/2022/03/18/open-badges-fers/) Doug Belshaw
++++ Open Badges is now on the plateau of productivity https://dougbelshaw.com/blog/2022/03/18/open-badges-fers/
Doug Belshaw
Were no longer in the stage of “imagine a world…” but rather “heres whats happening, lets talk about how this could be useful to you”.
* [Cloudflares investigation of the January 2022 Okta compromise](https://blog.cloudflare.com/cloudflare-investigation-of-the-january-2022-okta-compromise/)
++++ Cloudflares investigation of the January 2022 Okta compromise https://blog.cloudflare.com/cloudflare-investigation-of-the-january-2022-okta-compromise/
Our [understanding](https://twitter.com/toddmckinnon/status/1506184721922859010) is that during January 2022, hackers outside Okta had access to an Okta support employees account and were able to take actions as if they were that employee. In a screenshot shared on social media, a Cloudflare employees email address was visible, along with a popup indicating the hacker was posing as an Okta employee and could have initiated a password reset.
Disasters in the World of Data
* [Facebook Is Receiving Sensitive Medical Information from Hospital Websites](https://themarkup.org/pixel-hunt/2022/06/16/facebook-is-receiving-sensitive-medical-information-from-hospital-websites)
++++ Facebook Is Receiving Sensitive Medical Information from Hospital Websites https://themarkup.org/pixel-hunt/2022/06/16/facebook-is-receiving-sensitive-medical-information-from-hospital-websites
* [Facebook and Anti-Abortion Clinics Are Collecting Highly Sensitive Info on Would-Be Patients](https://themarkup.org/pixel-hunt/2022/06/15/facebook-and-anti-abortion-clinics-are-collecting-highly-sensitive-info-on-would-be-patients)
++++ Facebook and Anti-Abortion Clinics Are Collecting Highly Sensitive Info on Would-Be Patients https://themarkup.org/pixel-hunt/2022/06/15/facebook-and-anti-abortion-clinics-are-collecting-highly-sensitive-info-on-would-be-patients
* [Tech on Juneteenth: Some tech firms perpetuate modern-day slavery by using prison labor](https://benwerd.medium.com/tech-on-juneteenth-c45822aa53f7)
++++ Tech on Juneteenth: Some tech firms perpetuate modern-day slavery by using prison labor https://benwerd.medium.com/tech-on-juneteenth-c45822aa53f7
++++ What Is Account Creation Fraud? https://www.pingidentity.com/en/resources/blog/post/what-is-account-creation-fraud.html
* [What Is Account Creation Fraud?](https://www.pingidentity.com/en/resources/blog/post/what-is-account-creation-fraud.html)
* [Balancing User Experience and Security](https://www.pingidentity.com/en/resources/blog/post/balancing-user-experience-ux-and-security.html)
* [Digital Identity Wallets auf Basis eIDAS 2.0 Ecosystem](https://www.comuny.de/digital-identity-wallets-auf-basis-eidas-2-0-ecosystem/)
++++ Balancing User Experience and Security https://www.pingidentity.com/en/resources/blog/post/balancing-user-experience-ux-and-security.html
++++ Digital Identity Wallets auf Basis eIDAS 2.0 Ecosystem https://www.comuny.de/digital-identity-wallets-auf-basis-eidas-2-0-ecosystem/
Womens Rights and Technology Intersection feel very poinient this week
* [Section 230 Is a Last Line of Defense for Abortion Speech Online](https://www.wired.com/story/section-230-is-a-last-line-of-defense-for-abortion-speech-online/) Wired
++++ Section 230 Is a Last Line of Defense for Abortion Speech Online https://www.wired.com/story/section-230-is-a-last-line-of-defense-for-abortion-speech-online/
Wired
Democrats who have been misguidedly attacking Section 230 of the Communications Decency Act need to wake up now. If they dont [start listening](https://www.thedailybeast.com/want-to-fix-big-tech-stop-ignoring-sex-workers) to the warnings of human rights experts, [sex workers](https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4095115), LGBTQ+ folks, and [reproductive rights](https://freedomnetworkusa.org/app/uploads/2020/09/FNUSA-Joins-EARN-IT-Act-Coalition-letter-9.09.2020.pdf) groups, Democrats could help right-wing zealots achieve their goal: mass censorship of online content about abortion.
## Identity not SSI
* [Fixing Web Login](https://www.windley.com/archives/2022/06/fixing_web_login.shtml) Phil Windley
++++ Fixing Web Login https://www.windley.com/archives/2022/06/fixing_web_login.shtml
Phil Windley
Like the "close" buttons for elevator doors, "keep me logged in" options on web-site authentication screens feel more like a placebo than something that actually works. Getting rid of passwords will mean we need to authenticate less often, or maybe just don't mind as much when we do.
* [ADOPTING NEW TECH: HOW TO GIVE YOUR TEAM THE BEST CHANCES OF SUCCESS](https://www.theengineroom.org/adopting-new-tech-how-to-give-your-team-the-best-chances-of-success/) The Engine Room
++++ ADOPTING NEW TECH: HOW TO GIVE YOUR TEAM THE BEST CHANCES OF SUCCESS https://www.theengineroom.org/adopting-new-tech-how-to-give-your-team-the-best-chances-of-success/
The Engine Room
From our past work in this area, we have seen that slow and steady wins the race: for new policies, practices, and technologies to become part of workflows, staff need to be able to learn how to use new tools and incorporate them into their daily work practices — and be supported in doing so.
* [WHAT WEVE LEARNED THROUGH OUR SUPPORT FOR ORGANISATIONS WORKING ON BUILDING DIGITAL COMMUNITIES](https://www.theengineroom.org/what-weve-learned-through-our-support-for-organisations-working-on-building-digital-communities/) The Engine Room
++++ WHAT WEVE LEARNED THROUGH OUR SUPPORT FOR ORGANISATIONS WORKING ON BUILDING DIGITAL COMMUNITIES https://www.theengineroom.org/what-weve-learned-through-our-support-for-organisations-working-on-building-digital-communities/
The Engine Room
Maintaining an online community is a lot of work, in both the short term and the long term. It requires setting aside time, human resources and tech infrastructure to keep things running smoothly. Here are some questions and ideas that can help you assess what it may take to maintain the online community youre trying to build:
* [InfoCert, AUTHADA and Dr. Ing. Wandrei develop a new tool for QES in the circular economy](https://infocert.digital/infocert-authada-and-dr-ing-wandrei-develop-a-new-tool-for-qes-in-the-circular-economy/) Infocert
> signature can now be done on mobile devices such as smartphones and tablets with the new NSUITE.mobile product, with a consequent streamlining of the entire process.
- [InfoCert has been recognized Representative Vendor in Gartners Market Guide for Electronic Signature 2022](https://infocert.digital/infocert-has-been-recognized-representative-vendor-in-gartners-market-guide-for-electronic-signature-2022/)
- [GBG: The State of Digital Identity 2022](https://www.gbgplc.com/media/heqgqhur/gbg-state-of-digital-identity-2022.pdf)
- Security and satisfaction: Gaining from The Great Switch
- Digital identitys next step: Mobile and alternative data
- Identity fraud: Its a matter of when, not if
- Young adults: The biggest victims of identity fraud?
- Fraud and financial services
- Time to build trust in a digital world
++++ InfoCert, AUTHADA and Dr. Ing. Wandrei develop a new tool for QES in the circular economy https://infocert.digital/infocert-authada-and-dr-ing-wandrei-develop-a-new-tool-for-qes-in-the-circular-economy/ signature can now be done on mobile devices such as smartphones and tablets with the new NSUITE.mobile product, with a consequent streamlining of the entire process. Infocert
* [Daon-Neustar Partnership Combines Voice Authentication With Phone Number Verification](https://findbiometrics.com/daon-neustar-partnership-voice-authentication-phone-number-verification-508261/)
+++- InfoCert has been recognized Representative Vendor in Gartners Market Guide for Electronic Signature 2022 https://infocert.digital/infocert-has-been-recognized-representative-vendor-in-gartners-market-guide-for-electronic-signature-2022/
+++- GBG: The State of Digital Identity 2022 https://www.gbgplc.com/media/heqgqhur/gbg-state-of-digital-identity-2022.pdf
* Security and satisfaction: Gaining from The Great Switch
* Digital identitys next step: Mobile and alternative data
* Identity fraud: Its a matter of when, not if
* Young adults: The biggest victims of identity fraud?
* Fraud and financial services
* Time to build trust in a digital world
++++ Daon-Neustar Partnership Combines Voice Authentication With Phone Number Verification https://findbiometrics.com/daon-neustar-partnership-voice-authentication-phone-number-verification-508261/
Bad News
* [Widespread Okta phishing campaign impacts over 130 organizations](https://www.scmagazine.com/brief/identity-and-access/widespread-okta-phishing-campaign-impacts-over-130-organizations)
++++ Widespread Okta phishing campaign impacts over 130 organizations https://www.scmagazine.com/brief/identity-and-access/widespread-okta-phishing-campaign-impacts-over-130-organizations
* [LastPass Reports a Breach: Identity News Digest](https://findbiometrics.com/lastpass-reports-a-breach-identity-news-digest-508262/)
++++ LastPass Reports a Breach: Identity News Digest https://findbiometrics.com/lastpass-reports-a-breach-identity-news-digest-508262/
++++ Security pros say the cloud has increased the number of identities at their organizations https://www.scmagazine.com/analysis/cloud-security/security-pros-say-the-cloud-has-increased-the-number-of-identities-at-their-organizations
++++ Experian Joins iProov and Deloitte in UKs Digital ID Program https://mobileidworld.com/experian-joins-iproov-and-deloitte-in-uks-digital-id-program/
* [Security pros say the cloud has increased the number of identities at their organizations](https://www.scmagazine.com/analysis/cloud-security/security-pros-say-the-cloud-has-increased-the-number-of-identities-at-their-organizations)
* [Experian Joins iProov and Deloitte in UKs Digital ID Program](https://mobileidworld.com/experian-joins-iproov-and-deloitte-in-uks-digital-id-program/)
* [Rohingya seek reparations from Facebook for role in massacre](https://apnews.com/article/technology-business-bangladesh-myanmar-c5af9acec46a3042beed7f5e1bc71b8a) APNews
++++ Rohingya seek reparations from Facebook for role in massacre https://apnews.com/article/technology-business-bangladesh-myanmar-c5af9acec46a3042beed7f5e1bc71b8a
APNews
The platform, Amnesty says, wasnt merely a passive site with insufficient content moderation. Instead, Metas algorithms “proactively amplified and promoted content” on Facebook, which incited violent hatred against the Rohingya beginning as early as 2012.
* [Call it data liberation day: Patients can now access all their health records digitally](https://www.statnews.com/2022/10/06/health-data-information-blocking-records/) Statnews
@ -119,8 +120,13 @@ The platform, Amnesty says, wasnt merely a passive site with insufficient con
Under [federal rules](https://www.healthit.gov/buzz-blog/information-blocking/information-blocking-eight-regulatory-reminders-for-october-6th) taking effect Thursday, health care organizations must give patients unfettered access to their full health records in digital format. No more long delays. No more fax machines. No more exorbitant charges for printed pages.
## Known
* [Known](https://withknown.com/) has supported [Indieweb](https://indieweb.org/) standards since the beginning, but Fediverse has been notably missing. I think thats a big omission, but also not something Ive had bandwidth to fix.
* [Building ActivityPub into Known](https://werd.io/2021/building-activitypub-into-known) Ben Werdmüller
* [ActivityPub support · Issue #2615 · idno/known · GitHub](https://github.com/idno/known/issues/2615#issuecomment-991335313)
++++ Known](https://withknown.com/) has supported [Indieweb https://indieweb.org/
standards since the beginning, but Fediverse has been notably missing. I think thats a big omission, but also not something Ive had bandwidth to fix.
++++ Building ActivityPub into Known https://werd.io/2021/building-activitypub-into-known
Ben Werdmüller
++++ ActivityPub support · Issue #2615 · idno/known · GitHub https://github.com/idno/known/issues/2615#issuecomment-991335313
This issue now has a funding of 3004.5068 USD (3000.0 USD @ $1.0/USD) attached to it.

View File

@ -2,110 +2,144 @@
## Contents
- 800-63-3
- DIACC
* 800-63-3
* DIACC
## Links
* [Digital Identity and Attributes Trust Framework](https://stateofidentity.libsyn.com/digital-identity-and-attributes-trust-framework) State of Identity
++++ Digital Identity and Attributes Trust Framework https://stateofidentity.libsyn.com/digital-identity-and-attributes-trust-framework
State of Identity
Do you trust technology and government to protect your data? On this week's State of Identity podcast, host, Cameron D'Ambrosi is joined by Gareth Narinesingh, Head of Digital Identity at HooYu to discuss the bridge between payments and identity wallets, the UK's next big push in adopting shared identity standards, and the foundation of decentralized identity verification across Web3 applications and the metaverse.
* [The Ukrainian War, PKI, and Censorship](https://www.windley.com/archives/2022/03/the_ukrainian_war_pki_and_censorship.shtml) Phil Windley
++++ The Ukrainian War, PKI, and Censorship https://www.windley.com/archives/2022/03/the_ukrainian_war_pki_and_censorship.shtml
Phil Windley
PKI has created a global trust framework for the web. But the war in Ukraine has shone a light on its weaknesses. Hierarchies are not good architectures for building robust, trustworthy, and stable digital systems.
* [Digital Caribou looks at the future trends impacting Digital Identity](https://medium.com/caribou-digital/diagnostic-trends-shaping-the-future-of-digital-identification-181724c40068)
> 1. The state of the art in digital identification are trust frameworks that accommodate diverse technologies, systems and stakeholders
> 2. Risks remain even within the most rigorous trust framework:
> 3. Achieving inclusion requires addressing both technical and political dimensions
> 4. Trust frameworks are complicated so getting governance right requires an ecosystems approach
> 5. Building the future of digital identification means reckoning with an analogue past
* [Trust Frameworks](https://medium.com/mattr-global/learn-concepts-trust-frameworks-ad96a4427991)
> Trust frameworks are a foundational component of the web of trust. A trust framework is a common set of best practice standards-based rules that ensure minimum requirements are met for security, privacy, identification management and interoperability through accreditation and governance. These operating rules provide a common framework for ecosystem participants, increasing trust between them.
* [The trust infrastructure of self-sovereign identity ecosystems](https://ssi-ambassador.medium.com/the-trust-infrastructure-of-self-sovereign-identity-ecosystems-551f46ed9e2c)
> The trust infrastructure is concerned with the question of how and why the presented information can be trusted. It defines the rules for all stakeholders and enables legally binding relationships with the combination of governance frameworks, which are built on top of trust frameworks.
>
> includes a section on the core components of identity architecture that includes a graphic [based on a post by Phil Windley](https://www.windley.com/archives/2020/09/the_architecture_of_identity_systems.shtml)
* [Battle of the Trust Frameworks with Tim Bouma & Darrell ODonnell](https://northernblock.io/battle-of-the-trust-frameworks-with-tim-bouma-darrell-odonnell) Northern Block
+++> Digital Caribou looks at the future trends impacting Digital Identity https://medium.com/caribou-digital/diagnostic-trends-shaping-the-future-of-digital-identification-181724c40068 > 1. The state of the art in digital identification are trust frameworks that accommodate diverse technologies, systems and stakeholders\n > 2. Risks remain even within the most rigorous trust framework:\n > 3. Achieving inclusion requires addressing both technical and political dimensions\n > 4. Trust frameworks are complicated so getting governance right requires an ecosystems approach\n > 5. Building the future of digital identification means reckoning with an analogue past
+++> Trust Frameworks https://medium.com/mattr-global/learn-concepts-trust-frameworks-ad96a4427991 Trust frameworks are a foundational component of the web of trust. A trust framework is a common set of best practice standards-based rules that ensure minimum requirements are met for security, privacy, identification management and interoperability through accreditation and governance. These operating rules provide a common framework for ecosystem participants, increasing trust between them.
+++> The trust infrastructure of self-sovereign identity ecosystems https://ssi-ambassador.medium.com/the-trust-infrastructure-of-self-sovereign-identity-ecosystems-551f46ed9e2c The trust infrastructure is concerned with the question of how and why the presented information can be trusted. It defines the rules for all stakeholders and enables legally binding relationships with the combination of governance frameworks, which are built on top of trust frameworks.\n > \n > includes a section on the core components of identity architecture that includes a graphic [based on a post by Phil Windley](https://www.windley.com/archives/2020/09/the_architecture_of_identity_systems.shtml)
++++ Battle of the Trust Frameworks with Tim Bouma & Darrell ODonnell https://northernblock.io/battle-of-the-trust-frameworks-with-tim-bouma-darrell-odonnell
Northern Block
1. Levels of Assurance (LOA): an introduction to LOAs as they relate to Digital Identity and why theyre an important part of the recipe in achieving digital trust. Tim and Darrell give us some practical examples of LOAs.
2. The Concept of Trust: how do we define trust at a high-level and how do we differentiate between technical and human trust? How can we build trust with credential issuers but also with credential holders?
3. The World of Trust Frameworks: what are trust frameworks and what are different types of frameworks being deployed in both the public and private sectors? How are organizations trying to monetize trust frameworks? Whats going right, and whats going wrong with the way trust frameworks are being implemented?
4. The Importance of Open Source for Trust Creation: why is open source important for achieving digital sovereignty? Is open source the only way to improve transparency, flexibility and accountability?
* [Good Health Pass Ecosystem Trust Architecture: DIDs and X.509 Trust Registries with Ecosystem Governance Frameworks](https://iiw.idcommons.net/23F/_Good_Health_Pass_Ecosystem_Trust_Architecture:_DIDs_and_X.509_Trust_Registries_with_Ecosystem_Governance_Frameworks) by Drummond Reed, Scott Perry, Darrell ODonnell
++++ Good Health Pass Ecosystem Trust Architecture: DIDs and X.509 Trust Registries with Ecosystem Governance Frameworks https://iiw.idcommons.net/23F/_Good_Health_Pass_Ecosystem_Trust_Architecture:_DIDs_and_X.509_Trust_Registries_with_Ecosystem_Governance_Frameworks Drummond Reed, Scott Perry, Darrell ODonnell
Governance, Trust Registry, Ecosystem, Transitive Trust, Architecture
Presentation Deck: [GHP Ecosystem Trust Architecture PDF](https://drive.google.com/file/d/1Hgh5JvrM7aUCmg5q6KIXzvpVIcgfhTjr/view?usp=sharing)
- Proposed Trust Interoperability (Global) for the Good Health Pass (GHP) Ecosystem
- Kaliya Young & Rebecca Distler - Working Group Co-Leads
- Trust in the system - focus for todays discussion.
- Principles - [https://www.goodhealthpass.org/wp-content/uploads/2021/02/Good-Health-Pass-Collaborative-Principles-Paper.pdf](https://www.goodhealthpass.org/wp-content/uploads/2021/02/Good-Health-Pass-Collaborative-Principles-Paper.pdf)
- Blueprint Outline - [https://www.goodhealthpass.org/wp-content/uploads/2021/03/GHPC-Interoperability-Blueprint-Outline-v2.pdf](https://www.goodhealthpass.org/wp-content/uploads/2021/03/GHPC-Interoperability-Blueprint-Outline-v2.pdf)
- Global Problems inhibiting world travel. Many emerging instances of GHP related ecosystems. GHP establishing an umbrella for all GHP-compliant ecosystems.
- Relying on the ToIP Trust stack as an architectural blueprint
- Ecosystem Governance Framework is at the top of a governance and technical stack.
- Some specific Ecosystems need to accommodate x.509 certificate and VC constructs.
- ToIP Stack diagram is undergoing new changes - some new terminology being discussed at IIW.
- Governance and Trust Framework terms are being used as synonyms but we conveyed that Governance Frameworks are over arching of subject Trust Frameworks.
- GHP wll be a General Ecosystem Governance Framework. Overseeing Specific EGFs..
-
* Proposed Trust Interoperability (Global) for the Good Health Pass (GHP) Ecosystem
* Kaliya Young & Rebecca Distler - Working Group Co-Leads
* Trust in the system - focus for todays discussion.
* Principles - [https://www.goodhealthpass.org/wp-content/uploads/2021/02/Good-Health-Pass-Collaborative-Principles-Paper.pdf](https://www.goodhealthpass.org/wp-content/uploads/2021/02/Good-Health-Pass-Collaborative-Principles-Paper.pdf)
* Blueprint Outline - [https://www.goodhealthpass.org/wp-content/uploads/2021/03/GHPC-Interoperability-Blueprint-Outline-v2.pdf](https://www.goodhealthpass.org/wp-content/uploads/2021/03/GHPC-Interoperability-Blueprint-Outline-v2.pdf)
* Global Problems inhibiting world travel. Many emerging instances of GHP related ecosystems. GHP establishing an umbrella for all GHP-compliant ecosystems.
* Relying on the ToIP Trust stack as an architectural blueprint
* Ecosystem Governance Framework is at the top of a governance and technical stack.
* Some specific Ecosystems need to accommodate x.509 certificate and VC constructs.
* ToIP Stack diagram is undergoing new changes - some new terminology being discussed at IIW.
* Governance and Trust Framework terms are being used as synonyms but we conveyed that Governance Frameworks are over arching of subject Trust Frameworks.
* GHP wll be a General Ecosystem Governance Framework. Overseeing Specific EGFs..
*
- It is likely to have a GHP compliance but only on the lightweight tenets of interoperability.
- We are introducing a trust registry infrastructure that works with all GHP-compliant ecosystems.
- Issuers within an ecosystem will be included in a trust registry.
- Each Ecosystem must publish its governance framework and make its trust registry available
- All issuers need to be recognized by a governance framework and included in a trust registry
- The second principle is that each specific EGF will identify its trust registry with a DID and specify its trust registry service endpoint(s) in its associated DID document
- The third principle is that each VC issued under a specific EGF will identify its issuer with either:
- a DID
- a URI (for X.509 certificates)
- The final principle is that each VC issued under a specific EGF will identify its type with a type URI. That field will be using common semantics.
- With this architecture, all we need is a simple trust registry protocol to answer the question:
- Is this issuer
- authorized to issue this VC type
- under this specific EGF?
- GOOD - is a pass
- BETTER - may be purpose-limited (“trivial” example -
* It is likely to have a GHP compliance but only on the lightweight tenets of interoperability.
* We are introducing a trust registry infrastructure that works with all GHP-compliant ecosystems.
* Issuers within an ecosystem will be included in a trust registry.
* Each Ecosystem must publish its governance framework and make its trust registry available
* All issuers need to be recognized by a governance framework and included in a trust registry
* The second principle is that each specific EGF will identify its trust registry with a DID and specify its trust registry service endpoint(s) in its associated DID document
* The third principle is that each VC issued under a specific EGF will identify its issuer with either:
* a DID
* a URI (for X.509 certificates)
* The final principle is that each VC issued under a specific EGF will identify its type with a type URI. That field will be using common semantics.
* With this architecture, all we need is a simple trust registry protocol to answer the question:
* Is this issuer
* authorized to issue this VC type
* under this specific EGF?
* GOOD - is a pass
* BETTER - may be purpose-limited (“trivial” example -
Links from chat:
- Bart Suichies to Everyone : the eidas demo is here: [https://essif.adaptivespace.io/](https://essif.adaptivespace.io/)
* Bart Suichies to Everyone : the eidas demo is here: [https://essif.adaptivespace.io/](https://essif.adaptivespace.io/)
* [https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/deliverables](https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/deliverables) not sure if this an open repo
++++ https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/deliverables https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/deliverables
not sure if this an open repo
* [https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/deliverables/-/blob/master/api_documentation/train-atv-1.0.0-swagger.yaml](https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/deliverables/-/blob/master/api_documentation/train-atv-1.0.0-swagger.yaml)
++++ https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/deliverables/-/blob/master/api_documentation/train-atv-1.0.0-swagger.yaml https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/deliverables/-/blob/master/api_documentation/train-atv-1.0.0-swagger.yaml
* [https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/train_project_summary](https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/train_project_summary)
++++ https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/train_project_summary https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/train_project_summary
- Drummond Reed to Everyone : See the anti-coercion section of the original ToIP RFC: [https://github.com/hyperledger/aries-rfcs/blob/master/concepts/0289-toip-stack/README.md](https://github.com/hyperledger/aries-rfcs/blob/master/concepts/0289-toip-stack/README.md)
- Sterre den Breeijen to Everyone : [https://blockchain.tno.nl/blog/verify-the-verifier-anti-coercion-by-design/](https://blockchain.tno.nl/blog/verify-the-verifier-anti-coercion-by-design/) Blog on anti-coercion by my colleague Oskar van Deventer
- Bart Suichies to Everyone : @judith: [https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/train_project_summary](https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/train_project_summary)
- Darrell O'Donnell to Everyone : TRAIN - [https://essif-lab.eu/essif-train-by-fraunhofer-gesellschaft/](https://essif-lab.eu/essif-train-by-fraunhofer-gesellschaft/)
- Drummond Reed to Everyone : Bart, I am totally on board with the human-readable element for GHP. Happy to chat more with you about that. There is a lot of focus on that in the [Consistent User Experience drafting group](https://wiki.trustoverip.org/display/HOME/Consistent+User+Experience+Drafting+Group)
* Drummond Reed to Everyone : See the anti-coercion section of the original ToIP RFC: [https://github.com/hyperledger/aries-rfcs/blob/master/concepts/0289-toip-stack/README.md](https://github.com/hyperledger/aries-rfcs/blob/master/concepts/0289-toip-stack/README.md)
* Sterre den Breeijen to Everyone : [https://blockchain.tno.nl/blog/verify-the-verifier-anti-coercion-by-design/](https://blockchain.tno.nl/blog/verify-the-verifier-anti-coercion-by-design/) Blog on anti-coercion by my colleague Oskar van Deventer
* Bart Suichies to Everyone : @judith: [https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/train_project_summary](https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/train_project_summary)
* Darrell O'Donnell to Everyone : TRAIN - [https://essif-lab.eu/essif-train-by-fraunhofer-gesellschaft/](https://essif-lab.eu/essif-train-by-fraunhofer-gesellschaft/)
* Drummond Reed to Everyone : Bart, I am totally on board with the human-readable element for GHP. Happy to chat more with you about that. There is a lot of focus on that in the [Consistent User Experience drafting group](https://wiki.trustoverip.org/display/HOME/Consistent+User+Experience+Drafting+Group)
[Pan-Canadian Trust Framework](https://diacc.ca/wp-content/uploads/2016/08/PCTF-Overview-FINAL.pdf)
* [Towards a Better Digital Identity Trust Framework in Aotearoa](https://digitalidentity.nz/2022/09/21/towards-a-better-digital-identity-trust-framework-in-aotearoa/) Digital Identity NZ
++++ Towards a Better Digital Identity Trust Framework in Aotearoa https://digitalidentity.nz/2022/09/21/towards-a-better-digital-identity-trust-framework-in-aotearoa/
Digital Identity NZ
Its a great pleasure to share with you DINZ Reflections Report, a seminal piece of work that DINZs Digital Identity Trust Framework working group has developed over several months.
* [Trust Frameworks? Standards Matter](https://medium.com/@trbouma/trust-frameworks-standards-matter-47c946992f44) Tim Bouma
> He points at the NIST documents about it [Developing Trust Frameworks to Support Identity Federations](https://nvlpubs.nist.gov/nistpubs/ir/2018/NIST.IR.8149.pdf) published in 2018. He also points at the Canadian governments definition of standards.
>
> “a document that provides a set of agreed-upon rules, guidelines or characteristics for activities or their results. Standards establish accepted practices, technical requirements, and terminologies for diverse fields.”  He goes on to highlight a lot of the work being done in Canada and where it all sits relative to being a standard - “In closing, there are lots of trust frameworks being developed today. But to be truly trusted, a trust framework needs to either apply existing standards or become a standard itself.”
* [Pan-Canadian Trust Framework (PCTF) Overview](https://northernblock.io/pan-canadian-trust-framework/)
+++A Trust Frameworks? Standards Matter https://medium.com/@trbouma/trust-frameworks-standards-matter-47c946992f44 He points at the NIST documents about it [Developing Trust Frameworks to Support Identity Federations](https://nvlpubs.nist.gov/nistpubs/ir/2018/NIST.IR.8149.pdf) published in 2018. He also points at the Canadian governments definition of standards.\n“a document that provides a set of agreed-upon rules, guidelines or characteristics for activities or their results. Standards establish accepted practices, technical requirements, and terminologies for diverse fields.”  He goes on to highlight a lot of the work being done in Canada and where it all sits relative to being a standard - “In closing, there are lots of trust frameworks being developed today. But to be truly trusted, a trust framework needs to either apply existing standards or become a standard itself.” Tim Bouma
++++ Pan-Canadian Trust Framework (PCTF) Overview https://northernblock.io/pan-canadian-trust-framework/
Right now, we are alpha testing the framework with different kinds of actors, both public and private, and with assessors. Through this process, were going to learn what may need to change, and what may not need to change. Were going to get real knowledge there. I will say that what were seeing already, is that DIACC and our priorities are really driven by members.
* [Trinsic Basics: What Is a Trust Registry?](https://trinsic.id/trinsic-basics-what-is-a-trust-registry/) Trinsic
++++ Trinsic Basics: What Is a Trust Registry? https://trinsic.id/trinsic-basics-what-is-a-trust-registry/
Trinsic
Trust registries also need to be interoperable. The [Trust Over IP Foundation](https://www.trustoverip.org/) has a [specification](https://github.com/trustoverip/tswg-trust-registry-tf) for an interoperable trust registry, and ours is the first implementation of this spec. Because of this, Trinsics Trust Registry Service is architected so that one ecosystem could reference or incorporate a trust registry from a separate ecosystem if needed.
## Trust Registries
* [Managing Trust and Reputation via Trust Registries](https://www.continuumloop.com/managing-trust-and-reputation-via-trust-registries/) Continuum Loop
++++ Managing Trust and Reputation via Trust Registries https://www.continuumloop.com/managing-trust-and-reputation-via-trust-registries/
Continuum Loop
The concept behind a Trust Registry is that a Wallet needs to know which decentralized identifiers (DIDs) to “trust” as a source of truth. At many levels, this “trust” translates to “authority” knowing that somebody, centralized or decentralized, is responsible for maintaining a list of trusted DIDs.

View File

@ -1,30 +1,26 @@
* [Collected submissions on AU Digital Identity system](https://lockstep.com.au/collected-submissions-on-au-digital-identity-system/) Lockstep
# Australia
- The international digital identity industry has moved comprehensively towards decentralised verifiable credentials and strong client-side authentication tools (especially through the [FIDO Alliance](https://fidoalliance.org/); Australia needs to catch up with these standards.
- The Australian states are implementing digitised credentials at a rapid rate, refocusing from Who a citizen is, to What attributes and claims they need to prove online; DTA risks being left behind by these developments.
* [More hurdles to clear as Digital Identity Bill enters [Australian] Parliament](https://fst.net.au/government-news/more-hurdles-to-clear-as-digital-identity-bill-enters-parliament-2/) FST
Government should adopt a simple, existing standard for its digital ID system, such as the public-key infrastructure (PKI)-based system in use within many [European countries](https://www.enisa.europa.eu/topics/csirts-in-europe/glossary/public-key-infrastructure-pki). PKI offers a number of security and privacy benefits that the TDIF aims to have; however, as no central authority is involved in authentication, no entity can meaningfully track user activity.
## Programs
* [Your digital identity and credentials](https://www.haveyoursay.nsw.gov.au/digital-identity) New South Wales
Help us make it easier for you to do things like open a bank account, buy a phone, start a new job, prove your age or enrol to study.
* [On why revocation is important...](https://lists.w3.org/Archives/Public/public-credentials/2022May/0052.html) Mike Prorock (Tuesday, 24 May)
>[https://arstechnica.com/information-technology/2022/05/digital-drivers-license-used-by-4m-australians-is-a-snap-to-forge/](https://arstechnica.com/information-technology/2022/05/digital-drivers-license-used-by-4m-australians-is-a-snap-to-forge/)
Yikes!
## Policy
For those that didn't read the article, the TL;DR is:
* [Collected submissions on AU Digital Identity system](https://lockstep.com.au/collected-submissions-on-au-digital-identity-system/) Lockstep
Tough to forge digital drivers license is… easy to forge... 4 million mobile driver's licenses in NSW Australia compromised in an unrecoverable way.
By reframing digital identity as a matter of data protection in more general terms, we would stay out of the risk management ploys and business affairs of others, preserve todays many ways of credentialling and transacting, and be seen to focus on more objective security outcomes.<br><br>* [Lockstep Submission AU Digital Identity Legislation (1.0)](https://lockstep.com.au/wp-content/uploads/2021/12/Lockstep-Submission-AU-Digital-Identity-Legislation-1.0.pdf) <br>* [Lockstep Submission AU Digital Identity Legislation Phase 2 210714](https://lockstep.com.au/wp-content/uploads/2021/12/Lockstep-Submission-AU-Digital-Identity-Legislation-Phase-2-210714.pdf) <br>* [Lockstep Submission Trusted Digital Identity Legislation Phase 3 211027](https://lockstep.com.au/wp-content/uploads/2021/12/Lockstep-Submission-Trusted-Digital-Identity-Legislation-Phase-3-211027.pdf)
* [More hurdles to clear as Digital Identity Bill enters [Australian] Parliament](https://fst.net.au/government-news/more-hurdles-to-clear-as-digital-identity-bill-enters-parliament-2/) FST
* [Lockstep TDIF DTA Submission 171020](https://lockstep.com.au/wp-content/uploads/2021/12/Lockstep-TDIF-DTA-Submission-171020.pdf)
Government should adopt a simple, existing standard for its digital ID system, such as the public-key infrastructure (PKI)-based system in use within many [European countries](https://www.enisa.europa.eu/topics/csirts-in-europe/glossary/public-key-infrastructure-pki). PKI offers a number of security and privacy benefits that the TDIF aims to have; however, as no central authority is involved in authentication, no entity can meaningfully track user activity.
* [Lockstep Submission AU Digital Identity Legislation (1.0)](https://lockstep.com.au/wp-content/uploads/2021/12/Lockstep-Submission-AU-Digital-Identity-Legislation-1.0.pdf)
* [Lockstep Submission AU Digital Identity Legislation Phase 2 210714](https://lockstep.com.au/wp-content/uploads/2021/12/Lockstep-Submission-AU-Digital-Identity-Legislation-Phase-2-210714.pdf)
* [Lockstep Submission Trusted Digital Identity Legislation Phase 3 211027](https://lockstep.com.au/wp-content/uploads/2021/12/Lockstep-Submission-Trusted-Digital-Identity-Legislation-Phase-3-211027.pdf)
* [New Digital Identity Advisory Council established](https://www.nsw.gov.au/media-releases/new-digital-identity-advisory-council-established)
The NSW Government has established a Digital Identity Ministerial Advisory Council (DIMAC), that will advise on a strategic direction and roadmap for digital identity in the State.
## Use Case
* [“Tough to forge” digital drivers license is… easy to forge](https://arstechnica.com/information-technology/2022/05/digital-drivers-license-used-by-4m-australians-is-a-snap-to-forge/)
The technique for overcoming these safeguards is surprisingly simple. The key is the ability to brute-force the PIN that encrypts the data. Since its only four digits long, there are only 10,000 possible combinations. Using publicly available scripts and a commodity computer, someone can learn the correct combination in a matter of a few minutes, as this video, showing the process on an iPhone, demonstrates.

View File

@ -1,11 +1,24 @@
---
published: false
---
### Digital ID Lab - CA
* [Digital ID Lab Announces Successful Closure of Several Public and Private Grants](https://www.businesswire.com/news/home/20200714005237/en/Digital-ID-Lab-Announces-Successful-Closure-of-Several-Public-and-Private-Grants)
## Explainer
* [Canada: Enabling Self-Sovereign Identity](https://trbouma.medium.com/canada-enabling-self-sovereign-identity-efcfda2aa044) Tim Bouma
The adoption of the [self-sovereign identity model](http://www.lifewithalacrity.com/2016/04/the-path-to-self-soverereign-identity.html) within the Canadian public sector is still being realized in 2020. It is too early to tell how it will change the technological infrastructure or the institutional infrastructure of Canadian public services.
[Ontario 2022 Election Results](https://www.continuumloop.com/digital-id-can-increase-voter-participation/)
It would be an understatement if I said that I was disappointed with the Ontario 2022 election results, and Im not talking about the winning party Im talking about the turnout. All to say, its discouraging to see such low participation. [...] Im not an expert on the election process, and this is just my opinion. Ive been lazy in past elections, and Id be lying if I said Ive voted in every one. As a citizen, I believe ease and accessibility have a lot to do with it.
## Quebec
* [Digital ID Lab Announces Successful Closure of Several Public and Private Grants DIACC](https://www.businesswire.com/news/home/20200714005237/en/Digital-ID-Lab-Announces-Successful-Closure-of-Several-Public-and-Private-Grants)
The Lab is Canadas first independent and neutral organization to promote the compliance of and interoperability between digital ID solutions across public and private sectors, bridging a crucial gap in the advancement of Canadas digital ecosystem.
## Saskatchewan
* [Sask. Government Stops Pursuit of Potential Digital ID](https://www.egovreview.com/article/news/618/sask-government-stops-pursuit-potential-digital-id) Ego Review
In a search that started in October 2021, the province was considering vendors to potentially initiate digital ID, meant to replace the need for physical ID cards. According to RFP documents, the selected vendor would have worked with SGI for facial verification, but final details on accessing the photo database werent finalized.
@ -19,14 +32,6 @@ John shared about his journey and ongoing rehab,  and then moved on to whats
* [John Jordan (BC Gov) about VON, OrgBook BC and our vision](https://bc-von.s3.amazonaws.com/2018-06-VON-Webinar-for-Sovrin-Indy-Community.mp4)
# Canadian Identity
* [Agency to hear public comment at hearing on August 24 and 25 as part of rulemaking process](https://cppa.ca.gov/regulations/) CPPA CA
A hearing on the [proposed regulations](https://cppa.ca.gov/regulations/consumer_privacy_act.html) will occur on August 24 and 25, 2022 at 9:00 am Pacific Time. Media and members of the public are encouraged to RSVP via the link above.
Persons who wish to submit written comments on the proposed regulations must submit them by August 23, 2022
* [BC Digital Trust](https://digital.gov.bc.ca/digital-trust/) BCGov
Nice resources page from BCGov
@ -38,17 +43,28 @@ Nice resources page from BCGov
- [Conference Book Demo](https://digital.gov.bc.ca/digital-trust/projects-and-initiatives/conference-book-demo/) A demo showing the use of Verifiable Credentials for attending a conference
- [Chat Server Demo](https://digital.gov.bc.ca/digital-trust/projects-and-initiatives/chat-server-demo/) A demo giving access to a chat service using Verifiable Credentials
* [British Columbia OrgBook Tell Us Once via Blockchain and Self-Sovereign Identity](https://digitalcanada.io/bc-orgbook-tell-us-once/)
* [Canadian Government: User-Centric Verifiable Digital Credentials Challenge](https://github.com/canada-ca/ucvdcc)
> This challenge is seeking a portable secure digital credentials (self-sovereign identity) solution held by individuals that can be independently, cryptographically and rapidly verified using emerging distributed ledger standards and an approach that may give rise to a global digital verification platform.
Canada is beginning to develop their own version of a “[Tell Us Once](https://digitalcanada.io/tell-us-once-legislation/)” Digital Identity policy, an approach pioneered in Europe by the likes of Estonia.
- [Recorded Video of Public Demo Day April 21, 2020](https://youtu.be/644kUC9Uw-g)
- [Final Presentations Folder](https://github.com/canada-ca/ucvdcc/blob/master/final)
This is a policy where having provided your data to one government agency, youll never be asked for it again from another, defined explicitly through legislation.
## Alberta
* [The Public Sector Profile of the Pan-Canadian Trust Framework Working Group Close-Out Report](https://trbouma.medium.com/public-sector-profile-of-the-pan-canadian-trust-framework-version-1-2-and-next-steps-86ae7a96d6c7) Tim Bouma
> the PSP PCTF WG was an important vehicle for ensuring public sector communication and discussion across Canada
[ACE](https://digitalcanada.io/ace-ssi/)
* [Participate in Alberta's First Verifiable Digital Credentials Pilot](https://pilot.atbventures.com/) ATB Ventures and Govt Alberta
As a part of the pilot, you will add your MyAlberta Digital ID as a verifiable credential to your mobile digital wallet (on your smartphone) and use this digital credential to open an ATB Pay As You Go Account - Digital Credential account with ATB Financial.
* [ATB Ventures works with Canadian government on digital ID proof of concept](https://www.biometricupdate.com/202202/atb-ventures-works-with-canadian-government-on-digital-id-proof-of-concept) Biometric Update
The proof of concept stage is where the Canadian government tests digital credentials use cases in cooperation with regulators and organizations to advance the adoption and maturity of digital credentials technology. The National Digital Trust Service aims to enable Canadians and businesses to issue, use and verify digital credentials during transactions.
## Ontario
* [Privacy in Ontario?](https://www.webistemology.com/a-mydata-ontario-privacy-submission/) Webistemology John Wunderlich
> MyData Canada recently submitted a report to the Government of Ontario in response to its consultation for strengthening privacy protections in Ontario.
* [Ontarios Digital ID: Technology and standards](https://www.ontario.ca/page/ontarios-digital-id-technology-and-standards)
@ -57,79 +73,71 @@ Ontarios Digital ID will use self-sovereign identity because it gives the hol
- Consent  The verifier must ask you to approve their request to confirm your credentials.
- Data minimization  The verifier can only access what they need to confirm you are eligible for their service. For example, if you need to prove that you are old enough to buy a lottery ticket, the store clerk would only know that you are 18 or older not your actual age, birth date or anything else about you.
- Anonymity  Your credentials are not tracked or traced.
* [Canadian Provincial Party Pushes Back Against Biometric Digital ID Plan](https://findbiometrics.com/canadian-provincial-party-pushes-back-against-biometric-digital-id-plan-040705/)
Sloan invoked the specter of China while discussing the petition, suggesting that any digital identity program would be akin to a [social credit program](https://findbiometrics.com/china-jaywalkers-biometric-surveillance-503275/) that gives the government too much control over the personal lives of its citizens.
* [Liquid Avatar and Ontario Convenience Stores Association (OSCA) Successful Pilot of Digital Age-Verification Solutions to Reach over 8,000 Retail Locations](https://www.accesswire.com/684666/Liquid-Avatar-Technologies-and-Ontario-Convenience-Stores-Association-OSCA-Deliver-Successful-Pilot-of-Digital-Age-Verification-Solutions-to-Reach-over-8000-Retail-Locations#new_tab)
The Smart Age program provides digital age verification, supported with biometric authentication for restricted product sales like lottery tickets, tobacco, alcohol and other goods and services through a mobile device using verifiable digital credentials and biometrics without a user divulging any personally identifiable information to the store clerk.
* [Ontario will launch digital ID program later this year and here's how it works](https://www.cp24.com/ontario-will-launch-digital-id-program-later-this-year-and-here-s-how-it-works-1.5578066)
* [British Columbia OrgBook Tell Us Once via Blockchain and Self-Sovereign Identity](https://digitalcanada.io/bc-orgbook-tell-us-once/)
Ontario is preparing to launch a digital identification program in the coming months, meaning people will no longer need to carry a physical drivers licence or health card.
Canada is beginning to develop their own version of a “[Tell Us Once](https://digitalcanada.io/tell-us-once-legislation/)” Digital Identity policy, an approach pioneered in Europe by the likes of Estonia.
According to the government, Ontario's [digital identification program](https://www.ontario.ca/page/ontarios-digital-id-technology-and-standards) is scheduled to launch in late 2021.
This is a policy where having provided your data to one government agency, youll never be asked for it again from another, defined explicitly through legislation.
* [Digital Identity Challenge Canada - Video + Post](https://digitalcanada.io/canada-ssi-for-digital-government/) User-Centric Verifiable Digital Credentials Challenge
Canada boasts world-leading exemplar case studies for the role of Self Sovereign Identity for Digital Government scenarios, including the [ACE](https://digitalcanada.io/ace-ssi/) and [BC Orgbook](https://digitalcanada.io/bc-orgbook-tell-us-once/) projects.
* [User-Centric Verifiable Digital Credentials](https://www.ic.gc.ca/eic/site/101.nsf/eng/00068.html)
> “The Treasury Board Secretariat of Canada (TBS) and Shared Services Canada (SSC) are seeking a standardized method to issue and rapidly verify portable digital credentials across many different contexts, thereby reducing human judgement error, increasing efficiency and ensuring digital credential veracity using cryptography.”
* [/canada-ca/ucvdcc/](https://github.com/canada-ca/ucvdcc/)
* [Google Doc](https://docs.google.com/presentation/d/1rC4Lhh0ixaig4OP3cbv2q7SkL_rFrLe489PUEUIDjDQ/edit#slide=id.p).
* [Engaging with the Ontario Digital Identity Program.](https://trustoverip.org/blog/2021/10/25/engaging-with-the-ontario-digital-identity-program/) TrustOverIP
- A summary of findings from government-led public consultations on digital identity
- An overview of Ontarios Digital ID technology roadmap, and discussions about the technology stacks and infrastructure
- Ontarios proposed conceptual model for digital identity, and the principles that inform it
* [Ontario Releases Technology and Standards for Digital Identity](https://news.ontario.ca/en/release/1000787/ontario-releases-technology-and-standards-for-digital-identity) Ontario Newsroom
“Our [Ontario Onwards: Action Plan](https://www.ontario.ca/page/ontario-onwards) first announced our governments goal to make Ontario the most advanced digital jurisdiction in the world all in the service of the people of this province,” said Peter Bethlenfalvy, Minister of Finance. “The release of Ontarios Digital ID later this year will be an exciting step towards transforming and modernizing government services in an increasingly digital world.”
* [Ontarians are getting digital ID this fall: All you need to know](https://www.itworldcanada.com/article/ontarians-are-getting-digital-id-this-fall-all-you-need-to-know/458633) itWorldCanada
tech standards that the provincial government says it is currently considering include the [Verifiable Credentials Data Model 1.0](https://www.w3.org/TR/vc-data-model/) for data modeling, [Decentralized Identifiers (DIDs) v1.0](https://www.w3.org/TR/did-core/) for key management, [JSON-LD 1.1](https://www.w3.org/TR/json-ld11/) for data formatting, [OpenID Connect](https://openid.net/connect/) as identity standard, [BBS+ Signatures 2020](https://w3c-ccg.github.io/ldp-bbs2020/) and [Ed25519 Signature 2020](https://w3c-ccg.github.io/lds-ed25519-2020/) for signature format, [Self-Issued OpenID Provider v2](https://openid.net/specs/openid-connect-self-issued-v2-1_0.html) and more for interoperability.
* [The Future of Digital Identity in Canada: Self-Sovereign Identity (SSI) and Verified.Me](https://securekey.com/the-future-of-digital-identity-in-canada-self-sovereign-identity-ssi-and-verified-me/) SecureKey
> Verified.Me ensures that only authorized attributes are shared with explicit user consent. The service bridges together multiple participants within a common ecosystem to verify the identities of users securely and privately across the participating organizations with others within the group.
* [Decentralized, Self-Sovereign, Consortium: The Future of Digital Identity in Canada](https://www.frontiersin.org/articles/10.3389/fbloc.2021.624258/)
> This article introduces how SecureKey Technologies Inc. (SecureKey) worked with various network participants and innovation partners alongside government, corporate, and consumer-focused collaborators, in a consortium approach to create a mutually beneficial network of self-sovereign identity (SSI) principles with blockchain in Canada.
### UCVDCC
* [Canadian Government: User-Centric Verifiable Digital Credentials Challenge](https://github.com/canada-ca/ucvdcc)
> This challenge is seeking a portable secure digital credentials (self-sovereign identity) solution held by individuals that can be independently, cryptographically and rapidly verified using emerging distributed ledger standards and an approach that may give rise to a global digital verification platform.
- [Recorded Video of Public Demo Day April 21, 2020](https://youtu.be/644kUC9Uw-g)
- [Final Presentations Folder](https://github.com/canada-ca/ucvdcc/blob/master/final)
* [User-Centric Verifiable Digital Credentials 2019-11-06](https://www.ic.gc.ca/eic/site/101.nsf/eng/00068.html)
> “The Treasury Board Secretariat of Canada (TBS) and Shared Services Canada (SSC) are seeking a standardized method to issue and rapidly verify portable digital credentials across many different contexts, thereby reducing human judgement error, increasing efficiency and ensuring digital credential veracity using cryptography.”
* [/canada-ca/ucvdcc/](https://github.com/canada-ca/ucvdcc/)
* [Google Doc](https://docs.google.com/presentation/d/1rC4Lhh0ixaig4OP3cbv2q7SkL_rFrLe489PUEUIDjDQ/edit#slide=id.p).
## Organization
### PCTF
* [The Public Sector Profile of the Pan-Canadian Trust Framework Working Group Close-Out Report](https://trbouma.medium.com/public-sector-profile-of-the-pan-canadian-trust-framework-version-1-2-and-next-steps-86ae7a96d6c7) Tim Bouma
> the PSP PCTF WG was an important vehicle for ensuring public sector communication and discussion across Canada
* [Trust Frameworks? Standards Matter](https://medium.com/@trbouma/trust-frameworks-standards-matter-47c946992f44) Tim Bouma
> He points at the NIST documents about it [Developing Trust Frameworks to Support Identity Federations](https://nvlpubs.nist.gov/nistpubs/ir/2018/NIST.IR.8149.pdf) published in 2018. He also points at the Canadian governments definition of standards.
>
> “a document that provides a set of agreed-upon rules, guidelines or characteristics for activities or their results. Standards establish accepted practices, technical requirements, and terminologies for diverse fields.”  He goes on to highlight a lot of the work being done in Canada and where it all sits relative to being a standard - “In closing, there are lots of trust frameworks being developed today. But to be truly trusted, a trust framework needs to either apply existing standards or become a standard itself.”
* [Privacy in Ontario?](https://www.webistemology.com/a-mydata-ontario-privacy-submission/) Webistemology John Wunderlich
> MyData Canada recently submitted a report to the Government of Ontario in response to its consultation for strengthening privacy protections in Ontario.
* [Canada: Enabling Self-Sovereign Identity](https://trbouma.medium.com/canada-enabling-self-sovereign-identity-efcfda2aa044) Tim Bouma
Older article not covered here, yet
## Biometrics
* [Canadian Provincial Party Pushes Back Against Biometric Digital ID Plan](https://findbiometrics.com/canadian-provincial-party-pushes-back-against-biometric-digital-id-plan-040705/)
The adoption of the [self-sovereign identity model](http://www.lifewithalacrity.com/2016/04/the-path-to-self-soverereign-identity.html) within the Canadian public sector is still being realized in 2020. It is too early to tell how it will change the technological infrastructure or the institutional infrastructure of Canadian public services.
Sloan invoked the specter of China while discussing the petition, suggesting that any digital identity program would be akin to a [social credit program](https://findbiometrics.com/china-jaywalkers-biometric-surveillance-503275/) that gives the government too much control over the personal lives of its citizens.
* [Old Policy, New Tech: Reconciling Permissioned Blockchain Systems with Transatlantic Privacy Frameworks](https://events.asucollegeoflaw.com/gets/wp-content/uploads/sites/10/2022/05/Remy-Hellstern-REVIEWED.pdf) By Remy Hellstern and Victoria Lemieux
## Company
* [The Future of Digital Identity in Canada: Self-Sovereign Identity (SSI) and Verified.Me](https://securekey.com/the-future-of-digital-identity-in-canada-self-sovereign-identity-ssi-and-verified-me/)
We are thrilled that the academic journal [Frontiers in Blockchain](https://www.frontiersin.org/journals/blockchain) accepted our community case study, “[Decentralized, Self-Sovereign, Consortium: The Future of Digital Identity in Canada](https://www.frontiersin.org/articles/10.3389/fbloc.2021.624258/full).” This peer-reviewed article focuses on the benefits of self-sovereign identity (SSI) with blockchain and Verified.Me as an example of these concepts being effectively implemented to create a cohesive, secure service and digital identity network.
This paper will explore the global conversation and consensus around data privacy regulation, with specific attention to the European Union and Canada. It will work to understand how blockchain-based firms situate themselves amid this regulation in relation to the storage of personally identifiable information by looking at relevant policy decisions, legal cases, and commentary from regulatory bodies and commissions.
* [Indicio and Liquid Avatar Technologies Launch Canadas First Privacy-Preserving Decentralized Technology for Sharing Health Data](https://indicio.tech/indicio-and-liquid-avatar-technologies-launch-canadas-first-privacy-preserving-decentralized-technology-for-sharing-health-data/) Indicio
“Liquid Avatar Technologies shares Indicios vision—the world needs technology that works for people by delivering real privacy and security,” said Heather Dahl, CEO of Indicio. “When we launched the Indicio Network, we saw the need for a space for innovative companies to collaborate on changing how we manage identity, enable verification, and create trust. Our partnership with Liquid Avatar Technologies, one of many, shows what can happen when innovators solve pressing problems with ground-breaking technology.”
* [Self-Sovereign Identity as a Service: Architecture in Practice](https://arxiv.org/pdf/2205.08314.pdf) Yepeng Ding, Hiroyuki Sato, University of Tokyo
## Paper
* [Old Policy, New Tech: Reconciling Permissioned Blockchain Systems with Transatlantic Privacy Frameworks](https://events.asucollegeoflaw.com/gets/wp-content/uploads/sites/10/2022/05/Remy-Hellstern-REVIEWED.pdf) By Remy Hellstern and Victoria Lemieux
We propose a practical architecture by elaborating the service concept, SSI, and DLT to implement SSIaaS platforms and SSI services. Besides, we present an architecture for constructing and customizing SSI services with a set of architectural patterns and provide corresponding evaluations. Furthermore, we demonstrate the feasibility of our proposed architecture in practice with Selfid, an SSIaaS platform based on our proposed architecture.
Ontario (a province in Canada) just had an election last week and Darrell thinks: [Digital ID Can Increase Voter Participation](https://www.continuumloop.com/digital-id-can-increase-voter-participation/)
Im not an expert on the election process, and this is just my opinion. Ive been lazy in past elections, and Id be lying if I said Ive voted in every one. As a citizen, I believe ease and accessibility have a lot to do with it.
* [Decentralized Identity & Government](https://www.youtube.com/watch?v=l8pHUdjKfes) Evernym
The key differences between federated and decentralized identity systems - An analysis of a few notable government-led projects, such as Aadhaar (India), Verify (UK), eIDAS (EU), and the Ontario Digital Identity Program (Canada) - What decentralization means for portability, scalability, flexibility, and privacy - How governments and commercial organizations can enhance existing federated identity systems with verifiable credentials
* [Participate in Alberta's First Verifiable Digital Credentials Pilot](https://pilot.atbventures.com/) ATB Ventures and Govt Alberta
As a part of the pilot, you will add your MyAlberta Digital ID as a verifiable credential to your mobile digital wallet (on your smartphone) and use this digital credential to open an ATB Pay As You Go Account - Digital Credential account with ATB Financial.
* [ATB Ventures works with Canadian government on digital ID proof of concept](https://www.biometricupdate.com/202202/atb-ventures-works-with-canadian-government-on-digital-id-proof-of-concept) Biometric Update
The proof of concept stage is where the Canadian government tests digital credentials use cases in cooperation with regulators and organizations to advance the adoption and maturity of digital credentials technology. The National Digital Trust Service aims to enable Canadians and businesses to issue, use and verify digital credentials during transactions.
* [The Future of Digital Identity in Canada: Self-Sovereign Identity (SSI) and Verified.Me](https://securekey.com/the-future-of-digital-identity-in-canada-self-sovereign-identity-ssi-and-verified-me/)
We are thrilled that the academic journal [Frontiers in Blockchain](https://www.frontiersin.org/journals/blockchain) accepted our community case study, “[Decentralized, Self-Sovereign, Consortium: The Future of Digital Identity in Canada](https://www.frontiersin.org/articles/10.3389/fbloc.2021.624258/full).” This peer-reviewed article focuses on the benefits of self-sovereign identity (SSI) with blockchain and Verified.Me as an example of these concepts being effectively implemented to create a cohesive, secure service and digital identity network.
* [Liquid Avatar and Ontario Convenience Stores Association (OSCA) Successful Pilot of Digital Age-Verification Solutions to Reach over 8,000 Retail Locations](https://www.accesswire.com/684666/Liquid-Avatar-Technologies-and-Ontario-Convenience-Stores-Association-OSCA-Deliver-Successful-Pilot-of-Digital-Age-Verification-Solutions-to-Reach-over-8000-Retail-Locations#new_tab)
The Smart Age program provides digital age verification, supported with biometric authentication for restricted product sales like lottery tickets, tobacco, alcohol and other goods and services through a mobile device using verifiable digital credentials and biometrics without a user divulging any personally identifiable information to the store clerk.
This paper will explore the global conversation and consensus around data privacy regulation, with specific attention to the European Union and Canada. It will work to understand how blockchain-based firms situate themselves amid this regulation in relation to the storage of personally identifiable information by looking at relevant policy decisions, legal cases, and commentary from regulatory bodies and commissions.
* [Decentralized, Self-Sovereign, Consortium: The Future of Digital Identity in Canada](https://www.frontiersin.org/articles/10.3389/fbloc.2021.624258/)
> This article introduces how SecureKey Technologies Inc. (SecureKey) worked with various network participants and innovation partners alongside government, corporate, and consumer-focused collaborators, in a consortium approach to create a mutually beneficial network of self-sovereign identity (SSI) principles with blockchain in Canada.

View File

@ -2,25 +2,217 @@
published: false
---
* [EBSI Demo Day](https://ec.europa.eu/digital-building-blocks/wikis/display/EBSI/EBSI+Demo+Day) ([presentation](https://ec.europa.eu/digital-building-blocks/wikis/download/attachments/464979566/EBSI_Demo_Day.pdf)) ([video playlist](https://www.youtube.com/playlist?list=PLPMb0otsCuFLpE4UYiAZ_y3HhP2VX6q8O)
first time since the launch of [the Early Adopters Programme](https://ec.europa.eu/digital-building-blocks/wikis/x/DABXGw) in 2021, we are ready to showcase, in real-time and with real data, the outcomes of the EBSI multi-university pilot.
### EBSI4Austria
* [Report from EBSI4Austria. In 2018, all European member states…](https://medium.com/@markus.sabadello/report-from-ebsi4austria-b79c0ed8ab8d) Markus Sabadello
EBSI4Austria is a CEF funded project with two main objectives. First, EBSI4Austria aims to set up, operate and maintain the Austrians EBSI node. Second, we pilot the diploma use case on the Austrian level supported by two Universities and data providers as well as verifiers.
# European Identity
# Explainer
* [Building interoperable self-sovereign identity for Europe](https://www.youtube.com/watch?v=iN6N_aIeHlU)
Oskar van Deventer, a rockstar from TNO, presents:
> ways to build an SSI ecosystem and architecture together that is interoperable and technologically mature fit for society and funding opportunities for SSI projects through grants.
* [Self-Sovereign Identity and Government Data Exchange](https://cyber.ee/resources/case-studies/self-sovereign-identity-and-government-identity/) Cybernetica
This is often achieved with ID cards or passports that we have in our possession with a photo to prove that we are the person this card belongs to, and therefore the person that ID number refers to. In digital identity terms, PKI takes the place of ID cards and offers public and private key pairs.
* [State of SSI in Europe and Necessity for Network-of-Networks (convened by Sovrin)](https://iiw.idcommons.net/11F/_State_of_SSI_in_Europe_and_Necessity_for_Network-of-Networks_(convened_by_Sovrin)) by Andre Kudra
3. Hyperledger Indy and Aries technology stack <br>4. Network of networks which has been a key concept at the Sovrin Foundation <br>5. The topic is meant to be a conversation as an outline based on material information which can be shared publicly <br>6. EBSI is one of the funded projects from the EU <br>7. ESSIF is one of the projects in this portfolio - have issued a request for proposal for consulting (not in the network of networks topic but other areas) <br>8. Findy (Finland) - yet to go live. Has public and private partners. <br>9. Projects underway at [Spain](https://alastria.io/en/id-alastria/) and other member nations in EU <br>10. Substantial funding behind Indy based technology stack deployments are being seen <br>11. Germany has 3 major streams active in the identity space
* [Blockchain-enabled Self-Sovereign Identity](https://www.e-zigurat.com/innovation-school/blog/self-sovereign-identity/)
> Martin Schäffner, the initiator of the [EuSSI Working Group](https://europeanblockchainassociation.org/eba-working-group-self-sovereign-identity-eussi/) of the [European Blockchain Association](https://europeanblockchainassociation.org/) and expert in Self-Sovereign Identity, explains the concept of Self-Sovereign Identity and how it differentiates from conventional digital identities.
* [Overview of Member States' eID strategies](https://ec.europa.eu/cefdigital/wiki/display/EIDCOMMUNITY/National+Strategies)
> The report focusses on the approaches towards eID outlined in national strategy documents, together with other supporting documentation and web resources, with the aim of offering a thorough understanding of the eID state of play across Europe.
## ESSIF
* [Commerc.io srl has concluded the project with Essif on anti-money laundering eKYC](https://commercio.network/commerc-io-srl-concluded-project-self-sovereign-identity-essif-european-union-anti-money-laundering-ekyc/)
> [ComKYC] is a protocol on the Commercio Network blockchain that allows you to issue a KYC verifiable credential after performing a simple set of payments through a bank or any regulated money institution. We piggy back on banks kyc requirements [...] it's a verifiable credential that you can share with anyone who trusts the bank to which this VC is anchored. We have created the first portable derivative key kyc credential protocol that will eliminate the endless passport upload for users, reduce customer dropouts for companies, and reduce time and cost for onboarding new customers
### eSSIF-Lab
* [eSSIF-Labs ecosystem: 2nd batch of winners: Infrastructure Development Instrument](https://essif-lab.eu/meet-the-essif-labs-ecosystem-the-infrastructure-development-instrument-first-winners-2/)
> another 7 proposals selected, out of 29 that were submitted before the second deadline of the Infrastructure-oriented Open Call
- [Verifier Universal Interface by Gataca España S.L.](https://www.gataca.io/)
- [Automated data agreements to simplify SSI work flows by LCubed AB](https://igrant.io/)
- [Presentation Exchange Credential Query Infra by Sphereon B.V.](https://sphereon.com/)
- [Letstrust.org by SSI Fabric GmbH](https://www.letstrust.org/)
- [WordPreSSI Login by Associazione Blockchain Italia](https://associazioneblockchain.it/)
- [SSI Java Libraries by Danube Tech GmbH](https://danubetech.com/)
- [NFC DID VC Bridge by Gimly](https://www.gimly.io/)
## EBSI
* [EBSI Demo Day](https://ec.europa.eu/digital-building-blocks/wikis/display/EBSI/EBSI+Demo+Day) ([presentation](https://ec.europa.eu/digital-building-blocks/wikis/download/attachments/464979566/EBSI_Demo_Day.pdf)) ([video playlist](https://www.youtube.com/playlist?list=PLPMb0otsCuFLpE4UYiAZ_y3HhP2VX6q8O)
first time since the launch of [the Early Adopters Programme](https://ec.europa.eu/digital-building-blocks/wikis/x/DABXGw) in 2021, we are ready to showcase, in real-time and with real data, the outcomes of the EBSI multi-university pilot.
* [Experience the future with the European Blockchain Services Infrastructure (EBSI)](https://www.youtube.com/watch?v=m2uj7fgb2JI)
The European Blockchain Services Infrastructure aims to deliver EU-wide cross-border digital public services using blockchain technology. The EBSI will materialize as a network of distributed nodes across Europe (the blockchain), leveraging an increasing number of applications focused on specific use cases.
* [Verifiable Credentials Lifecycle - EBSI Documentation - CEF Digital](https://ec.europa.eu/digital-building-blocks/wikis/display/EBSIDOC/Verifiable+Credentials+Lifecycle) European Commission
* [Why and how to make your digital wallet conformant with EBSI?](https://ec.europa.eu/digital-building-blocks/wikis/display/EBSI/Become+conformant) European Commission
Creating EBSI's Verifiable Credentials Profile containing all the EBSI specifications.
* [On-boarding legal entities flows clarifications - EBSI Documentation - CEF Digital](https://ec.europa.eu/digital-building-blocks/wikis/pages/viewpage.action?pageId=489652740) European Commission
In this document, you can learn how to onboard and accredit the following legal entities
- EBSI Onboarding Service (EOS)
- Trusted Accreditation Organisation (TAO)
- Trusted Issuer (TI)
* [EBSI Documentation](https://ec.europa.eu/digital-building-blocks/wikis/display/EBSIDOC/EBSI+Documentation+Home)
Governmental entities act as important intermediaries for many transactions occurring in today´s society.
In the era of misinformation, digital fraud has become a challenge that is essential to address.
Governments and the societies they serve need technology capable of verifying the authenticity of the information they handle.
As we build the European regulatory framework, in the transfer from paper to digital, a key question arises: how to share official documents, called evidences or credentials in a way that can be trusted?
* [VIDchain is the first ID wallet to become EBSI compliant](https://www.validatedid.com/post-en/vidchain-is-the-first-id-wallet-to-become-ebsi-compliant)
* [Validated ID](https://bit.ly/3ipgSzB) participates in a project to build the [European Blockchain Services Infrastructure (EBSI)](https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/EBSI) for the support of cross-border public services, an initiative created by the European Commission. EBSI is developing a strong and mature ecosystem that Validated ID is proud to be part of.
* [Congrats to the 11 wallet providers for being conformant to @EU_EBSI](https://mobile.twitter.com/IgrantIo/status/1532036324882104321/photo/1) @IgrantIo
We are glad to be among the first few along with [@ValidatedID](https://mobile.twitter.com/ValidatedID) [@danube](https://mobile.twitter.com/danube) [@GATACA_ID](https://mobile.twitter.com/GATACA_ID) [@walt_id](https://mobile.twitter.com/walt_id) [@DXCTechnology](https://mobile.twitter.com/DXCTechnology) [@CIMEA_Naric](https://mobile.twitter.com/CIMEA_Naric) [@identyum](https://mobile.twitter.com/identyum) [@ThalesDigiSec](https://mobile.twitter.com/ThalesDigiSec) [@posteitaliane](https://mobile.twitter.com/posteitaliane)
* [5 reasons why professionals and enthusiasts of Self-Sovereign Information Sharing should look into EBSI this summer](https://ec.europa.eu/digital-building-blocks/wikis/display/EBSI/5+reasons+why+professionals+and+enthusiasts+of+Self-Sovereign+Information+Sharing+should+look+into+EBSI+this+summer)
#1 EBSI combines W3C standards, Verifiable Credentials and DIDs, with blockchain technology for the purpose of information sharing between Citizens and Governments (C2G) or Businesses (C2B) <br>#2 Self-Sovereign Information Sharing should help verification, not control <br>#3 EBSI uses blockchain where it makes sense: to support the verification of Verifiable Crede <br>#4 EBSI contributes to an open market of SSI digital technologies and services <br>#5 EBSI successfully piloted Self-Sovereign Information Sharing in the education domain
* [EBSI Explained](https://ec.europa.eu/digital-building-blocks/wikis/display/EBSI/What+is+ebsi/) European Commission
EBSI is a blockchain network of distributed nodes across Europe to support important applications. [...] Below you will find a series of publications that will walk you through the technologies that make it possible for Public Administrations and Businesses to easily verify and trust information received directly from Citizens (or Businesses). There are PDFs of each one: <br> <br>- Verifiable Credentials Explained <br>- Verifiable Credentials in Action <br>- Decentralized Identifiers (DID) Methods <br>- Digital Identity <br>- Issuers Trust Model <br>- OpenID Connect for VCs <br>- Digital Wallet
* [SSI subgrantees solutions booklet: download now!](https://essif-lab.eu/meet-the-essif-lab-ecosystem-completing-the-framework-programme-participants/) ESSIF-LAB ←report on all the NGI awardees ([report](https://essif-lab.eu/wp-content/uploads/2022/09/essif-booklet-22a.pdf)
After a tough competition among overall excellent proposals, eSSIF-LAB selected the 4 most promising proposals out of 42 submitted applications. 161 applications were started altogether, from 22 different countries. This booklet gives an overview of the 4 Open Calls subgrantee projects started within the infrastructure-oriented and the business-oriented track of eSSIF-Lab.
* [Verifier Universal Interface by Gataca España S.L.](https://essif-lab.eu/verifier-universal-interface-by-gataca-espana-s-l/)
> This draft version can be found at [https://gataca-io.github.io/verifier-apis/](https://gataca-io.github.io/verifier-apis/) and has been built using ReSpec.
> This draft version for VUI includes today 6 APIs:
>
> - Presentation Exchange
> - Consent Management
> - Schema resolution
> - Issuer resolution
> - ID resolution
> - Credential status resolution
* [Meet the eSSIF-Lab ecosystem: “Completing the Framework” Programme participants](https://essif-lab.eu/meet-the-essif-lab-ecosystem-meet-the-essif-lab-ecosystem-completing-the-framework-programme-participants-amme-participants-2/)
> * [PCDS-DP](https://compell.io/) - Product Circularity Data Sheets Digital Passport
> * [ESSIF](https://sis.lt/) - 4 Logistics SSI based authorization for cross- border government and business representatives in logistics
> * [Symfoni AS](https://www.symfoni.dev/) - Infrastructure to facilitate payments for verifiable credentials
> * [Datarella GmbH](https://datarella.com/) - Go Aries Enabling CL-Support on Aries Framework Go
> * [ID.me](https://www.id.me/)s legal woes are continuing to escalate. The company is now staring down the prospect of its second federal investigation in as many months, after the House of Representatives Oversight and Reform Committee [initiated its review in April](https://findbiometrics.com/congress-opens-formal-investigation-into-id-mes-irs-project-041801/).
EBSI: [Innovation that respects our privacy is a joint effort](https://ec.europa.eu/digital-building-blocks/wikis/display/EBSI/Innovation+that+respects+our+privacy+is+a+joint+effort)
ONeills [Weapons of Math destruction](https://www.goodreads.com/book/show/28186015-weapons-of-math-destruction), Zuboffs [Surveillance Capitalism](https://www.goodreads.com/book/show/26195941-the-age-of-surveillance-capitalism), and Véliz recent [Privacy is Power](https://www.goodreads.com/en/book/show/51781479-privacy-is-power): these may have made it onto your summer reading list. And for good reason: wherever there is new technology, there is also concern for the respect of our European values.
* [5 reasons why professionals and enthusiasts of Self-Sovereign Information Sharing should look into EBSI](https://ec.europa.eu/newsroom/cef/newsletter-archives/40411)
The web is increasingly more distributed, and with it, a new pattern of information sharing is emerging: Self Sovereign Information sharing, where citizens stay in control of their information by choosing what and when to disclose it, and to whom EBSI enables self-sovereign Citizen-to-Government (C2G) and C2B (Citizen-to-Business) privacy-preserving information sharing.
* [What is EBSI? EBSI making information easy to verify and almost impossible to fake](https://ec.europa.eu/digital-building-blocks/wikis/display/EBSI/What+is+ebsi/)
Below you will find a series of publications that will walk you through the technologies that make it possible for Public Administrations and Businesses to easily verify and trust information received directly from Citizens (or Businesses).
* [Report from EBSI4Austria](https://medium.com/@markus.sabadello/report-from-ebsi4austria-b79c0ed8ab8d) Markus Sabadello
In 2018, all European member states, together with Norway and Lichtenstein, signed a declaration stating the joint ambition to take advantage of blockchain technology. These 29 countries founded the European Blockchain Partnership (EBP), and within this partnership, they decided to build the so-called European Blockchain Services Infrastructure (EBSI).
* [Validated ID's journey to becoming EBSI compliant](https://www.validatedid.com/post-en/validated-ids-journey-to-becoming-ebsi-compliant)
We at Validated ID have been betting on EBSI since the beginning. We started working to become conformant wallet providers since the very first version of [Wallet Conformance Tests (WCT)](https://ec.europa.eu/digital-building-blocks/wikis/display/EBSI/EBSI+wallets) was published. The process of preparing our solution to become conformant has allowed us to appreciate how remarkable EBSI's work has been.
* [Where do we stand on Self-Sovereign Identity?](https://www.youtube.com/watch?v=L156YjEyOdo) EBSI
On December 14th, Joao Rodrigues, Head of sector (Digital) Building Blocks at @European Commission participated in an [#ebcTALKS](https://www.youtube.com/hashtag/ebctalks) of the European Blockchain Convention about "Where do we stand on Self-Sovereign Identity"?
In 2021 the European Commission [announced the European digital identity wallet](https://ec.europa.eu/commission/presscorner/detail/en/IP_21_2663). This article explains the basic concepts, highlights the significance of this development and provides an overview of the status quo.
* [European Commission adopts decision to license European Blockchain Services Infrastructure software as open-source](https://ec.europa.eu/digital-building-blocks/wikis/display/EBSI/European+Commission+adopts+decision+to+license+European+Blockchain+Services+Infrastructure+software+as+open+source)
The Decision to make EBSI software available for licencing under the [European Union Public Licence](https://secure-web.cisco.com/1HQ5AQijOEcsuKHH5VY-lAjONv1Pa-wUY7mpfsymIkIy1G_g9CZh6vK5g0lpjxgIm0oaik042EN-5tL8xLpeesMtxZ0ENcH239uYTSSmPTbu1YtBJ5xHMWZMksOeS6X71soiQSQpoQF8fyzOr1I4atICut-sSt9Wqyou4vpS5myXfHf3S6AMMuyvAxla1etuiJbNKx4gfAlzozwPMe7yC7GNXIsZeCiNuAYA5io7f3CIwdvldsHFBtuGNYI4Z86EMXdfyQXEsR7zidw-7WNQeJpBVDCUVFJymXSb-SXsqJH8jfAf6-U9vC1ilrqATHFaZXXLWlOCOCmlS3nS9kev41tys8SvSKYuGX1FLyFgPgufe__oJ7pmihT7ABqB4AzLy7VMeHBSQfOgbkj11ZEltw4e-kd3XI7KmlREgqfYQ45T7r_VGJo3uCTUG1FlIcAkq8MON0W9AZCAMQyT5UAReSZ7LslcOaF38g6bgAGO0N_C39g6T63pWI-caAZ2h-1_m/https%3A//ec.europa.eu/info/european-union-public-licence_en) is an example of how the European Commission is not only using, but also contributing to the open-source community and thereby growing the ecosystem around EBSI.
* [Early Adopters Programme | Imagining what EBSI can do for European citizens](https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/Early%20Adopters%20Programme#become-ebsi-compliant)
In 2021, 22 projects were selected to become part of our incubator programme to help tap into the potential of the EBSI infrastructure. Each project's private and public sector partners was given early access to the pre-production environment of EBSI, and was invited to develop their own pilot project to address a specific business or government use case involving the exchange of verifiable credentials.
With the help with the EBSI team, Early Adopters can identify how to connect their systems, be part of a community and collaborate with other Early Adopters. This will help us improve EBSI's services and ensure it meets the needs of Europe's businesses and public administrations, within and across borders.
* [Three Governments enabling digital identity interoperability](https://medium.com/in-present-tense/three-governments-enabling-digital-identity-interoperability-bbcfc60c3a80) Heather Vescent
On September 15, 2021, I moderated a panel with representatives from the United States Government, the Canadian Government, and the European Commission. Below is an edited excerpt from the panel
* [Early Adopters Programme | Imagining what EBSI can do for European citizens](https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/Early%20Adopters%20Programme#become-ebsi-compliant)
An incubator to help Early Adopters and their partners imagine, build and launch their EBSI pilot project(s)
## Policy
* [Meeco Review of the European Data Strategy](https://www.meeco.me/data) - Whitepaper
* [The European Single Identity System “Back to the Future”](https://vimeo.com/481408424)
What are the Pros and Cons? - ISSE 2020 Webinar 3 ([Tim Bouma says to watch this](https://twitter.com/trbouma/status/1337373169993256962))
* [The Roles of Government & The Private Sector in a Digital ID Program with Sebastian Manhart](https://northernblock.io/roles-of-government-and-private-sector-in-digital-id/) Northern Block
we dive into whats happening within the Digital ID landscape within Europe. Sebastian Manhart is very well positioned between policy and technology in the European Union. In this episode of SSI Orbit, he shares his experiences and future projections.
* [New Coalition Launches Campaign for Data Sovereignty Now](https://datasovereigntynow.org/2021/01/21/new-coalition-launches-campaign-for-data-sovereignty-now/)
> a campaign that will press European policy makers at all levels to ensure that control of data remains in the hands of the people and organizations that generate it. The issue becomes ever more urgent as policies around Europes digital economy and data architecture start to solidify.
* [How Can Europe Lead Innovation And Win Web3? Ledgers 4 Recommendations For EU Policymakers](https://acrobat.adobe.com/link/review?uri=urn:aaid:scds:US:fa00c64a-5f6d-38c6-baf7-0bcfa06e6a28#pageNum=25)
1. Invest in a public/private partnership to co-develop a self-sovereign identity solution for Europe.
* [A trusted and secure European e-ID - Regulation](https://digital-strategy.ec.europa.eu/en/library/trusted-and-secure-european-e-id-regulation)
The legal instrument aims to provide, for cross-border use:
access to highly secure and trustworthy electronic identity solutions,
that public and private services can rely on trusted and secure digital identity solutions,
that natural and legal persons are empowered to use digital identity solutions,
that these solutions are linked to a variety of attributes and allow for the targeted sharing of identity data limited to the needs of the specific service requested,
acceptance of qualified trust services in the EU and equal conditions for their provision.
* [DIGITAL SERVICES ACT: A GAME CHANGER FOR OUR FUNDAMENTAL RIGHTS? [+ LIVE STREAM]](https://www.patrick-breyer.de/event/digital-services-act-a-game-changer-for-our-fundamental-rights/)
With the [Digital Services Act (DSA)](https://www.patrick-breyer.de/en/posts/dsa/), the European Union is to adopt landmark legislation that will create a framework to regulate online platforms around the world. The DSA will have an impact on the free expression of opinions online, our choices as consumers, the right to privacy and the basic mechanisms of the global Internet.
* [Understanding the MiCA and Pilot Regime crypto regulation](https://medium.com/adaneu/relax-take-it-easy-understanding-the-mica-and-pilot-regime-crypto-regulation-db21e537ec58)
> The European Commissions proposal for the regulation of crypto-assets markets is based on two draft texts :
> - MiCA (Markets in Crypto-Assets Regulation) whose scope covers cryptocurrencies, utility tokens and stablecoins ;
> - the Pilot Regime Regulation for DLT Market Infrastructures (PRR) project.
> With these two texts, the Commissions goal is to regulate crypto-asset players and not the assets as such.
### Data Governance Act
* [A critical fork in the data road?](https://medium.com/mydex/a-critical-fork-in-the-data-road-1eb29c5a42a8) MyData
Is the EU discussion about data portability missing a key point?
In its discussion of data portability the EU rightly recognises the economic importance of this issue, stressing that “market imbalances arising from the concentration of data restricts competition, increases market entry barriers and diminishes wider data access and use.”
it is likely that many dApp developers now need an identity solution that preserves privacy but ensures compliance which is exactly the solution that we are building at SelfKey.
EU [DATA GOVERNANCE ACT MEETS TOIP FRAMEWORK](https://trustoverip.org/blog/2022/01/13/data-governance-act-meets-toip-framework/) TOIP
The DGA defines an “intermediary” that facilitates processing and sharing of data for individuals and organizations to “…increase trust in data intermediation services and foster data altruism across the EU”. In the [MyData](https://mydata.org/declaration/) framework for user-controlled data sharing, intermediaries are called [MyData Operators](https://mydata.org/mydata-operators/) and there is a certification program in place.
* [EU Data Governance Act officially released](https://ec.europa.eu/digital-single-market/en/news/data-governance-act)
>foster the availability of data for use by increasing trust in data intermediaries and by strengthening data-sharing mechanisms across the EU
One of MyDex CICs founders, [Alan Mitchell shares a feeling of Vindication](https://medium.com/mydex/vindicated-cb897fb4e94b) in a post celebrating the companies early articulation of key principles and how the EUs proposed new Data Governance Act aligns with that.
> These providers will have to comply with a number of requirements, in particular the requirement to remain neutral as regards the data exchanged. They cannot use such data for other purposes. In the case of providers of data sharing services offering services for natural persons, the additional criterion of assuming fiduciary duties towards the individuals using them will also have to be met.
* [Data Exchange Board to Improve the EU Data Governance Act](https://mydata.org/2020/12/09/why-we-need-a-data-exchange-board-to-improve-the-eu-data-governance-act/)
* [EU Data Governance Act](https://blog.meeco.me/eu-data-governance-act/) (Meeco)
> We welcome the regulation as a needed common ground for clarifying the role of data intermediaries, building trust in these intermediaries and setting the direction for data governance, including the emergence of digital human rights.
>
> In this context we offer the following suggestions:
@ -30,12 +222,12 @@ Oskar van Deventer, a rockstar from TNO, presents:
> 4. Open silos and implement soft infrastructure such as standards & open APIs to accelerate uptake and interoperability between data sharing services.
> 5. Foster eco-systems and demonstrate the value through practical use-cases.
> 6. Create a level playing field for sustainable data sharing by providing funding to pioneers at the forefront of developing data eco-systems
* [Meeco Review of the European Data Strategy](https://www.meeco.me/data) - Whitepaper
* [Self-Sovereign Identity and Government Data Exchange](https://cyber.ee/resources/case-studies/self-sovereign-identity-and-government-identity/) Cybernetica
> The [previous post](https://cyber.ee/blog/2021/03-23/) focused on identity as a single topic, pulling it away from the data exchange component where it has recently become muddled up. In terms of identity, self-sovereign identity (SSI) and traditional public key infrastructure (PKI) based offerings are, for the most part, on the same page.
* [The European Single Identity System “Back to the Future”](https://vimeo.com/481408424)
What are the Pros and Cons? - ISSE 2020 Webinar 3 ([Tim Bouma says to watch this](https://twitter.com/trbouma/status/1337373169993256962))
The [EU Commission published the long-awaited Data Act](https://ec.europa.eu/commission/presscorner/detail/en/ip_22_1113) on February 23, 2022. This is a progressive legislative proposal to increase access to data for the users of connected products suchs as Iot devices and related services. It is a significant move towards realising the [MyData principle](https://mydata.org/declaration/) of portability, access, and re-use as well as the principle of interoperability. It will potentially also move the needle towards the shift from formal to actionable rights in terms of the right of data portability. With such a progressive agenda, the proposal will certainly also face significant opposition and counter-lobbying from those who stand to benefit from the status quo.
## NGI
Next Generation Internet (NGI) The Next Generation Internet (NGI) initiative aims to shape the development of the Internet of tomorrow into an Internet of humans that responds to peoples fundamental needs, including trust, security and inclusion, and reflects the values and the norms that we enjoy in Europe.<br><br>The NGI initiative aims to build the key technology blocks of a human-centric Internet, which gives end-users full control of their personal data. Through advanced technologies, new decentralised business and social models will ensure secure and trustworthy access for all. https://www.ngi.eu/
* [NGI Forward SALON ON DIGITAL SOVERIGNTY IN eID-Solutions2: Self-sovereign, Centralised or Privatised?](https://www.youtube.com/watch?v=1RxB7KK2x8Y)
@ -44,65 +236,23 @@ Without a clear vision on identity, society will have no agency since the capabi
Therefore it is important to have a good overview of what is happening in different parts of the world to see if we can not combine innovative solutions.
* [The EU Digital Green Certificate Program](https://www.evernym.com/blog/eu-digital-green-certificate-program/) Evernym
> Although the EUs approach to COVID-19 health certificates (the [Digital Green Certificate](https://ec.europa.eu/commission/presscorner/detail/en/qanda_21_1187) implements existing technology and supports both paper and digital credentials, offline usage, and speedy verification, it makes a number of security and privacy compromises. Our analysis found it to be inherently centralised and better suited for low assurance use cases.
- [Verifier Universal Interface by Gataca España S.L.](https://www.gataca.io/)
- [Automated data agreements to simplify SSI work flows by LCubed AB](https://igrant.io/)
- [Presentation Exchange Credential Query Infra by Sphereon B.V.](https://sphereon.com/)
- [Letstrust.org by SSI Fabric GmbH](https://www.letstrust.org/)
- [WordPreSSI Login by Associazione Blockchain Italia](https://associazioneblockchain.it/)
- [SSI Java Libraries by Danube Tech GmbH](https://danubetech.com/)
- [NFC DID VC Bridge by Gimly](https://www.gimly.io/)
* [State of SSI in Europe and Necessity for Network-of-Networks (convened by Sovrin)](https://iiw.idcommons.net/11F/_State_of_SSI_in_Europe_and_Necessity_for_Network-of-Networks_(convened_by_Sovrin)) by Andre Kudra
1. [Andre] Introduction and the role of Sovrin Foundation around the topic of SSI
2. Focus of this session is around SSI in Europe (from business and related perspective)
3. Hyperledger Indy and Aries technology stack
4. Network of networks which has been a key concept at the Sovrin Foundation
5. The topic is meant to be a conversation as an outline based on material information which can be shared publicly
6. EBSI is one of the funded projects from the EU
7. ESSIF is one of the projects in this portfolio - have issued a request for proposal for consulting (not in the network of networks topic but other areas)
8. Findy (Finland) - yet to go live. Has public and private partners.
9. Projects underway at [Spain](https://alastria.io/en/id-alastria/) and other member nations in EU
10. Substantial funding behind Indy based technology stack deployments are being seen
11. Germany has 3 major streams active in the identity space
12. Gov digital (for public sector)
13. ID Union - 2 fold - a project and a L1 Utility (as per the Trust over IP definition) project and Governance Framework; has started in 2020. Will be building a lot of use cases on Indy/Aries over a period of 3 years Includes EU member states and the 3 non EU nations. ID Union activity will have contributions to open source projects
14. Germany is running an SSI pilot based on the Aries framework. First use case — hotel check in for business travelers (two data types: ID; corporate billing address). German eID card will be used to generate a VC by issuing on behalf of the issuer of the eID card.
15. Mixed bag of projects and technologies which underline the topic/concept around network of networks. Organizations will come up with their networks and interoperability would be something that is inbuilt.
16. EU Commission has identified the necessity of making this happen. So no one blockchain to rule them all. A cooperative approach would be needed to get into NoN - tokenisation, IoT etc have been part of the requirements
17. 3 Sovrin member organizations have jointly created a position paper to address the necessity of this approach of NoN. This approach is endorsed by the Sovrin Foundation.
18. Universal resolver, multi-ledger wallet etc are key components. A side-project to make a tangible NoN experiment is on the cards.
19. [Andreas] [https://joinup.ec.europa.eu/collection/ssi-eidas-bridge/about](https://joinup.ec.europa.eu/collection/ssi-eidas-bridge/about)
20. [Alex Blom] [https://vimeo.com/522501200](https://vimeo.com/522501200)
21. [https://gitlab.grnet.gr/essif-lab/infrastructure/validated-id/seb_project_summary](https://gitlab.grnet.gr/essif-lab/infrastructure/validated-id/seb_project_summary)
22. [https://github.com/validatedid/eidas-bridge](https://github.com/validatedid/eidas-bridge)
* EU Announcement: [European Digital Identity](https://ec.europa.eu/info/strategy/priorities-2019-2024/europe-fit-digital-age/european-digital-identity_en)
* [The EU Announcement is the Biggest Ever in SSI](https://credentialmaster.com/the-eu-announcement-is-the-biggest-ever-in-ssi/) Credential Master
> Timothy Ruffs analysis and commentary on the EU Announcement this week about its new digital identity strategy.
* [EU plans digital ID wallet for blocs post-pandemic life](https://apnews.com/article/europe-health-coronavirus-pandemic-lifestyle-travel-73f90d18909c595da463994e16e17348)
> The European Digital Identity Wallet proposed by the EUs executive commission is a smartphone app that would let users store electronic forms of identification and other official documents, such as drivers licenses, prescriptions and school diplomas.
## EICC
* [Where Stands the Sovereign Self?](https://www.kuppingercole.com/blog/hegde/eic-speaker-spotlight-doc-searls-on-decentralized-identity?ref=smspotlightdoc) Kuppinger Cole
Doc Searls, Co-founder and board member of Customer Commons, and Director of ProjectVRM, is to deliver a keynote entitled [Where Stands the Sovereign Self?](https://www.kuppingercole.com/sessions/4918) at the [European Identity and Cloud Conference 2021](https://www.kuppingercole.com/events/eic2021). [...] we asked Doc some questions about his planned presentation.
- [How to use the framework of a Trusted Data Ecosystem to simplify building decentralized identity solutions](https://www.kuppingercole.com/sessions/4999/3) on Wednesday, May 11, at the [European Identity and Cloud Conference 2022](https://www.kuppingercole.com/events/eic2022).
## Company
* [European Digital Identity: Talao Announces Professional Credential Solution](https://medium.com/@talao_io/european-digital-identity-talao-announces-professional-credential-solution-1d322e32be2c) Talao
Talaos team is excited to announce the development of the first Decentralized Self-Sovereign Identity (SSI) solution built on the Tezos blockchain for the Human Resources industry. The digital wallet created by Talao will enable companies to issue verifiable professional credentials and for employees to store work history and other personal data.
* [Experience the future with the European Blockchain Services Infrastructure (EBSI)](https://www.youtube.com/watch?v=m2uj7fgb2JI)
Discover Evas journey using the blockchain solution developed by the European Commission and the European Blockchain Partnership members: the European Blockchain Services Infrastructure (EBSI) - [http://ec.europa.eu/cefdigital/ebsi](https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa2JrRVM0dGRJMDd1WkUxX284enZ3YjN3bUV2UXxBQ3Jtc0ttbE9Fd0NWMm1iNVYyRlpKRmttSTJlZE85VXNOQkozSkR1VkdaUm52bWM5eFIyUUtnUGF6b2FNTExVbXB3d0RoYzk2b0ZOYVR6VjR6VU5nTGdlalhqQ2RXU095MmJUR1RadTVBT082NXRYWE5OSElTMA&q=http%3A//ec.europa.eu/cefdigital/ebsi)
## Government
* [DIGITAL SERVICES ACT: A GAME CHANGER FOR OUR FUNDAMENTAL RIGHTS? [+ LIVE STREAM]](https://www.patrick-breyer.de/event/digital-services-act-a-game-changer-for-our-fundamental-rights/)
* [Self-Sovereign Digital Identity Wallets for Citizens](https://tages.biz/self-sovereign-digital-identity-wallets-for-citizens/) Tages
With the [Digital Services Act (DSA)](https://www.patrick-breyer.de/en/posts/dsa/), the European Union is to adopt landmark legislation that will create a framework to regulate online platforms around the world. The DSA will have an impact on the free expression of opinions online, our choices as consumers, the right to privacy and the basic mechanisms of the global Internet.
The information on Horizon Europe, EU Health, Digital Europe, Creative Europe, Digital Single Market, Citizens, Equality, Rights, and Values Programme were shared by the experts and also the representatives of the organizations that have project experience within the scope of these EU programs shared the achievements, outputs, challenges, lessons learned and cooperation processes with EU member states in the projects they implemented. <br> [...]<br> Watch all the presentations from the event: [11 May 2022](https://www.youtube.com/watch?v=GKlgfRSCeXI), [12 May 2022](https://www.youtube.com/watch?v=DQIgwVJvFuE&t=28020s)
* [Blockchain-enabled Self-Sovereign Identity](https://www.e-zigurat.com/innovation-school/blog/self-sovereign-identity/)
> Martin Schäffner, the initiator of the [EuSSI Working Group](https://europeanblockchainassociation.org/eba-working-group-self-sovereign-identity-eussi/) of the [European Blockchain Association](https://europeanblockchainassociation.org/) and expert in Self-Sovereign Identity, explains the concept of Self-Sovereign Identity and how it differentiates from conventional digital identities.
* [The “Secure Platform” Concept for Europe - a Trusted and Secure Foundation for a Human-Centric Digital World.](https://mydata.org/2021/06/04/guest-post-the-secure-platform-concept-for-europe/) MyData
The following article discusses the technical requirements needed to protect our personal data and to ensure a safer digital world. It presents solutions for creating an open and secure IT infrastructure where data privacy can always be guaranteed. The article has been written by esatus, founding member and lead of the “Secure Platform” working group, a thematic group within [the IT Security Association Germany (TeleTrusT)](https://www.teletrust.de/en/startseite/).
@ -118,53 +268,22 @@ The following article discusses the technical requirements needed to protect our
>
> “This toolbox should include the technical architecture, standards and guidelines for best practices,” the commission adds, eliding the large cans of worms being firmly cracked open.
* [A trusted and secure European e-ID - Regulation](https://digital-strategy.ec.europa.eu/en/library/trusted-and-secure-european-e-id-regulation)
The legal instrument aims to provide, for cross-border use:
access to highly secure and trustworthy electronic identity solutions,
that public and private services can rely on trusted and secure digital identity solutions,
that natural and legal persons are empowered to use digital identity solutions,
that these solutions are linked to a variety of attributes and allow for the targeted sharing of identity data limited to the needs of the specific service requested,
acceptance of qualified trust services in the EU and equal conditions for their provision.
## eIDAS
* [SSI eIDAS Legal Report Ignacio Alamillo Webinar 55](https://ssimeetup.org/introducing-ssi-eidas-legal-report-ignacio-alamillo-webinar-55/)
> The European Commission developed the [SSI (Self-Sovereign Identity) eIDAS bridge](https://joinup.ec.europa.eu/collection/ssi-eidas-bridge), an ISA2 funded initiative, to promote eIDAS as a trust framework for the SSI ecosystem. It assists a VC (Verifiable Credential) issuer in the signing process, and helps the verifier to automate the identification of the organization behind the issuers DID (Decentralized Identifier). Simply by “crossing” the eIDAS Bridge, a Verifiable Credential can be proven trustworthy in the EU.
* [eIDAS and Self-Sovereign Identity](https://www.thedinglegroup.com/blog/2021/3/11/eidas-and-self-sovereign-identity) ([Video](https://vimeo.com/522501200) Dingle Group
> Why then is eIDAS v1 not seen as a success? There are many reasons; from parts of the regulation that focused or constrained its use into the public sphere only, to the lack of total coverage across all of the EU. Likely the key missing piece was that the cultural climate was not yet ripe and the state of digital identity was really not ready. Too many technical problems were yet to be solved. Without these elements the realized state of eIDAS should not be unexpected. All this said, eIDAS v1 laid very important groundwork and created an environment to gather important learnings to allow eIDAS v2 to realize the hoped for levels of success and adoption.
* [Legal compliance and the involvement of governments](https://ssi-ambassador.medium.com/self-sovereign-identity-legal-compliance-and-the-involvement-of-governments-467acdd32e88) SSI Ambassador
> Its currently possible to be eIDAS compliant with SSI, leveraging one out of five scenarios described in the SSI eIDAS legal report by Dr. Ignacio Alamillo Domingo. Especially interesting is the SSI eIDAS bridge, which adds legal value to verified credentials with the use of electronic certificates and electronic seals. However, its also possible to derive national eIDs notified in eIDAS, which are eIDAS linked by issuing a verifiable credential with a qualified certificate according to the technical specification.
## eSSIF Lab
* [Infrastructure Development Winners](https://essif-lab.eu/meet-the-essif-labs-ecosystem-the-infrastructure-development-instrument-first-winners/) including SICPA, Jolocom, Evernym, ValidatedID
* [Meet the eSSIF-Lab ecosystem: the 2nd Business-oriented Programme participants](https://essif-lab.eu/meet-the-essif-lab-ecosystem-the-2nd-business-oriented-programme-participants/)
Blockchain Certified Data        Academic Verifiable Credentials (Academic VCs) [https://www.bcdiploma.com/](https://www.bcdiploma.com/)
Upstream Dream AB        Patient-controlled information flows for learning health systems (The LHS project) [https://www.genia.se](https://www.genia.se/)
Mopso Srl        Amlet (A.W.) [https://www.mopso.eu/](https://www.mopso.eu/)
Credenco B.V.        Digital Certificate of Good Conduct (CoCG) [https://www.credenco.com](https://www.credenco.com/)
Stichting CherrytwistDecentralized Open Innovation Platform (DOIP) [https://alkem.io](https://alkem.io/)
Truu LtdHealthcare Professionals Digital Staff Passport (Health DSP) [https://www.truu.id](https://www.truu.id/)
Fair BnB Network Società Cooperativa        Stay Fair, Play Fair a co-operative habitat for music   [https://fairbnb.coop/](https://fairbnb.coop/)
ZENLIFE SARL-S        Zenlife eConsent [https://zenlife.lu/](https://zenlife.lu/)  under construction
LearningProof UG        HonorBox-SSI  [https://learningproof.xyz](https://learningproof.xyz/)
WorkPi B.V.        Work Performance Intelligence (WorkPi) [https://workpi.com/](https://workpi.com/)
yes.com AG        European Bank Identity Credentials (Eubic) [https://www.yes.com](https://www.yes.com/)
Blockchain Certified Data [Academic Verifiable Credentials](https://www.bcdiploma.com/) (Academic VCs)
Upstream Dream AB [Patient-controlled information flows for learning health systems](https://www.genia.se/) (The LHS project)
Mopso Srl [Amlet](https://www.mopso.eu/) (A.W.)
Credenco B.V. [Digital Certificate of Good Conduct](https://www.credenco.com/) (CoCG)
Stichting Cherrytwist [Decentralized Open Innovation Platform](https://alkem.io/) (DOIP)
Truu Ltd [Healthcare Professionals Digital Staff Passport](https://www.truu.id/) (Health DSP)
Fair BnB Network Società Cooperativa  [Stay Fair, Play Fair a co-operative habitat for music](https://fairbnb.coop/)
ZENLIFE SARL-S [Zenlife eConsent](https://zenlife.lu/)  under construction
LearningProof UG  [HonorBox-SSI](https://learningproof.xyz/)
WorkPi B.V. [Work Performance Intelligence](https://workpi.com/) (WorkPi)
yes.com AG  [European Bank Identity Credentials](https://www.yes.com/) (Eubic)
* [Gimly in eSSIf-lab: self-sovereign identity and NFC smartcards](https://www.gimly.io/blog/gimly-in-essif-ssi-and-nfc-smartcards)
> Gimly is participating in the European SSI infrastructure programme (eSSIf-lab), building a bridge for the implementation of NFC smartcards with secure elements as physical SSI identifiers. Our aim is to enable self-sovereign identity for both online and offline identification, authorization and access management, with a decreased dependency on the use of personal smartphones.
@ -176,16 +295,11 @@ Meet [Alex Norta](http://alexnortaphd.yolasite.com/), associate professor at Tal
* [SSI Mandate Service by Visma Connect B.V.](https://essif-lab.eu/ssi-mandate-service-by-visma-connect-b-v/) ESSIF LAB
The SSI mandate service is a generic and holistic approach to provide and request mandates. Mandates are SSI credentials signed by the dependent that can be requested by either the dependent or authorized representative. These credentials can be used to prove to a verifier that the authorized representative is authorized to act for specific actions on behalf of the dependent.
* [Support to the implementation of the European Digital Identity Framework and the implementation of the Once Only System under the Single Digital Gateway Regulation](https://ec.europa.eu/info/funding-tenders/opportunities/portal/screen/opportunities/topic-details/digital-2022-deploy-02-electronic-id;callCode=DIGITAL-2022-DEPLOY-02) Until May 17
The objective of the topic is to develop, implement and scale up the European Digital Identity framework, based on the revised eIDAS regulatory framework as well as the exchange of evidence as set out in article 14 the Single Digital Gateway Regulation. The broader objective of European Digital Identity is to improve citizens access to highly trusted and secure electronic identity means and trust services such as digital signatures, improve citizens possibilities to use them and improve their ability to control over sharing their personal identity data.
* [OnboardSSI by Quadible](https://essif-lab.eu/onboardssi-by-quadible/) ESSIF-LAB
The concept of SSI was designed with the citizen and privacy in mind. However, existing implementations lack user-friendliness (e.g. showing hash codes to users), creating potential barriers in users adoption. OnboardSSI focuses on providing a secure and user-friendly wallet solution creating an easier way for citizens to manage their identity.
* [eSSIF-Labs ecosystem: 2nd batch of winners: Infrastructure Development Instrument](https://essif-lab.eu/meet-the-essif-labs-ecosystem-the-infrastructure-development-instrument-first-winners-2/)
> another 7 proposals selected, out of 29 that were submitted before the second deadline of the Infrastructure-oriented Open Call
* [eSSIF-Lab Vision and Purpose](https://essif-lab.pages.grnet.gr/framework/docs/vision-and-purpose)
The context of the eSSIF-Lab vision can be found in articles 8-10 of the [European Convention on Human Rights (ECHR)](https://www.echr.coe.int/Pages/home.aspx?p=basictexts/convention), that state the rights of individuals regarding their privacy, and their freedoms to collect, process, store, and express information in a self-sovereign fashion, i.e. in a way that they can decide for themselves.
@ -211,50 +325,6 @@ The context of the eSSIF-Lab vision can be found in articles 8-10 of the [Europ
- [Infrastructure Development Winners](https://essif-lab.eu/meet-the-essif-labs-ecosystem-the-infrastructure-development-instrument-first-winners/) including SICPA, Jolocom, Evernym, ValidatedID
- [Business-Oriented Programme](https://essif-lab.eu/meet-the-essif-labs-ecosystem-the-1st-business-oriented-programme-participants/) including Danube Tech, Domi, Jolocom
* [Verifiable Credentials Lifecycle - EBSI Documentation - CEF Digital](https://ec.europa.eu/digital-building-blocks/wikis/display/EBSIDOC/Verifiable+Credentials+Lifecycle) European Commission
* [Why and how to make your digital wallet conformant with EBSI?](https://ec.europa.eu/digital-building-blocks/wikis/display/EBSI/Become+conformant) European Commission
Creating EBSI's Verifiable Credentials Profile containing all the EBSI specifications.
* [On-boarding legal entities flows clarifications - EBSI Documentation - CEF Digital](https://ec.europa.eu/digital-building-blocks/wikis/pages/viewpage.action?pageId=489652740) European Commission
In this document, you can learn how to onboard and accredit the following legal entities
- EBSI Onboarding Service (EOS)
- Trusted Accreditation Organisation (TAO)
- Trusted Issuer (TI)
* [The time for the eIDAS Bridge](https://www.validatedid.com/post-en/the-time-for-the-eidas-bridge) ValidatedID
if you wonder how many of us, users, can really take advantage of PKI for identifying ourselves on the internet, the answer is quite deceiving. This mature technology has been available for decades but has never become mainstream among the society for identifying end users.
* [Our Analysis of the EU Digital Identity Architecture and Reference Framework](https://www.evernym.com/blog/eu-digital-identity/) Evernym
> Broadly, we at Evernym/Avast are impressed with the content and the underlying principles in the Framework. Theres a lot that we like, but there are also some areas of significant concern that need careful attention.
* [Global Identity Networks: How to Leverage Them for Business Benefit](https://www.kuppingercole.com/events/eic2022/blog/global-identity-networks-to-leverage-business-benefit) Kuppinger Cole
The uptake of eIDAS (facilitating cross-border acceptance of eIDs) is low relative to the technical capacity of states; [only 15 of the 27 Member States](https://op.europa.eu/en/publication-detail/-/publication/35274ac3-cd1b-11ea-adf7-01aa75ed71a1) able to fulfil the regulations requirements of accepting the eIDs of other Member States for public services.
The EU Commission did reflect on the effectiveness of the regulation in its [Impact Assessment](https://op.europa.eu/en/publication-detail/-/publication/35274ac3-cd1b-11ea-adf7-01aa75ed71a1), and is developing a revision of it. There are multiple revision options being discussed, but thus far, the preferred option would establish a framework that provides citizens with optional use of a personal digital wallet
* [EBSI Documentation](https://ec.europa.eu/digital-building-blocks/wikis/display/EBSIDOC/EBSI+Documentation+Home)
Governmental entities act as important intermediaries for many transactions occurring in today´s society.
In the era of misinformation, digital fraud has become a challenge that is essential to address.
Governments and the societies they serve need technology capable of verifying the authenticity of the information they handle.
As we build the European regulatory framework, in the transfer from paper to digital, a key question arises: how to share official documents, called evidences or credentials in a way that can be trusted?
* [VIDchain is the first ID wallet to become EBSI compliant](https://www.validatedid.com/post-en/vidchain-is-the-first-id-wallet-to-become-ebsi-compliant)
* [Validated ID](https://bit.ly/3ipgSzB) participates in a project to build the [European Blockchain Services Infrastructure (EBSI)](https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/EBSI) for the support of cross-border public services, an initiative created by the European Commission. EBSI is developing a strong and mature ecosystem that Validated ID is proud to be part of.
* [Announcing selection final phase eSSIF-Lab and maximum funding by the European Commission](https://medium.com/@WorkX/announcing-selection-final-phase-essif-lab-and-maximum-funding-by-the-european-commission-80e4ef8912db) Work X
we have done extensive research & development into a use-case to let employees regain control over their career-related data. Therefore receiving the maximum development grant of €106.000 (funded by the European Commission) to bring our MVP into production.
@ -266,104 +336,78 @@ we have done extensive research & development into a use-case to let employees r
- [Symfoni AS](https://www.symfoni.dev/) - Infrastructure to facilitate payments for verifiable credentials
- [Datarella GmbH](https://datarella.com) - Go Aries Enabling CL-Support on Aries Framework Go
## eIDAS
* [SSI eIDAS Legal Report Ignacio Alamillo Webinar 55](https://ssimeetup.org/introducing-ssi-eidas-legal-report-ignacio-alamillo-webinar-55/)
> The European Commission developed the [SSI (Self-Sovereign Identity) eIDAS bridge](https://joinup.ec.europa.eu/collection/ssi-eidas-bridge), an ISA2 funded initiative, to promote eIDAS as a trust framework for the SSI ecosystem. It assists a VC (Verifiable Credential) issuer in the signing process, and helps the verifier to automate the identification of the organization behind the issuers DID (Decentralized Identifier). Simply by “crossing” the eIDAS Bridge, a Verifiable Credential can be proven trustworthy in the EU.
* [eIDAS and Self-Sovereign Identity](https://www.thedinglegroup.com/blog/2021/3/11/eidas-and-self-sovereign-identity) ([Video](https://vimeo.com/522501200) Dingle Group
> Why then is eIDAS v1 not seen as a success? There are many reasons; from parts of the regulation that focused or constrained its use into the public sphere only, to the lack of total coverage across all of the EU. Likely the key missing piece was that the cultural climate was not yet ripe and the state of digital identity was really not ready. Too many technical problems were yet to be solved. Without these elements the realized state of eIDAS should not be unexpected. All this said, eIDAS v1 laid very important groundwork and created an environment to gather important learnings to allow eIDAS v2 to realize the hoped for levels of success and adoption.
* [Congrats to the 11 wallet providers for being conformant to @EU_EBSI](https://mobile.twitter.com/IgrantIo/status/1532036324882104321/photo/1) @IgrantIo
* [Legal compliance and the involvement of governments](https://ssi-ambassador.medium.com/self-sovereign-identity-legal-compliance-and-the-involvement-of-governments-467acdd32e88) SSI Ambassador
> Its currently possible to be eIDAS compliant with SSI, leveraging one out of five scenarios described in the SSI eIDAS legal report by Dr. Ignacio Alamillo Domingo. Especially interesting is the SSI eIDAS bridge, which adds legal value to verified credentials with the use of electronic certificates and electronic seals. However, its also possible to derive national eIDs notified in eIDAS, which are eIDAS linked by issuing a verifiable credential with a qualified certificate according to the technical specification.
We are glad to be among the first few along with [@ValidatedID](https://mobile.twitter.com/ValidatedID) [@danube](https://mobile.twitter.com/danube) [@GATACA_ID](https://mobile.twitter.com/GATACA_ID) [@walt_id](https://mobile.twitter.com/walt_id) [@DXCTechnology](https://mobile.twitter.com/DXCTechnology) [@CIMEA_Naric](https://mobile.twitter.com/CIMEA_Naric) [@identyum](https://mobile.twitter.com/identyum) [@ThalesDigiSec](https://mobile.twitter.com/ThalesDigiSec) [@posteitaliane](https://mobile.twitter.com/posteitaliane)
* [The time for the eIDAS Bridge](https://www.validatedid.com/post-en/the-time-for-the-eidas-bridge) ValidatedID
if you wonder how many of us, users, can really take advantage of PKI for identifying ourselves on the internet, the answer is quite deceiving. This mature technology has been available for decades but has never become mainstream among the society for identifying end users.
* [Support to the implementation of the European Digital Identity Framework and the implementation of the Once Only System under the Single Digital Gateway Regulation](https://ec.europa.eu/info/funding-tenders/opportunities/portal/screen/opportunities/topic-details/digital-2022-deploy-02-electronic-id;callCode=DIGITAL-2022-DEPLOY-02) Until May 17
The objective of the topic is to develop, implement and scale up the European Digital Identity framework, based on the revised eIDAS regulatory framework as well as the exchange of evidence as set out in article 14 the Single Digital Gateway Regulation. The broader objective of European Digital Identity is to improve citizens access to highly trusted and secure electronic identity means and trust services such as digital signatures, improve citizens possibilities to use them and improve their ability to control over sharing their personal identity data.
* [Global Identity Networks: How to Leverage Them for Business Benefit](https://www.kuppingercole.com/events/eic2022/blog/global-identity-networks-to-leverage-business-benefit) Kuppinger Cole
The uptake of eIDAS (facilitating cross-border acceptance of eIDs) is low relative to the technical capacity of states; [only 15 of the 27 Member States](https://op.europa.eu/en/publication-detail/-/publication/35274ac3-cd1b-11ea-adf7-01aa75ed71a1) able to fulfil the regulations requirements of accepting the eIDs of other Member States for public services.
The EU Commission did reflect on the effectiveness of the regulation in its [Impact Assessment](https://op.europa.eu/en/publication-detail/-/publication/35274ac3-cd1b-11ea-adf7-01aa75ed71a1), and is developing a revision of it. There are multiple revision options being discussed, but thus far, the preferred option would establish a framework that provides citizens with optional use of a personal digital wallet
- [An analysis of EU digital identity architecture and reference framework](https://blog.avast.com/analysis-of-eu-digital-identity-architecture-and-reference-framework-avast)
- [eIDAS 2.0: How Europe can define the digital identity blueprint for the world](https://blog.avast.com/eidas-2.0-avast)
* [EIDAS 2.0 Turns To Self-Sovereign Identification To Bring Users Ownership And Control](https://www.forbes.com/sites/alastairjohnson/2022/07/05/eidas-20-turns-to-self-sovereign-identification-to-bring-users-ownership-and-control/?sh=a9eefcc7f07e) Forbes
The new proposal will pivot on some of the more key issues that held back the original framework. For example, instead of enforcing a single, rigid ID that openly reveals everything about an individual indefinitely, the eIDAS 2.0 structure can now potentially employ a flexible, self-sovereign identity (SSI) that puts control of all identifying information entirely into the hands of the end-users they pertain to, in both public and private partnership frameworks.
* [Self-Sovereign Digital Identity Wallets for Citizens](https://tages.biz/self-sovereign-digital-identity-wallets-for-citizens/) Tages
* [Our Analysis of the EU Digital Identity Architecture and Reference Framework](https://www.evernym.com/blog/eu-digital-identity/) Evernym
> Broadly, we at Evernym/Avast are impressed with the content and the underlying principles in the Framework. Theres a lot that we like, but there are also some areas of significant concern that need careful attention.
The information on Horizon Europe, EU Health, Digital Europe, Creative Europe, Digital Single Market, Citizens, Equality, Rights, and Values Programme were shared by the experts and also the representatives of the organizations that have project experience within the scope of these EU programs shared the achievements, outputs, challenges, lessons learned and cooperation processes with EU member states in the projects they implemented.
- [An analysis of EU digital identity architecture and reference framework](https://blog.avast.com/analysis-of-eu-digital-identity-architecture-and-reference-framework-avast)
* [...]
* [Avasts views on the proposed amendments to the eIDAS 2.0 regulation](https://blog.avast.com/eidas-2.0-amendments-analysis)
Watch all the presentations from the event: [11 May 2022](https://www.youtube.com/watch?v=GKlgfRSCeXI), [12 May 2022](https://www.youtube.com/watch?v=DQIgwVJvFuE&t=28020s)
* [Introducing the SSI eIDAS Legal Report](https://ssimeetup.org/introducing-ssi-eidas-legal-report-ignacio-alamillo-webinar-55/)  Ignacio Alamillo Webinar 55
> The European Commission developed the [SSI (Self-Sovereign Identity) eIDAS bridge](https://joinup.ec.europa.eu/collection/ssi-eidas-bridge), an ISA2 funded initiative, to promote eIDAS as a trust framework for the SSI ecosystem. It assists a VC (Verifiable Credential) issuer in the signing process, and helps the verifier to automate the identification of the organization behind the issuers DID (Decentralized Identifier)
EBSI
* [The time for the eIDAS Bridge](http://validatedid.com/post-en/the-time-for-the-eidas-bridge) ValidatedID
* [5 reasons why professionals and enthusiasts of Self-Sovereign Information Sharing should look into EBSI this summer](https://ec.europa.eu/digital-building-blocks/wikis/display/EBSI/5+reasons+why+professionals+and+enthusiasts+of+Self-Sovereign+Information+Sharing+should+look+into+EBSI+this+summer)
The main goal of this new program was to provide an implementation of eIDAS bridge and to proof the interoperability between different provider implementations. Validated ID was selected to participate in part of the Call 1 of infrastructure. The results of this project are available as open source. If you are interested in digging into the code, you can find it all in the following repositories: [our open source version implementation](https://gitlab.grnet.gr/essif-lab/infrastructure/validated-id/seb) and the [SSI eIDAS Bridge interoperability](https://gitlab.grnet.gr/essif-lab/interoperability/ssi-eidas-bridge) performed with SICPA.
#1 EBSI combines W3C standards, Verifiable Credentials and DIDs, with blockchain technology for the purpose of information sharing between Citizens and Governments (C2G) or Businesses (C2B)
* [European Digital Identity Architecture and Reference Framework](https://forum.eid.as/t/european-digital-identity-architecture-and-reference-framework/216) ([pdf](https://ec.europa.eu/transparency/expert-groups-register/core/api/front/document/73759/download)
#2 Self-Sovereign Information Sharing should help verification, not control
The document in particular outlines the EUDI Wallet:
#3 EBSI uses blockchain where it makes sense: to support the verification of Verifiable Crede
* [EU DATA ACT MAKING DATA PORTABILITY ACTIONABLE](https://mydata.org/2022/02/25/eu-data-act-making-data-portability-actionable/)
#4 EBSI contributes to an open market of SSI digital technologies and services
* [eIDAS 2.0: How Europe Can Define the Digital Identity Blueprint for the World](https://www.evernym.com/blog/eidas/) Evernym
#5 EBSI successfully piloted Self-Sovereign Information Sharing in the education domain
Problem 1: Unique wallet IDs <br>Problem 2: Remote Wallet Kill Switches <br>Problem 3: Wallet Content Restrictions <br>Problem 4: Private Sector Restrictions <br>Exciting New Opportunities for eIDAS 2.0 <br>Opportunity 1: Basic or Enhanced Wallets <br>Opportunity 2: Turning Regulations Into Revenue <br>Opportunity 3: Person-to-Person Verification <br>Opportunity 4: Secure messaging.
* [EBSI Explained](https://ec.europa.eu/digital-building-blocks/wikis/display/EBSI/What+is+ebsi/) European Commission
## Organization
EBSI is a blockchain network of distributed nodes across Europe to support important applications. [...] Below you will find a series of publications that will walk you through the technologies that make it possible for Public Administrations and Businesses to easily verify and trust information received directly from Citizens (or Businesses). There are PDFs of each one:
* [European Union Digital Identity Wallet Consortium](https://eudiwalletconsortium.org/) EUDI
- Verifiable Credentials Explained
- Verifiable Credentials in Action
- Decentralized Identifiers (DID) Methods
- Digital Identity
- Issuers Trust Model
- OpenID Connect for VCs
- Digital Wallet
The funding call is within the Digital Europe Programme (DIGITAL) topic 5.3.1.2 which requests support to implement the European Digital Identity Framework and the implementation of the Once Only System under the Single Digital Gateway Regulation. Up to €37m funding is available.
EBSI: [Innovation that respects our privacy is a joint effort](https://ec.europa.eu/digital-building-blocks/wikis/display/EBSI/Innovation+that+respects+our+privacy+is+a+joint+effort)
ONeills [Weapons of Math destruction](https://www.goodreads.com/book/show/28186015-weapons-of-math-destruction), Zuboffs [Surveillance Capitalism](https://www.goodreads.com/book/show/26195941-the-age-of-surveillance-capitalism), and Véliz recent [Privacy is Power](https://www.goodreads.com/en/book/show/51781479-privacy-is-power): these may have made it onto your summer reading list. And for good reason: wherever there is new technology, there is also concern for the respect of our European values.
* [SSI subgrantees solutions booklet: download now!](https://essif-lab.eu/meet-the-essif-lab-ecosystem-completing-the-framework-programme-participants/) ESSIF-LAB ←report on all the NGI awardees ([report](https://essif-lab.eu/wp-content/uploads/2022/09/essif-booklet-22a.pdf)
After a tough competition among overall excellent proposals, eSSIF-LAB selected the 4 most promising proposals out of 42 submitted applications. 161 applications were started altogether, from 22 different countries. This booklet gives an overview of the 4 Open Calls subgrantee projects started within the infrastructure-oriented and the business-oriented track of eSSIF-Lab.
* [5 reasons why professionals and enthusiasts of Self-Sovereign Information Sharing should look into EBSI](https://ec.europa.eu/newsroom/cef/newsletter-archives/40411)
The web is increasingly more distributed, and with it, a new pattern of information sharing is emerging: Self Sovereign Information sharing, where citizens stay in control of their information by choosing what and when to disclose it, and to whom EBSI enables self-sovereign Citizen-to-Government (C2G) and C2B (Citizen-to-Business) privacy-preserving information sharing.
* [Self-Sovereign Identity Working Group](https://europeanblockchainassociation.org/eba-working-group-self-sovereign-identity-eussi/) European Blockchain Association in collaboration with the European Commission
Right now, many enterprises and organisations are building their own SSI solutions by implementing the existing standards and protocols. Since all these parties do similar work and have to face similar problems, it is critical for the community to share these learnings and experiences openly.
* [A critical fork in the data road?](https://medium.com/mydex/a-critical-fork-in-the-data-road-1eb29c5a42a8) MyData
Is the EU discussion about data portability missing a key point?
In its discussion of data portability the EU rightly recognises the economic importance of this issue, stressing that “market imbalances arising from the concentration of data restricts competition, increases market entry barriers and diminishes wider data access and use.”
it is likely that many dApp developers now need an identity solution that preserves privacy but ensures compliance which is exactly the solution that we are building at SelfKey.
EU [DATA GOVERNANCE ACT MEETS TOIP FRAMEWORK](https://trustoverip.org/blog/2022/01/13/data-governance-act-meets-toip-framework/) TOIP
The DGA defines an “intermediary” that facilitates processing and sharing of data for individuals and organizations to “…increase trust in data intermediation services and foster data altruism across the EU”. In the [MyData](https://mydata.org/declaration/) framework for user-controlled data sharing, intermediaries are called [MyData Operators](https://mydata.org/mydata-operators/) and there is a certification program in place.
* [Overview of Member States' eID strategies](https://ec.europa.eu/cefdigital/wiki/display/EIDCOMMUNITY/National+Strategies)
> The report focusses on the approaches towards eID outlined in national strategy documents, together with other supporting documentation and web resources, with the aim of offering a thorough understanding of the eID state of play across Europe.
* [Understanding the MiCA and Pilot Regime crypto regulation](https://medium.com/adaneu/relax-take-it-easy-understanding-the-mica-and-pilot-regime-crypto-regulation-db21e537ec58)
> The European Commissions proposal for the regulation of crypto-assets markets is based on two draft texts :
> - MiCA (Markets in Crypto-Assets Regulation) whose scope covers cryptocurrencies, utility tokens and stablecoins ;
> - the Pilot Regime Regulation for DLT Market Infrastructures (PRR) project.
> With these two texts, the Commissions goal is to regulate crypto-asset players and not the assets as such.
* [EU Data Governance Act officially released](https://ec.europa.eu/digital-single-market/en/news/data-governance-act)
>foster the availability of data for use by increasing trust in data intermediaries and by strengthening data-sharing mechanisms across the EU
One of MyDex CICs founders, [Alan Mitchell shares a feeling of Vindication](https://medium.com/mydex/vindicated-cb897fb4e94b) in a post celebrating the companies early articulation of key principles and how the EUs proposed new Data Governance Act aligns with that.
> These providers will have to comply with a number of requirements, in particular the requirement to remain neutral as regards the data exchanged. They cannot use such data for other purposes. In the case of providers of data sharing services offering services for natural persons, the additional criterion of assuming fiduciary duties towards the individuals using them will also have to be met.
* [Data Exchange Board to Improve the EU Data Governance Act](https://mydata.org/2020/12/09/why-we-need-a-data-exchange-board-to-improve-the-eu-data-governance-act/)
* [How Can Europe Lead Innovation And Win Web3? Ledgers 4 Recommendations For EU Policymakers](https://acrobat.adobe.com/link/review?uri=urn:aaid:scds:US:fa00c64a-5f6d-38c6-baf7-0bcfa06e6a28#pageNum=25)
1. Invest in a public/private partnership to co-develop a self-sovereign identity solution for Europe.
* [Is the EU Digital Identity Wallet an implementation of Self-Sovereign Identity?](https://www.innopay.com/en/publications/eu-digital-identity-wallet-implementation-self-sovereign-identity) Innopay
@ -371,8 +415,6 @@ One of MyDex CICs founders, [Alan Mitchell shares a feeling of Vindication](h
The intention of the European Commission is to allow or even force acceptance in a wide range of sectors in the public and private domain and thereby ensure that identities are as wisely usable as possible (interoperability). The principle of consent will also be met, as it is already fulfilled with current eID solutions notified under eIDAS and other EU regulations, such as GDPR and PSD2. One of the explicit requirements of the proposal is selective disclosure, in line with GDPRs rules on data minimalisation.
- [Avasts views on the proposed amendments to the eIDAS 2.0 regulation](https://blog.avast.com/eidas-2.0-amendments-analysis)
* [Can a Verifiable Credential-based SSI Implementation meet GDPR Compliance?](https://academy.affinidi.com/can-a-verifiable-credential-based-ssi-implementation-meet-gdpr-compliance-5039d0149ea4)
Lets examine how SSI meets each of the articles from #13 to #22.
@ -382,52 +424,12 @@ Lets examine how SSI meets each of the articles from #13 to #22.
“The results of the survey certainly underline the need for this pioneering European initiative aiming at offering the most convenient user experience (UX) at the highest level of security,” the company adds
* [Introducing the SSI eIDAS Legal Report](https://ssimeetup.org/introducing-ssi-eidas-legal-report-ignacio-alamillo-webinar-55/)  Ignacio Alamillo Webinar 55
> The European Commission developed the [SSI (Self-Sovereign Identity) eIDAS bridge](https://joinup.ec.europa.eu/collection/ssi-eidas-bridge), an ISA2 funded initiative, to promote eIDAS as a trust framework for the SSI ecosystem. It assists a VC (Verifiable Credential) issuer in the signing process, and helps the verifier to automate the identification of the organization behind the issuers DID (Decentralized Identifier)
* [Validated ID's journey to becoming EBSI compliant](https://www.validatedid.com/post-en/validated-ids-journey-to-becoming-ebsi-compliant)
We at Validated ID have been betting on EBSI since the beginning. We started working to become conformant wallet providers since the very first version of [Wallet Conformance Tests (WCT)](https://ec.europa.eu/digital-building-blocks/wikis/display/EBSI/EBSI+wallets) was published. The process of preparing our solution to become conformant has allowed us to appreciate how remarkable EBSI's work has been.
* [The time for the eIDAS Bridge](http://validatedid.com/post-en/the-time-for-the-eidas-bridge) ValidatedID
The main goal of this new program was to provide an implementation of eIDAS bridge and to proof the interoperability between different provider implementations. Validated ID was selected to participate in part of the Call 1 of infrastructure. The results of this project are available as open source. If you are interested in digging into the code, you can find it all in the following repositories: [our open source version implementation](https://gitlab.grnet.gr/essif-lab/infrastructure/validated-id/seb) and the [SSI eIDAS Bridge interoperability](https://gitlab.grnet.gr/essif-lab/interoperability/ssi-eidas-bridge) performed with SICPA.
* [Why is Self-Sovereign Identity compliant with the [GDPR]?](https://en.archipels.io/post/pourquoi-le-self-sovereign-identity-est-compatible-avec-le-rgpd) Archpelis
With the transition to the web 3.0 ecosystem, the development of distributed registries (blockchain technology) and the regulatory environment that is forcing digital players to favour privacy by design, the ISS approach will become the new standard, whether for entering into customer relations, managing digital identities or ensuring compliance of administrative processes in companies and institutions.
* [European Digital Identity Architecture and Reference Framework](https://forum.eid.as/t/european-digital-identity-architecture-and-reference-framework/216) ([pdf](https://ec.europa.eu/transparency/expert-groups-register/core/api/front/document/73759/download)
The document in particular outlines the EUDI Wallet:
* [EU DATA ACT MAKING DATA PORTABILITY ACTIONABLE](https://mydata.org/2022/02/25/eu-data-act-making-data-portability-actionable/)
The [EU Commission published the long-awaited Data Act](https://ec.europa.eu/commission/presscorner/detail/en/ip_22_1113) on February 23, 2022. This is a progressive legislative proposal to increase access to data for the users of connected products suchs as Iot devices and related services. It is a significant move towards realising the [MyData principle](https://mydata.org/declaration/) of portability, access, and re-use as well as the principle of interoperability. It will potentially also move the needle towards the shift from formal to actionable rights in terms of the right of data portability. With such a progressive agenda, the proposal will certainly also face significant opposition and counter-lobbying from those who stand to benefit from the status quo.
* [eIDAS 2.0: How Europe Can Define the Digital Identity Blueprint for the World](https://www.evernym.com/blog/eidas/) Evernym
Problem 1: Unique wallet IDs
Problem 2: Remote Wallet Kill Switches
Problem 3: Wallet Content Restrictions
Problem 4: Private Sector Restrictions
Exciting New Opportunities for eIDAS 2.0
Opportunity 1: Basic or Enhanced Wallets
Opportunity 2: Turning Regulations Into Revenue
Opportunity 3: Person-to-Person Verification
Opportunity 4: Secure messaging.
* [New Coalition Launches Campaign for Data Sovereignty Now](https://datasovereigntynow.org/2021/01/21/new-coalition-launches-campaign-for-data-sovereignty-now/)
> a campaign that will press European policy makers at all levels to ensure that control of data remains in the hands of the people and organizations that generate it. The issue becomes ever more urgent as policies around Europes digital economy and data architecture start to solidify.
- [How to use the framework of a Trusted Data Ecosystem to simplify building decentralized identity solutions](https://www.kuppingercole.com/sessions/4999/3) on Wednesday, May 11, at the [European Identity and Cloud Conference 2022](https://www.kuppingercole.com/events/eic2022).
* [Emerging approaches for data-driven innovation in Europe](https://publications.jrc.ec.europa.eu/repository/handle/JRC127730) JRC Publications
> Europes digital transformation of the economy and society is framed by the European strategy for data through the establishment of a common European data space based on domain-specific data spaces in strategic sectors such as environment, agriculture, industry, health and transportation.
@ -446,17 +448,6 @@ On March 24th, 2022, [the European Parliament and Council reached an agreement o
* [the-time-for-the-eidas-bridge](http://validatedid.com/post-en/the-time-for-the-eidas-bridge) ValidatedID
> Theres an outstanding question, for us, around how this community explores and thinks about the theoretical underpinnings of a Community of Practice (CoP), but one thing is for sure, Keep Badges Weird is a CoP.
### Verifier Universal Interface
* [Verifier Universal Interface by Gataca España S.L.](https://essif-lab.eu/verifier-universal-interface-by-gataca-espana-s-l/)
> This draft version can be found at [https://gataca-io.github.io/verifier-apis/](https://gataca-io.github.io/verifier-apis/) and has been built using ReSpec.
> This draft version for VUI includes today 6 APIs:
>
> - Presentation Exchange
> - Consent Management
> - Schema resolution
> - Issuer resolution
> - ID resolution
> - Credential status resolution
* [Adopting eID in Europe and Beyond](https://stateofidentity.libsyn.com/adopting-eid-in-europe-and-beyond) State of Identity
@ -474,22 +465,7 @@ The Government of Catalonia has presented IdentiCAT, the new decentralized and s
IEEE SA co-organized a discussion panel at the Pan-European dialogue on Internet Governance (EuroDIG) conference, an event known for its frank and interactive discussions of public policy issues surrounding internet governance. Messages coming out of the discussions will be presented at the Internet Governance Forum (IGF) later this year.
* [Where do we stand on Self-Sovereign Identity?](https://www.youtube.com/watch?v=L156YjEyOdo) EBSI
On December 14th, Joao Rodrigues, Head of sector (Digital) Building Blocks at @European Commission participated in an [#ebcTALKS](https://www.youtube.com/hashtag/ebctalks) of the European Blockchain Convention about "Where do we stand on Self-Sovereign Identity"?
In 2021 the European Commission [announced the European digital identity wallet](https://ec.europa.eu/commission/presscorner/detail/en/IP_21_2663). This article explains the basic concepts, highlights the significance of this development and provides an overview of the status quo.
## Organization
* [European Union Digital Identity Wallet Consortium](https://eudiwalletconsortium.org/) EUDI
The funding call is within the Digital Europe Programme (DIGITAL) topic 5.3.1.2 which requests support to implement the European Digital Identity Framework and the implementation of the Once Only System under the Single Digital Gateway Regulation. Up to €37m funding is available.
European Union
* [Welcoming the Wallet - What the new European Digtal Identity Framework means for citizens, governments and businesses](https://www.sc.pages05.net/lp/22466/795951/gov-wp-welcoming-the-wallet.pdf) Thales
@ -505,18 +481,9 @@ Kaliya is working on a commentary about it
Vedran L. Head of Office at European Parliament [has released a draft report with tracking of amendments](https://www.europarl.europa.eu/doceo/document/ITRE-PR-732707_EN.pdf) on the proposal for a regulation of the European Parliament and of the Council amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity
* [European Commission adopts decision to license European Blockchain Services Infrastructure software as open-source](https://ec.europa.eu/digital-building-blocks/wikis/display/EBSI/European+Commission+adopts+decision+to+license+European+Blockchain+Services+Infrastructure+software+as+open+source)
The Decision to make EBSI software available for licencing under the [European Union Public Licence](https://secure-web.cisco.com/1HQ5AQijOEcsuKHH5VY-lAjONv1Pa-wUY7mpfsymIkIy1G_g9CZh6vK5g0lpjxgIm0oaik042EN-5tL8xLpeesMtxZ0ENcH239uYTSSmPTbu1YtBJ5xHMWZMksOeS6X71soiQSQpoQF8fyzOr1I4atICut-sSt9Wqyou4vpS5myXfHf3S6AMMuyvAxla1etuiJbNKx4gfAlzozwPMe7yC7GNXIsZeCiNuAYA5io7f3CIwdvldsHFBtuGNYI4Z86EMXdfyQXEsR7zidw-7WNQeJpBVDCUVFJymXSb-SXsqJH8jfAf6-U9vC1ilrqATHFaZXXLWlOCOCmlS3nS9kev41tys8SvSKYuGX1FLyFgPgufe__oJ7pmihT7ABqB4AzLy7VMeHBSQfOgbkj11ZEltw4e-kd3XI7KmlREgqfYQ45T7r_VGJo3uCTUG1FlIcAkq8MON0W9AZCAMQyT5UAReSZ7LslcOaF38g6bgAGO0N_C39g6T63pWI-caAZ2h-1_m/https%3A//ec.europa.eu/info/european-union-public-licence_en) is an example of how the European Commission is not only using, but also contributing to the open-source community and thereby growing the ecosystem around EBSI.
* [EIDAS 2.0 Turns To Self-Sovereign Identification To Bring Users Ownership And Control](https://www.forbes.com/sites/alastairjohnson/2022/07/05/eidas-20-turns-to-self-sovereign-identification-to-bring-users-ownership-and-control/?sh=853aa7f7f07e) Forbes
* [Meet the eSSIF-Lab ecosystem: “Completing the Framework” Programme participants](https://essif-lab.eu/meet-the-essif-lab-ecosystem-meet-the-essif-lab-ecosystem-completing-the-framework-programme-participants-amme-participants-2/)
> * [PCDS-DP](https://compell.io/) - Product Circularity Data Sheets Digital Passport
> * [ESSIF](https://sis.lt/) - 4 Logistics SSI based authorization for cross- border government and business representatives in logistics
> * [Symfoni AS](https://www.symfoni.dev/) - Infrastructure to facilitate payments for verifiable credentials
> * [Datarella GmbH](https://datarella.com/) - Go Aries Enabling CL-Support on Aries Framework Go
> * [ID.me](https://www.id.me/)s legal woes are continuing to escalate. The company is now staring down the prospect of its second federal investigation in as many months, after the House of Representatives Oversight and Reform Committee [initiated its review in April](https://findbiometrics.com/congress-opens-formal-investigation-into-id-mes-irs-project-041801/).
* [Is the EU Digital Identity Wallet an Implementation of Self-Sovereign Identity?](https://thepaypers.com/expert-opinion/is-the-eu-digital-identity-wallet-an-implementation-of-self-sovereign-identity--1257448) The Paypers
@ -524,11 +491,6 @@ As the details and technical architecture of the EU Digital Identity Wallet at t
The SSI principles of existence, access, interoperability, consent, minimalization, and protection will likely be fulfilled by the EU Digital Identity Wallet. It will allow citizens to have an independent existence.
* [What is EBSI? EBSI making information easy to verify and almost impossible to fake](https://ec.europa.eu/digital-building-blocks/wikis/display/EBSI/What+is+ebsi/)
Below you will find a series of publications that will walk you through the technologies that make it possible for Public Administrations and Businesses to easily verify and trust information received directly from Citizens (or Businesses).
* [Self-Sovereign Digital Identity Wallets for Citizens](https://tages.biz/self-sovereign-digital-identity-wallets-for-citizens/) TAGES
TR Ministry of Foreign Affairs Directorate for EU Affairs organized an EU Programs and Project Opportunities Hybrid Workshop on May 11-12, 2022  [...]
@ -541,9 +503,6 @@ You can click to watch all the presentations from the event:
* [Germany and Spain and join forces on the development of a cross-border, decentralised digital identity ecosystem](https://www.bundesregierung.de/breg-de/aktuelles/germany-and-spain-and-join-forces-on-the-development-of-a-cross-border-decentralised-digital-identity-ecosystem-1947302)
The cooperation agreement envisages the design and conceptualisation of a cross-border pilot to be implemented in the near future, with a view to contributing to the development of the European Unions Digital Identity Framework, recently announced as part of the eIDAS Commission proposal.
* [The Roles of Government & The Private Sector in a Digital ID Program with Sebastian Manhart](https://northernblock.io/roles-of-government-and-private-sector-in-digital-id/) Northern Block
we dive into whats happening within the Digital ID landscape within Europe. Sebastian Manhart is very well positioned between policy and technology in the European Union. In this episode of SSI Orbit, he shares his experiences and future projections.
* [Working together to create an eIDAS wallet](https://jolocom.io/blog/once-eidas/) Jolocom
@ -551,19 +510,6 @@ Jolocom is currently working on the project “ONCE Online einfach anmelden
The project is part of the competitive innovation programme “Showcase Secure Digital Identities” (SSDI) funded by Germanys Federal Ministry for Economic Affairs and Energy (BMWi) and one of four projects that qualified for the implementation phase.
* [Early Adopters Programme | Imagining what EBSI can do for European citizens](https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/Early%20Adopters%20Programme#become-ebsi-compliant)
In 2021, 22 projects were selected to become part of our incubator programme to help tap into the potential of the EBSI infrastructure. Each project's private and public sector partners was given early access to the pre-production environment of EBSI, and was invited to develop their own pilot project to address a specific business or government use case involving the exchange of verifiable credentials.
With the help with the EBSI team, Early Adopters can identify how to connect their systems, be part of a community and collaborate with other Early Adopters. This will help us improve EBSI's services and ensure it meets the needs of Europe's businesses and public administrations, within and across borders.
* [Three Governments enabling digital identity interoperability](https://medium.com/in-present-tense/three-governments-enabling-digital-identity-interoperability-bbcfc60c3a80) Heather Vescent
On September 15, 2021, I moderated a panel with representatives from the United States Government, the Canadian Government, and the European Commission. Below is an edited excerpt from the panel
* [Early Adopters Programme | Imagining what EBSI can do for European citizens](https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/Early%20Adopters%20Programme#become-ebsi-compliant)
An incubator to help Early Adopters and their partners imagine, build and launch their EBSI pilot project(s)
* [Declaration for Cooperation and Exchange of Best Practices in the Field of Self-Sovereign Identity Between the Federal Republic of Germany and the Republic of Finland](https://www.theinternetofthings.eu/declaration-cooperation-and-exchange-best-practices-field-self-sovereign-identity-between-federal) theinternetofthings.eu
* [Self-Sovereign Identity (SSI) schemes and the public sector](https://www.impulse-h2020.eu/2021/11/05/self-sovereign-identity-ssi-schemes-and-the-public-sector/) Impulse H20

View File

@ -4,6 +4,9 @@ published: false
# Public Sector
* [Decentralized Identity & Government](https://www.youtube.com/watch?v=l8pHUdjKfes) Evernym
The key differences between federated and decentralized identity systems - An analysis of a few notable government-led projects, such as Aadhaar (India), Verify (UK), eIDAS (EU), and the Ontario Digital Identity Program (Canada) - What decentralization means for portability, scalability, flexibility, and privacy - How governments and commercial organizations can enhance existing federated identity systems with verifiable credentials
### Findy - Finnish

View File

@ -2,64 +2,29 @@
published: false
---
# Compliance, KYC, RegTech
* [Impacts from a new reality drive the need for an enhanced digital identity framework](https://bankautomationnews.com/allposts/risk-security/impacts-from-a-new-reality-drive-the-need-for-an-enhanced-digital-identity-framework/) Bank Automation News
While US-based entities are adhering to an enhanced regulatory framework, these mandates are particularly applicable in Europe, where there is necessary compliance with enacted standards (such as the General Data Protection Regulation—commonly known as GDPR—and the Payment Service Providers Directive 2—referred to as PSD2. A clear need for a true and persistent digital identity as a solution to the ancillary—and sometimes unforeseen—challenges that have arisen.
* [Self-Sovereign Identity Verification and Background Screening](https://www.corporatescreening.com/blog/what-is-self-sovereign-identity-verification-and-how-is-it-changing-background-screening) Corporate Screening
> self-sovereign identity verification, one of the game-changing [background screening trends of 2021](https://www.corporatescreening.com/2021-trends-interactive-infographic). When combined with screening activities, self-sovereign identity solutions offer opportunities to obtain more accurate candidate background data and deliver it to employers faster.
# Compliance, KYC
* [How can self-sovereign identity solve the challenges of KYC in financial industry?](https://yourstory.com/2022/09/self-sovereign-identity-solve-challenges-kyc-finance/amp) Yourstory
Since the same data is required and utilised by everyone, blockchain-based SSI can satisfy the demand for general service for data without creating competition while also adhering to legislation and consumer expectations around data protection.
- [DIDComm for KYC](https://www.youtube.com/watch?v=PWrZxRbCG88)
* [zkKYC A solution concept for KYC without knowing your customer, leveraging self-sovereign identity and zero-knowledge proofs](https://bafybeie5ixj4dkim3lgivkw56us6aakh6bc3dhlsx5zzohrkzgo3ywqqha.ipfs.dweb.link/zkKYC-v1.0.pdf)
The proposed solution concept, zkKYC, removes the need for the customer toshare any personal information with a regulated business for the purpose of KYC, and yet providesthe transparency to allow for a customer to be identified if and when that is ruled necessary by adesignated governing entity (e.g. regulator, law enforcement).
* [EIC Speaker Spotlight: Nat Sakimura](https://www.youtube.com/watch?v=QG_gkZkpJwQ) Introducing Gain • OpenID Foundation
if you look at the the cost structure of the financial industry a lot of cost Is towards anti-money laundering and related activities and that actually is identity problem [...] we should try to solve the use case with a user centricity in mind
* [Forensic Investigative Report: Sanctioned Blockchain Addresses](https://www.coinfirm.com/blog/sanctioned-blockchain-addresses/) Coinfirm
* [Forensic Investigative Report: Terrorism Financing Blockchain Addresses](https://www.coinfirm.com/blog/terrorism-financing-blockchain-addresses/) Coinfirm
* [AML Risk Reports](https://www.coinfirm.com/blog/crypto-aml-risk-reports/) Coinfirm
* [Commerc.io srl has concluded the project with Essif on anti-money laundering eKYC](https://commercio.network/commerc-io-srl-concluded-project-self-sovereign-identity-essif-european-union-anti-money-laundering-ekyc/)
> [ComKYC] is a protocol on the Commercio Network blockchain that allows you to issue a KYC verifiable credential after performing a simple set of payments through a bank or any regulated money institution. We piggy back on banks kyc requirements [...] it's a verifiable credential that you can share with anyone who trusts the bank to which this VC is anchored. We have created the first portable derivative key kyc credential protocol that will eliminate the endless passport upload for users, reduce customer dropouts for companies, and reduce time and cost for onboarding new customers
* [OpenID Connect for Identity Assurance (eKYC & IDA) Enables More than 30 Million Bank Customers to Identify Themselves with Third Parties](https://openid.net/2021/03/03/openid-connect-for-identity-assurance-ekyc-ida-enables-more-than-30m-bank-customers-to-identify-themselves-with-3rd-parties/)
* [Self-Sovereign Identity: More Use Cases](https://www.bankinfosecurity.com/self-sovereign-identity-more-use-cases-a-16448): Heather Dahl and Ken Ebert of Indicio Discuss Decentralized ID Management
> In a video interview with Information Security Media Group, Dahl and Ebert discuss:
>
> - The evolution of Indicio.tech from the Sovrin Foundation;
> - Key initiatives in implementing and testing decentralized identity;
> - How a decentralized workforce is accelerating the need for identity management.
* [Enhanced Due Diligence How to do it Right](https://cognitohq.com/enhanced-due-diligence-is-non-negotiable/)
Both CDD and EDD are part of a complete KYC process. Identity verification (IDV) at the account-opening stage is one of the most critical moments in the process, but it doesnt end there: read on to identify when your due diligence should kick up a notch.
* [The Identity, Unlocked “eKYC with Mark Haine” Podcast Now Live](https://openid.net/2021/03/10/the-identity-unlocked-ekyc-with-mark-haine-podcast-now-live/)
* [eKYC with Mark Haine” features host Vittorio Bertocci and special guest Mark Haine](https://identityunlocked.auth0.com/public/49/Identity%2C-Unlocked.--bed7fada/ad784008)
* [SAP Completes Pharmaceutical Industry Pilot to Improve Supply Chain Authenticity](https://news.sap.com/2021/03/pharmaceutical-supply-chain-industry-pilot/)
> today announced the completion of an industry-wide pilot utilizing self-sovereign identity (SSI) credentials to establish trust in the pharmaceutical supply chain for indirect trade relationships.
* [Reimagining Customer Loyalty Programs With Verifiable Credentials: A Pravici Case Study](https://www.evernym.com/blog/customer-loyalty-verifiable-credentials/) Evernym
> [Pravici](https://pravici.com/), an Evernym customer and startup based out of Chandler, Arizona, is looking to flip the equation. Their solution, Tokenized Loyalty Points (TLP), uses verifiable credential technology to give individual consumers control over their data, while empowering them to direct how their favorite brands can use this data for loyalty and other campaigns.
* [26 Suggested Use Cases of Verifiable Credentials (With Some Real-World Examples)](https://academy.affinidi.com/25-real-world-use-cases-of-verifiable-credentials-4657c9cbc5e)
> we hope that business leaders, entrepreneurs, and developers will use this article as a guide to create some breakthrough solutions that will benefit the society at large.
- [Patient-Centric Identity Management for Healthcare with Jim St-Clair](https://northernblock.io/patient-centric-identity-management-for-healthcare/)
* [Self-Sovereign Identity Verification and Background Screening](https://www.corporatescreening.com/blog/what-is-self-sovereign-identity-verification-and-how-is-it-changing-background-screening) Corporate Screening
> self-sovereign identity verification, one of the game-changing [background screening trends of 2021](https://www.corporatescreening.com/2021-trends-interactive-infographic). When combined with screening activities, self-sovereign identity solutions offer opportunities to obtain more accurate candidate background data and deliver it to employers faster.
* [AML Risk Reports](https://www.coinfirm.com/blog/crypto-aml-risk-reports/) Coinfirm
## Literature
* [zkKYC A solution concept for KYC without knowing your customer, leveraging self-sovereign identity and zero-knowledge proofs](https://bafybeie5ixj4dkim3lgivkw56us6aakh6bc3dhlsx5zzohrkzgo3ywqqha.ipfs.dweb.link/zkKYC-v1.0.pdf)
* [GATACA joins EU Commissions Early Adopters Program as SSI provider in the Spanish group](https://gataca.io/insights/gataca-joins-the-european-commission-s-early-adopters-program-as-the-ssi-technology-provider-in-the-spanish-group)
> In Spain, three universities will pioneer the issuance of digital Academic Diplomas. The issuance will be performed 100% online, where students will authenticate themselves using a digital ID previously issued by FNMT (the Royal Mint of Spain) and stored in their mobile wallets.
* [SAP Pharma Solution Supports Supply Chain Compliance](https://insidesap.com.au/sap-pharma-solution-supports-supply-chain-compliance/)
> SAP has chosen an open, interoperable technology to validate all stakeholders in the pharma supply chain in order to provide customers with the best solution for compliance under the U.S. Drug Supply Chain Security Act (DSCSA) requirements. The DSCSA also limits stakeholders interactions to ATPs.
The proposed solution concept, zkKYC, removes the need for the customer toshare any personal information with a regulated business for the purpose of KYC, and yet providesthe transparency to allow for a customer to be identified if and when that is ruled necessary by adesignated governing entity (e.g. regulator, law enforcement).
## Working Group
[eKYC & Identity Assurance WG](https://openid.net/wg/ekyc-ida/). Among the many dots Mark is connecting on behalf of the OpenID Foundation is work with the Global Legal Entity Identifier Foundation, the Open Identity Exchange Trust Framework Initiatives and the Open Banking Implementation Entity.

View File

@ -2,117 +2,296 @@
published: false
---
* [Fake CDC vax cards now being sold to anti-vaxxers](https://lists.w3.org/Archives/Public/public-credentials/2021Apr/0077.html)  Moses Ma (Thursday, 8 April)
Just wanted to share this with those working on C19 vax certs:
## Scams
Scammers Selling Fake #COVID19 Vaccination Cards for Just $20 The security firm DomainTools claims to have seen authentic-looking CDC cards selling for as little as $20 each on domains like covid-19vaccinationcards[.]com, which features a Lets Encrypt TLS certificate. “Though selling a printed card is not necessarily illegal, the pricing, logo and cardstock of these vaccination records demonstrate a level of intent to pass as legitimate cards from the CDC,” explained DomainTools senior security researcher, Chad Anderson. https://www.infosecurity-magazine.com/news/scammers-sell-fake-covid19/ https://lists.w3.org/Archives/Public/public-credentials/2021Apr/0077.html
From: [https://www.infosecurity-magazine.com/news/scammers-sell-fake-covid19/](https://www.infosecurity-magazine.com/news/scammers-sell-fake-covid19/)
COVID-19 vaccination cards are dangerously easy to fake — what you need to know Israeli security firm Check Point reports that fake American and Russian vaccination certificates are being sold online for between $100 and $200. Fake COVID-19 negative test results cost as little as $25, while (likely fake) COVID-19 vaccine sells for about $500 per vial. https://www.tomsguide.com/news/fake-covid-vaccination-cards
The security firm DomainTools claims to have seen authentic-looking CDC cards selling for as little as $20 each on domains like covid-19vaccinationcards[.]com, which features a Lets Encrypt TLS certificate. “Though selling a printed card is not necessarily illegal, the pricing, logo and cardstock of these vaccination records demonstrate a level of intent to pass as legitimate cards from the CDC,” explained DomainTools senior security researcher, Chad Anderson.
## Standards
and
* [Introducing the Global COVID Certificate Network (GCCN)](https://www.lfph.io/2021/06/08/gccn/)
From: [https://www.tomsguide.com/news/fake-covid-vaccination-cards](https://www.tomsguide.com/news/fake-covid-vaccination-cards)
As more and more governments adopt [major COVID certificate standards](https://www.lfph.io/2021/10/12/global-covid-certificate-landscape/) to reopen borders, the travel industry is working hard to catch up on their technology to meet the evolving travel requirements. However, there is still no shortage of complaints from travelers about their cumbersome international travel experiences.
Israeli security firm Check Point reports that fake American and Russian vaccination certificates are being sold online for between $100 and $200. Fake COVID-19 negative test results cost as little as $25, while (likely fake) COVID-19 vaccine sells for about $500 per vial.
* [Vaccination Certificate Vocabulary](https://lists.w3.org/Archives/Public/public-credentials/2021Feb/0069.html) Tobias Looker
> I'd like to propose a new work item that formally defines a vocabulary for issuing Vaccination Certificates in the form of Verifiable Credentials.
* [Vaccination Certificate Test Suite](https://lists.w3.org/Archives/Public/public-credentials/2021Apr/0081.html)  Manu Sporny (Thursday, 8 April)
As some of you know, a few of the members in the W3C Credentials Community Group have been working on a Vaccination Certificate Vocabulary[1]. The World Health Organization has recently published a Release Candidate data model dictionary for Smart Vaccination Cards[2]. The CCG has also been working on a Verifiable Credentials HTTP API[3].
The WHO guidance covers 28 types of vaccines that we (as a global society) depend on, including Measles, Smallpox, Polio, Yellow Fever, COVID-19, and others. We (Digital Bazaar) thought it might be interesting to see if we could create an interoperability test suite for the WHO Smart Vaccination Card work using the tools listed above.
The WHO guidance covers 28 types of vaccines that we (as a global society)
https://w3id.org/vaccination/interop-reports
depend on, including Measles, Smallpox, Polio, Yellow Fever, COVID-19, and
[1]https://w3c-ccg.github.io/vaccination-vocab/
[2]https://www.who.int/publications/m/item/interim-guidance-for-developing-a-smart-vaccination-certificate
[3]https://github.com/w3c-ccg/vc-http-api
others. We (Digital Bazaar) thought it might be interesting to see if we could
create an interoperability test suite for the WHO Smart Vaccination Card work using the tools listed above.
...
- A test suite containing 1,624 tests covering the
28 vaccine types in the WHO vocabulary.
- 7 independent vendor implementations issuing and
verifying each others WHO Smart Vaccination Cards.
- 1,623 passing tests demonstrating true
interoperability!
You can view the latest Vaccination Certificate test suite report here:
* [https://w3id.org/vaccination/interop-reports](https://w3id.org/vaccination/interop-reports)
* [The value of verifiable credentials in the evolving digital identity landscape](https://verified.me/blog/the-value-of-verifiable-credentials-in-the-evolving-digital-identity-landscape/) Verified Me
> In my recent podcast with [Brad Carr](https://www.iif.com/Staff-and-Authors/uid/46/BradCarr) of the [Institute of International Finance](https://www.iif.com/Publications/ID/4304/FRT-Episode-87-Digital-Identity-with-SecureKey-CEO-Greg-Wolfond), we discussed how digital identity and verified credentials can support a digital-first world, something thats extremely relevant amid the current pandemic.
* [Mapping FHIR JSON resource to W3C Vaccination vocabulary : A semantic data pipeline](https://iiw.idcommons.net/index.php?title=12H/_Mapping_FHIR_JSON_resource_to_W3C_Vaccination_vocabulary_:_A_semantic_data_pipeline&action=edit&redlink=1) by John Walker
# Covid
* [The Digital Health Credential System Implementation Guide](https://cci-2020.medium.com/the-implementation-guide-v1-is-out-f958e1fd69b0) Covid Credentials Initiative ([PDF](https://drive.google.com/file/d/1eSrFxFldD6TBkfmOFTXBkBu2TYf3qFv2/view)
The Implementation Guide V1 provides a set of baseline recommendations to the CCI community of application and services developers, implementers with which to evaluate product designs. The requirements mentioned in this guide should be read along side (and not as a substitute to) the regulations applicable to the jurisdiction in which the applications and services will be made available
The Digital Health Credential System Implementation Guide The Implementation Guide V1 provides a set of baseline recommendations to the CCI community of application and services developers, implementers with which to evaluate product designs. The requirements mentioned in this guide should be read along side (and not as a substitute to) the regulations applicable to the jurisdiction in which the applications and services will be made available https://cci-2020.medium.com/the-implementation-guide-v1-is-out-f958e1fd69b0 https://drive.google.com/file/d/1eSrFxFldD6TBkfmOFTXBkBu2TYf3qFv2/view) Covid Credentials Initiative
* [I Want COVID-19 Certificates but I don't want a DID](https://www.youtube.com/watch?v=yqSr0xKcG18) David Chadwick
* [Digital Identity in response to COVID-19: DGX Digital Identity Working Group](https://www.tech.gov.sg/files/media/corporate-publications/FY2021/dgx_2021_digital_identity_in_response_to_covid-19.pdf)
- [How COVID-19 is driving innovation in digital identity](https://www.turing.ac.uk/blog/how-covid-19-driving-innovation-digital-identity)
* [Covid-19 spurs national plans to give citizens digital identities](https://webcache.googleusercontent.com/search?q=cache:KsfPtESFkP4J:https://www.economist.com/international/2020/12/07/covid-19-spurs-national-plans-to-give-citizens-digital-identities)
> The MOSIP project, which got going in March 2018, is nested in Bangalores International Institute of Information Technology (IIIT-B) and endowed with funding of $16m from the Omidyar Network, the Bill and Melinda Gates Foundation and Tata Trusts.
* [Digital Health Passports for COVID-19](https://socialsciences.exeter.ac.uk/media/universityofexeter/collegeofsocialsciencesandinternationalstudies/lawimages/research/Policy_brief_-_Digital_Health_Passports_COVID-19_-_Beduschi.pdf)
> This is a study of Digital Health Passports relating the benefits in managing the pandemic, while also detailing concerns around data protection and the private information at risk of being over-exposed. Recommendations include:
* [Self-Sovereign Identity for COVID-19 Immunity Credentials](https://www.tcs.com/perspectives/articles/self-sovereign-identity-implementation-travel-industry)
* [How COVID-19 is driving innovation in digital identity](https://www.turing.ac.uk/blog/how-covid-19-driving-innovation-digital-identity)
* [Vaccine Credentials Focus Group - US Subgroup](https://covidcreds.groups.io/g/vaccinecredentials-us#publichealth)
This is the mailing list for the US subgroup of the Vaccine Credentials Focus Group. You can see the group charter [here](https://docs.google.com/document/d/10iXXW4c-lW9ZR-qey_92006muIBuLt3VN4GkZa214OA/edit?usp=sharing).
Participating and contributing in this group requires a CCI membership, open and free to all (organizations and individuals). If you are not a CCI member yet, please request a membership agreement at [https://www.covidcreds.org/#Join](https://www.covidcreds.org/#Join).
## Explainer
* [A Goldilocks point for Digitised Vaccination Certificates](https://lockstep.com.au/a-goldilocks-point-for-digitised-vaccination-certificates/)
* [Digital identity is critical in the new world since covid](https://digitalidentity.nz/2021/11/17/digital-identity-is-critical-in-the-new-world-since-covid/) DigitalID NZ
The value of verifiable credentials in the evolving digital identity landscape In my recent podcast with [Brad Carr](https://www.iif.com/Staff-and-Authors/uid/46/BradCarr) of the [Institute of International Finance](https://www.iif.com/Publications/ID/4304/FRT-Episode-87-Digital-Identity-with-SecureKey-CEO-Greg-Wolfond), we discussed how digital identity and verified credentials can support a digital-first world, something thats extremely relevant amid the current pandemic. https://verified.me/blog/the-value-of-verifiable-credentials-in-the-evolving-digital-identity-landscape/ Verified Me
Tata Consulting Services a vision for [how SSI can be used](https://www.tcs.com/perspectives/articles/self-sovereign-identity-implementation-travel-industry) to re-open global travel with the reality of COVID-19.
> SSI still requires market validation, and support for its implementation is currently limited to a relatively small group of technologists and enthusiasts. However, the implementation of SSI in the travel industry at a future point in time, especially once the standards and protocols are production ready and existing user experience challenges have been resolved, is something that all travel industry stakeholders should be watching, waiting and ready for.
* [how to re-open our economy while protecting privacy](https://diacc.ca/2021/01/05/protecting-privacy-while-reopening-economies/) Joni Brennan of DIACC & IdentityWoman
> Without transparent operational guidance, peoples privacy and personal freedoms may be compromised. By having a set of operational rules, decision makers will have the capacity to make better decisions that will enable the public to trust that the tools being implemented have been designed to respect their best interests.
* [Freedom, Privacy and the Covid Pandemic](https://blokbioscience.com/video/freedom-privacy-covid/) BLOK
Its quite important to outline the difference between #selfsovereignidentity and centralised solutions in the development of #covid #vaccinepassports.
Its quite important to outline the difference between #selfsovereignidentity and centralised solutions in the development of #covid #vaccinepassports.<br><br>The former requires zero trust on third parties, the latter is prone to hacking and abuse.
The former requires zero trust on third parties, the latter is prone to hacking and abuse.
* [SSI COVID Passports: Why, What and How](https://noha-abuaesh.medium.com/ssi-covid-passports-why-what-and-how-6f450fddfabf) Noha Abuaesh
What if people can prove their COVID status to different entities, prove that they are authentic and prove they were intended for them, without having to reveal any of their personal information; not even their names?
* [The inevitable vaccine passports Or, are they actually inevitable?](https://trustoverip.substack.com/p/the-inevitable-vaccine-passports)
Until the time digital records for vaccination are as simple and do not require a second thought around wallet/app/credential format etc - we have a long way to go before they are inevitable.
* [Evernym: Privacy-Preserving Verifiable Credentials in the Time of COVID-19](https://www.hyperledger.org/event/hyperledger-in-depth-an-hour-with-evernym-building-post-covid-19-world-with-ssi) Hyperledger
> This session will focus on the analysis and discussion of two use cases where legacy identity solutions were unable to meet the needs, but ledger based solutions have been successful: covid credentials for travel, and employment credentials for staff movements.
* [Not too much identity technology, and not too little](https://www.constellationr.com/blog-news/not-too-much-identity-technology-and-not-too-little)
> We should digitize nothing more and nothing less than the fact that someone received their vaccine.  A verifiable credential carrying this information would include the place, date and time, the type of vaccine, and the medico who administered or witnessed the shot.  The underlying technology should be robust, mature and proven at scale ― as is PKI and public key certificates
* [A trusted internet. Easy and secure. For everyone.](https://esatus.com/solutions/self-self-sovereign-identity/?lang=en) Enabled by digital credentials and SSI technology.
Already today, credentials are being used in a wide variety of applications, such as a digital identity card, a work permit or a test certificate. We would like to explain the functionality and potential use cases for credentials by following our protagonist called Sam, who has just completed a Covid-19 rapid test.
* [Our digital future and economic recovery rests on getting digital ID right](https://diacc.ca/2021/05/31/our-digital-future-and-economic-recovery-rests-on-getting-digital-id-right/)
With digital identity done right, a vaccine proof (passport) would allow Canadians to securely prove who they are, verify that they were vaccinated, and have a digital credential to use in any instance that requires it — all in a safe and secure way that does not divulge any other private health record.
* [How festival organisers can maximise Covid safety and eradicate ticket touts](https://blokbioscience.com/articles/how-festival-organisers-can-maximise-covid-safety-and-eradicate-ticket-touts/#respond)
> Festival organisers will also need to do better at managing delays than other sectors. In recent weeks, weve seen [Heathrow airport reporting delays of up to six hours](https://www.bbc.co.uk/news/business-56743571). This would be catastrophic at a festival to keep festival goers waiting, after they have already waited for months to have a great time, would only lead to frustration and likely cause a bad reputation for the festival itself.
* [@maheshbalan shares](https://twitter.com/maheshbalan/status/1352049833419239428)
> My presentation at the @Hyperledger Healthcare SIG about #VerifiableCredentials for Covid-19 - How a cryptographically secure digital credential can be used instead of paper documents. (Video)
* [Blueprint for a Digital Health Pass](https://www.kuppingercole.com/blog/bailey/blueprint-for-a-digital-health-pass) Kuppinger Cole
Binding an identity to a Verifiable Credential remains valid beyond the point of verification by being able to match a real-time biometric data point with one which was logged at the point of verification
* [Setting up digital ID regime could provide boost to post-pandemic recovery](https://diacc.ca/2021/04/22/setting-up-digital-id-regime-could-provide-boost-to-post-pandemic-recovery/)
> If the global pandemic has shown us anything, its that the need for reliable and secure data is paramount as businesses, governments, and Canadians from Vancouver to Quebec City to Charlottetown and everywhere in between move online.
* [Working Together on What “Good” Looks Like](https://www.hyperledger.org/blog/2021/02/12/working-together-on-what-good-looks-like) - Hyperledger
> This initiative is intended to define, in the context of test results and vaccination records for opening up borders for travel and commerce, a high bar for implementations of identity and credentialing systems to meet with regards to privacy, ethics and portability. They will also work with the implementers of such systems to converge towards common standards and governance.
Immunity passports' could speed up return to work after Covid-19 https://www.theguardian.com/world/2020/mar/30/immunity-passports-could-speed-up-return-to-work-after-covid-19
* What are, in your opinion, the riskiest assumptions when writing an Software Development Kit?
* For you, what are the most promising SSI projects or repos?
* What do you believe are the bottlenecks for the cross-ledger SSI? How soon can we see cross-ledger credentials exchanges?
* What are the upsides of using Zero MQ over a common HTTP Rest connection?
* How hard would it be to replace the current Transport Layer Security architecture with SSI?
* Why was Rust chosen to write Indy-SDK?
* Specific roadblocks other people in this space should look out for?
* What are the books you have recommended most to others?
* [Identity Ownership and Security in the Wake of the Pandemic](https://www.pingidentity.com/en/company/blog/posts/2021/identity-ownership-security.html)
Highlights from Ping Identitys Andre Durand, and Richard Bird on an episode of Pings new podast *[Hello User](https://www.pingidentity.com/en/company/podcast.html)*
> we explore how the pandemic has opened up an opportunity to shape the future of personal identity.
> - Takeaway #1: We digitized much of our economy during the pandemic but neglected one important aspect: identity.
> - Takeaway #2: Third parties have much more control over digital identity than individuals.
> - Takeaway #3: Were on the cusp of a tectonic shift in the notion of digital identity.
> - Takeaway #4: The pandemic has accelerated the changes needed to shape the future of digital identity security.
> - Takeaway #5: Moving control of digital identity to the individual will dramatically change our current identity and access management systems.
* [From Closed Loop Systems to Open World COVID Credentials Exchange](https://www.lfph.io/wp-content/uploads/2021/04/CCI-Summit-Summary-Report-From-Closed-to-Open.pdf) CCI Report
> This summit, convened by CCI, was designed to beginarticulating a roadmap to get from closed loop systems to an open systemwhere it doesnt matter if issuers, holders and verifiers are using the tool provided by the same solution provider as long as all solution providers are building on a certain common ground.The discussion focused on domestic reopening use cases using the US as the context.
* [Unlocking the Value of Verifiable Credentials in the Health Sector](https://www.affinidi.com/post/unlocking-the-value-of-verifiable-credentials-in-the-health-sector) Affinidi
- Digital Infrastructure for Vaccination Open Credentialing (DIVOC) - This is an open-source platform that enables countries to digitally orchestrate country-wide health campaigns such as vaccinations and certifications.
- EU Digital COVID Certificate (EU-DCC) - This specification allows EU citizens and residents to have their digital health certificates issued and verified across the EU.
- Smart Health Card (SHC) - This initiative encourages the development of open standards and technologies to connect people with their health data. Led by Microsoft, Vaccination Credential Initiative (VCI), The Commons Project, and The MITRE Corporation, SHCs are seeing wide adoption across North America.
- International Civil Aviation Organisation - Visible Digital Seal (ICAO-VDS) - This is a travel document verification to re-establish travel and trade through aviation.
## Official ID
* [COVID-19 as a Catalyst for the Advancement of Digital Identity](https://www.perkinscoie.com/images/content/2/4/247949/2021-Perkins-Coie-LLP-Health-Passport-White-Paper.pdf) Perkins Cole
This article discusses areas of law that are developing rapidly [...] our goal is to address some of the legal considerations that health certificates raise with respect to, and in the context of, the development of a comprehensive system of digital identity management.
* [SITA Publishes 18-Month Plan for Digital Transformation in Air Travel](https://www.sita.aero/globalassets/docs/brochures/your-runway-to-success.pdf)
This paper explores the five key challenges facing the industry and the IT investment priorities that have the greatest potential to support governments, airports, and airlines over the next 18 months to rebuild a strong and agile business.
* [Covid-19 spurs national plans to give citizens digital identities](https://webcache.googleusercontent.com/search?q=cache:KsfPtESFkP4J:https://www.economist.com/international/2020/12/07/covid-19-spurs-national-plans-to-give-citizens-digital-identities)
> The MOSIP project, which got going in March 2018, is nested in Bangalores International Institute of Information Technology (IIIT-B) and endowed with funding of $16m from the Omidyar Network, the Bill and Melinda Gates Foundation and Tata Trusts.
* [Digital Health Passports for COVID-19](https://socialsciences.exeter.ac.uk/media/universityofexeter/collegeofsocialsciencesandinternationalstudies/lawimages/research/Policy_brief_-_Digital_Health_Passports_COVID-19_-_Beduschi.pdf)
> This is a study of Digital Health Passports relating the benefits in managing the pandemic, while also detailing concerns around data protection and the private information at risk of being over-exposed. Recommendations include:
* [WHO goes there? Vaccination Certificates Technology and Identity](https://www.linkedin.com/pulse/who-goes-vaccination-certificates-technology-identity-stephen-wilson/) Stephen Wilson
> Based on experience building a mobile credentials wallet for the Department of Homeland Security, I argue the proper goal of a digital vaccination certificate should be confined to representing nothing more and nothing less than the fact that someone received their jab. Such a Verifiable Credential would include the place, date and time, the type of vaccine, and the medico who administered or witnessed the jab.
* [We dont need immunity passports, we need verifiable credentials](https://cointelegraph.com/news/we-don-t-need-immunity-passports-we-need-verifiable-credentials)
> Paper certificates, PDFs, wristbands and mobile apps have all been suggested — and the former director of the Centers for Disease Control, Tom Frieden, and international human rights attorney Aaron Schwid [urged](https://www.washingtonpost.com/opinions/2020/12/21/tom-frieden-covid-immunity-passports/) the adoption of digital “immunity passports” as a way to reopen the world.
In theory, their idea is great. In practice, its terrible. Or, as the Daily Beast [put](https://www.thedailybeast.com/vaccine-passports-are-big-techs-latest-dystopian-nightmare) it: “Vaccine Passports Are Big Techs Latest Dystopian Nightmare.”
- [Response to Ada Lovelace Institute: Vaccine passports and COVID status apps: Call for Public Evidence](https://docs.google.com/document/d/1ykUUDak47lYkUJeZvxs7FxDyy8bQ48FkF47IxMclppE/edit?usp=sharing)
- [Response to WHO Interim Guidance for Development a Smart Vaccination Certificate](https://docs.google.com/document/d/1HwWUxMY2EynkWFrlNQqh8IF7rE_5aFn74ZreYq0IAYg/edit?usp=sharing)
- [Response to Call for Evidence: UK Parliament Covid 19 Vaccine Certification](https://docs.google.com/document/d/1y5vyLzsVUzhiFNcWHGHLVlQHnRad73q3F50a-8gr83Y/edit?usp=sharing) (Still open for contribution)
* [Covid-19 Vaccination Passes Could Cataylze Self-Sovereign Identity Adoption](https://hackernoon.com/covid-19-vaccination-passes-could-cataylze-self-sovereign-identity-adoption-6x3m3563)
* [Governor Cuomo Announces Launch of Excelsior Pass Plus to Support the Safe, Secure Return of Tourism and Business Travel](https://www.governor.ny.gov/news/governor-cuomo-announces-launch-excelsior-pass-plus-support-safe-secure-return-tourism-and) NYS Gov
Excelsior Pass Plus, a result of the strategic partnership between New York State and VCI, will provide New Yorkers safe access to retrieve a secure, digital copy of their COVID-19 vaccination record using the [SMART Health Cards Framework](https://protect2.fireeye.com/v1/url?k=c0acc09b-9f37f85c-c0ae39ae-000babd9f75c-7271080d81ab95a1&q=1&e=61cb6a92-1e48-44b8-96be-e1dd24b53960&u=https%3A//vci.org/about#smart-health) - making their interstate and international travel and commerce experiences safer, contact-less, and more seamless.
LFPH Calls for Coordination of Digital Vaccination Records Using Open Standards
The CCI community collaborated with Linux Foundation Public Health to write a letter to the Biden Administration about how Verifiable Credentials could be used to support re-opening the economy.<br><br>"Some states and other countries have started to pilot this approach, as have various industries like film and aviation. But, the inconsistent use of standards and varying implementations have already led to confusion and public concern. An effort coordinated at the federal level would lead most quickly to uniform adoption and true inter-state and cross-domain interoperability." https://www.lfph.io/wp-content/uploads/2021/02/LFPH-Calls-for-Coordination-of-Digital-Vaccination-Records-Using-Open-Standards.pdf
* [Digital vaccine certificate looms as HR's next problem](https://searchhrsoftware.techtarget.com/news/252494706/Digital-vaccine-certificate-looms-as-HRs-next-problem)
> It's going to take a while for the efforts to sort themselves out, Beck said, but he believes it will happen by the fall or year-end. Government funding may be forthcoming.
>
> Based on what Biden has said generally about public health, Beck believes the new administration plans to make "a big commitment to health equity and improving public health systems broadly," he said.
The EU previously announced fully vaccinated Americans could travel this summer and regional EU travellers could potentially use an [EU Digital COVID Certificate](https://ec.europa.eu/info/live-work-travel-eu/coronavirus-response/safe-covid-19-vaccines-europeans/eu-digital-covid-certificate_en?ref=hackernoon.com#how-will-the-certificate-work) as early as July 1.
* [Covid Vaccinations Data Donor Program](https://digitalscot.net/covid-vaccinations-data-donor-proposal/)  A Proposal for the Scottish Government
> “The Scottish Government must invest in data, digital and technology in health and social care to help Scotland recover from Covid-19. Closing the data gap in the sector could be worth £800m a year and deliver savings of £5.4bn to NHS Scotland. SCD said better data would help to build resilience against future public health challenges, which in turn will drive a healthy economy.” - Scottish Council for Development and Industry
>
> Our solution provides a platform for achieving exactly this, both in terms of equipping Scotland with a powerful integrated data environment and also through a framework where developers can further build on this with other apps for a myriad of other use cases. It could be tied in with the [vaccination scheduling system](https://www.ukauthority.com/articles/nhs-scotland-launches-digital-service-for-covid-19-vaccinations/) as an immediate step for example.
* [Understanding the Global COVID Certificate Landscape](https://www.lfph.io/2021/10/13/divoc/) DIVOC
The DIVOC project is hosted and maintained by [Indias eGov Foundation](https://egov.org.in/) and is available as an MIT-licensed open source software package DIVOC is also supported by various multilateral funding institutions, as well as a community of software contributors and adopters in various geographies. DIVOCs verifiable COVID credentials have also been tested for interoperability with several consumer-health and locker applications globally; and DIVOCs certificates from the adopter countries can now be scanned/read/ingested by these domestic and international applications.
### Digital Green (EU)
* [The EU Digital Green Certificate Program](https://www.evernym.com/blog/eu-digital-green-certificate-program/) Evernym
> Although the EUs approach to COVID-19 health certificates (the [Digital Green Certificate](https://ec.europa.eu/commission/presscorner/detail/en/qanda_21_1187) implements existing technology and supports both paper and digital credentials, offline usage, and speedy verification, it makes a number of security and privacy compromises. Our analysis found it to be inherently centralised and better suited for low assurance use cases.
* [The EU Digital Green Certificate Program: Analysis & Comparison](https://www.evernym.com/blog/eu-digital-green-certificate-program/)
> The EU approach does not support selective disclosure, i.e. allowing a subset of attributes from a credential to be used without revealing all the data in the credential.
* [Getting Privacy Right with Verifiable Health Credentials](https://www.evernym.com/health-credentials-webinar/)
> Verifiable health credentials have never been more important or more urgently needed. Yet, as an industry, we have a responsibility to ensure that the solutions we deploy today are held to the highest bar and set the right precedent for personal data privacy.
> The EU has announced a program called “Digital Green Certificate” intended to provide proof of COVID-19 test or vaccination status for EU citizens. The intention is to “facilitate safe and free movement during the COVID-19 pandemic within the EU”. It is voluntary and free for citizens.<br><br>This is an analysis of the EU program and how it compares to a digital credential based approach. Important: this analysis is focused on the technical aspects of the EU program, not the medical or political aspects.
### Vaccine Passports
* [Platform Architecture for Covid-19 Digital Passports](https://digitalscot.net/architecture-for-covid-19-passports/)
> - Appii Appii has developed their [Health Passport](https://appii.io/health-passport/), a service that verifies your identify through a selfie photo, is populated through recording your test result at one of their partner sites (eg. Lloyds Pharmacy) and provides a digital certification.
> - Digi.me Digi.me is a specialist in general data sharing services and have developed a number of apps that build on this capability, including a [Covid-19 solution](https://digi.me/covid19/).
* [Coming Soon: The Vaccine Passport](https://www.nytimes.com/2021/02/04/travel/coronavirus-vaccine-passports.html)
> “The global passport system took 50 years to develop,” said Drummond Reed, chief trust officer for Evernym. “Even when they wanted to add biometrics to that to make it stronger, that took over a decade to agree on just how youre going to add a fingerprint or a facial biometric to be verified on a passport. Now, in a very short period of time, we need to produce a digital credential that can be as universally recognized as a passport and it needs an even greater level of privacy because its going to be digital.”
* [Everything You Need to Know About “Vaccine Passports”](https://identitywoman.net/quoted-in-everything-you-need-to-know-about-vaccine-passports/) IdentityWoman \ [Mother Jones](https://www.motherjones.com/politics/2021/04/everything-you-need-to-know-about-vaccine-passports/)
> Andy Slavitt, a White House senior adviser for COVID response, specified at a [March 29](https://www.whitehouse.gov/briefing-room/press-briefings/2021/03/29/press-briefing-by-white-house-covid-19-response-team-and-public-health-officials-21/) briefing that “unlike other parts of the world, the government here is not viewing its role as the place to create a passport, nor a place to hold the data of citizens.”
* [Vaccine Passports Must Leverage Decentralized Identity Solutions](https://medium.com/ontologynetwork/vaccine-passports-must-leverage-decentralized-identity-solutions-d454f9907fe9) Ontology
Decentralized identity solutions offer an ideal solution to the data privacy and identity risks associated with COVID-19 passports and other verification methods.
### Health Pass
* [Why health passes are NOT vaccine passports and offer greater flexibility and choice](https://blog.digi.me/2021/08/18/why-health-passes-are-not-vaccine-passports-and-offer-greater-flexibility-and-choice/) Digi Me
Health passes, though, are much more flexible as they provide multiple options. They can still be used as proof of vaccination, if the user chooses to share their health information in this way.
But, importantly and in a crucial difference from vaccine passports, they can also be used to securely display a test result, such as a negative PCR or rapid antigen test (also known as lateral flow tests) today. Additionally, they are also future-proofed for options such as rapid antibody test results when those come into play on a large scale.
## App
* [We are now officially live in Myanmar!](https://zada.io/we-are-now-officially-live-in-myanmar/) Zada
ZADA apps are all launched and our first digital ID a COVIDPASS is being issued by Pun Hlaing Hospitals to everyone who gets vaccinated.
* [VeriFLY Lets Users Upload Vaccine Credentials](https://findbiometrics.com/verifly-lets-users-upload-vaccine-credentials/) FindBiometrics
“We envision a world where your VeriFLY digital wallet will provide access to the places you and your family want to visit. And the ability to accept a vaccine health credential will accelerate opportunities to resume activities weve all dearly missed.”   Tom Grissen, CEO, Daon
* [IATAs digital health passport paves the way to a new biometric identity for travel](https://www.futuretravelexperience.com/2021/04/iatas-digital-health-passport-paves-the-way-to-a-new-biometric-identity-for-travel/)
> As FTE has previously reported, a number of other solutions have entered the digital health passport space in the past few months from various suppliers, including AOKpass, CommonPass, Daons VeriFLY, CLEAR Health Pass and IBM Digital Health Pass, just to name a few. Despite the growing competition, IATA is clear that its aim is not to dominate the market, but to make sure that standards are established to create a secure and interoperable solution.
* [Explore Verifiable Health Records](https://developer.apple.com/videos/play/wwdc2021/10089/) Apple
Apple Announces Support for [VCI](https://vci.org/) credentials at WWDC (Almost proper [JSON-JWT](https://github.com/smart-on-fhir/health-cards/issues/119) but not quite)
* [Ugh! There's an App for That!](https://www.windley.com/archives/2021/10/ugh_theres_an_app_for_that.shtml) <-Phil Windley on Vaccine certificates.
Interoperability is a fundamental property of tech systems that are generative and respect individual privacy and autonomy. And, as a bonus, it makes people's live easier!
* [Health data must be private and secure by design, always](https://blog.digi.me/2021/06/01/health-data-must-be-private-and-secure-by-design-always/)
> But there is always time to reflect on privacy and security, and design from the ground up accordingly. At digi.me, we practice what we preach, with privacy and security always core considerations for our health data capability as well as our [Consentry health pass](https://consentry.com/) as they move forwards.
* [PocketCred Verifiable Credentials](https://www.pocketcred.com/)
> Pravici PocketCred (formerly VeriCred) is built on Blockchain technology, specifically to address credential issuance and verification, such as one for COVID-19 vaccines. We at Pravici have been working to build a digital pass that citizens can carry in their mobile device or digital card to prove that they have taken a test or vaccine. Our software application features user-friendly creation of schemas* and proof templates, as well as QR code technology for credential issuance and verification.
* [Digi.me creates first working UK vaccine passport capability](https://blog.digi.me/2021/03/29/digi-me-creates-first-working-uk-vaccine-passport-capability/)
> Digi.mes health pass is built on the same principles as our existing secure data exchange platform, and can be displayed on demand on a users phone. It is verified fully private, secure and tamper-proof due to multiple robust security measures including encryption.
This health pass has been designed to be fully interoperable with other international standards, such as the UN Good Health Pass Collaborative, of which [digi.me is a member](https://blog.digi.me/2021/02/25/digi-me-joins-good-health-pass-collaborative-to-help-build-a-safe-travelling-future/).
* [Everything You Need to Know About “Vaccine Passports”](https://identitywoman.net/quoted-in-everything-you-need-to-know-about-vaccine-passports/) IdentityWoman \ [Mother Jones](https://www.motherjones.com/politics/2021/04/everything-you-need-to-know-about-vaccine-passports/)
> Andy Slavitt, a White House senior adviser for COVID response, specified at a [March 29](https://www.whitehouse.gov/briefing-room/press-briefings/2021/03/29/press-briefing-by-white-house-covid-19-response-team-and-public-health-officials-21/) briefing that “unlike other parts of the world, the government here is not viewing its role as the place to create a passport, nor a place to hold the data of citizens.”
* [Digi.me partners with Healthmark to enable Covid testing and verified result reporting](https://blog.digi.me/2021/02/16/digi-me-partners-with-healthmark-to-enable-covid-testing-and-verified-result-reporting/)
> Consentry healthpass capability is an end-to-end solution which enables users to take a self-administered PCR saliva test, send it in for processing, and then receive an in-app result. Crucially, Consentry also generates a certified and dated travel certificate, together with qualifying details of the test taken, which can be printed, shared securely or displayed as needed.
### MedCreds
- [Proofmarket](https://docs.google.com/document/d/1hlR_2yp7EJQqYvxm8mNY-KNgwScTsClKDp6W6yw33Ic/edit?usp=sharing) (Medcreds)
* [WHO goes there? Vaccination Certificates Technology and Identity](https://www.linkedin.com/pulse/who-goes-vaccination-certificates-technology-identity-stephen-wilson/) Stephen Wilson
> Based on experience building a mobile credentials wallet for the Department of Homeland Security, I argue the proper goal of a digital vaccination certificate should be confined to representing nothing more and nothing less than the fact that someone received their jab. Such a Verifiable Credential would include the place, date and time, the type of vaccine, and the medico who administered or witnessed the jab.
### Cardea
- [Indicio](https://docs.google.com/document/d/1Vl9IKRg6ygHD1njc8GfnjsQglDOVglBKbuXHSuqQ7T4/edit?usp=sharing)
* [We dont need immunity passports, we need verifiable credentials](https://cointelegraph.com/news/we-don-t-need-immunity-passports-we-need-verifiable-credentials)
> Paper certificates, PDFs, wristbands and mobile apps have all been suggested — and the former director of the Centers for Disease Control, Tom Frieden, and international human rights attorney Aaron Schwid [urged](https://www.washingtonpost.com/opinions/2020/12/21/tom-frieden-covid-immunity-passports/) the adoption of digital “immunity passports” as a way to reopen the world.
## Travel
In theory, their idea is great. In practice, its terrible. Or, as the Daily Beast [put](https://www.thedailybeast.com/vaccine-passports-are-big-techs-latest-dystopian-nightmare) it: “Vaccine Passports Are Big Techs Latest Dystopian Nightmare.”
* [The fine line between global COVID-19 protocols and privacy](https://www.techrepublic.com/article/the-fine-line-between-global-covid-19-protocols-and-privacy/) Tech Republic
> A panel of experts considers the best methods for safe domestic and international air travel including proof of testing, vaccination passports, and digital health passes.
* [COVID & Travel Resources for Phocuswright](https://identitywoman.net/covid-travel-resources-for-phocuswright/) IdentityWoman.net
* [Self-Sovereign Identity for COVID-19 Immunity Credentials](https://www.tcs.com/perspectives/articles/self-sovereign-identity-implementation-travel-industry)
Tata Consulting Services a vision for [how SSI can be used](https://www.tcs.com/perspectives/articles/self-sovereign-identity-implementation-travel-industry) to re-open global travel with the reality of COVID-19.
> SSI still requires market validation, and support for its implementation is currently limited to a relatively small group of technologists and enthusiasts. However, the implementation of SSI in the travel industry at a future point in time, especially once the standards and protocols are production ready and existing user experience challenges have been resolved, is something that all travel industry stakeholders should be watching, waiting and ready for.
* [Jumpstart the Global Travel Industry Using Self-Sovereign Identity for COVID-19 Immunity Credentials](https://www.tcs.com/perspectives/articles/self-sovereign-identity-implementation-travel-industry) TATA
Reviving trust in safe travel is possible using digital identity and immunity credentials.
- Travel bans, quarantines and lockdowns have negatively impacted the travel industry
- Restoring trust and safety is paramount for travel, tourism and hospitality industries to recover
- Self-sovereign identity (SSI) built on distributed ledger technology (like blockchain) and cryptography could be used to reinvigorate travel by allowing individuals to easily and securely demonstrate their immunity status
* [Panel: Paving the Way to a Safer Travel Experience - Heather Dahl, & Scott Harris & Adrien Sanglier](https://www.youtube.com/watch?v=YlgXNk4GRLc)
Together SITA and Indicio.tech utilized Hyperledger Aries, Ursa, and Indy to create a secure travel credential that is accepted by airlines, hotels and hospitality partners without sharing private health information. In this panel discussion, SITA and Indicio.tech will share their journey of applying verifiable credentials in commercial aviation and travel/hospitality to make it easy for visitors entering a country to share a trusted traveler credential based on their health status, yet revealing no personal information or health data privately and securely on their mobile device.
## Guidance
* [how to re-open our economy while protecting privacy](https://diacc.ca/2021/01/05/protecting-privacy-while-reopening-economies/) Joni Brennan of DIACC & IdentityWoman
> Without transparent operational guidance, peoples privacy and personal freedoms may be compromised. By having a set of operational rules, decision makers will have the capacity to make better decisions that will enable the public to trust that the tools being implemented have been designed to respect their best interests.
* [Getting Privacy Right with Verifiable Health Credentials](https://www.evernym.com/health-credentials-webinar/)
> Verifiable health credentials have never been more important or more urgently needed. Yet, as an industry, we have a responsibility to ensure that the solutions we deploy today are held to the highest bar and set the right precedent for personal data privacy.
## Demo - Trials
* [British Airways to trial Verifly digital health passport](https://www.businesstraveller.com/business-travel/2021/01/29/british-airways-to-trial-verifly-digital-health-passport/)
> The trial begins on February 4 on all of the carriers transatlantic routes between London and the US (currently New York JFK, Los Angeles, San Francisco, Boston, Chicago, Dallas, Miami, Washington, Houston and Seattle).
>
> It will be run in conjunction with joint business and Oneworld partner American Airlines, [which is already using the technology on international routes to the US.](https://www.businesstraveller.com/business-travel/2021/01/17/american-airlines-launches-verifly-health-passport-for-travel-to-the-us/)
* [Evernym: Privacy-Preserving Verifiable Credentials in the Time of COVID-19](https://www.hyperledger.org/event/hyperledger-in-depth-an-hour-with-evernym-building-post-covid-19-world-with-ssi) Hyperledger
> This session will focus on the analysis and discussion of two use cases where legacy identity solutions were unable to meet the needs, but ledger based solutions have been successful: covid credentials for travel, and employment credentials for staff movements.
### Good Health Pass
* [Implementing the Good Health Passs recommendations with Cardea](https://indicio.tech/blog/implementing-the-good-health-passs-recommendations-with-cardea/)
> Cardea, a full, open-source ecosystem for verifiable health credentials developed by Indicio and now a community-led project at LFPH, meets the major recommendations of the Good Health Pass and facilitates the goals of the Global COVID Certificate Network.
Good Health Pass Blueprint and the Global Covid Credentials Initiative by LFPH presented at the [DIF Interop Working Group](https://us02web.zoom.us/rec/play/Si6s-_rvMU7FuHW6QnJVxW47CFiotXDMWutkWMgePKdSWVhTYyADaldJhvzqOl1JPP297-lvSYXCDuk2.rMFee21Ba1fU6y2R?continueMode=true&_x_zm_rtaid=dQ0WNpJPS2WF1QUlmxYwBQ.1624241159436.7617ddee4319249d32a108bb882dc0ec&_x_zm_rhtaid=623)
* [The Politics of Vaccination Passports](https://www.windley.com/archives/2021/04/the_politics_of_vaccination_passports.shtml) Windley
> For example, Id prefer a vaccination passport that is built according to principles of the Good Health Pass collaborative than, say, one built by Facebook, Google, Apple, or Amazon. Social convention, and regulation where necessary, can limit where such a passport is used. Its an imperfect system, but social systems are.
@ -128,31 +307,7 @@ In theory, their idea is great. In practice, its terrible. Or, as the Daily B
7. [Rules Engines](https://wiki.trustoverip.org/display/HOME/Rules+Engines+Drafting+Group) will define how digital health pass apps can access different sources of policy information to determine what test or vaccination status is needed for a specific usage scenario.
8. [Identity Binding](https://wiki.trustoverip.org/display/HOME/Identity+Binding+Drafting+Group) will specify the options for verifying that the holder of a digital health pass is the individual who received the test or vaccination credential.
9. [Governance Framework](https://wiki.trustoverip.org/display/HOME/Governance+Framework+Drafting+Group) will define the overall set of policies that must be followed for an implementation to qualify as Good Health Pass compliant.
* [Not too much identity technology, and not too little](https://www.constellationr.com/blog-news/not-too-much-identity-technology-and-not-too-little)
> We should digitize nothing more and nothing less than the fact that someone received their vaccine.  A verifiable credential carrying this information would include the place, date and time, the type of vaccine, and the medico who administered or witnessed the shot.  The underlying technology should be robust, mature and proven at scale ― as is PKI and public key certificates
* [Biometric COVID Verifiable Credential](https://iiw.idcommons.net/1A/_Biometric_COVID_Verifiable_Credential) by Adrian Gropper / Eric Welton
* [Biometric Health Card  (Adrian Gropper)](http://bit.ly/biometricVC)
COVID, Verifiable Credentials, Biometrics, Privacy
Converting the COVID CDC Vaccination Card into a standardized digital credential is turning out to be harder than expected. The conversation has become prominent in the news and risks being politicized to the detriment of public health efforts around the world.
1. [Eric] Continuing updates from the Thoughtful Biometrics workshop ([Biometrics and DIDs - where next?](https://docs.google.com/presentation/d/148-0AXaUpqF19iACQ3UFPMPxNb1D7mQjjUKhwGSF0i8/)
* [COVID Credentials Initiative Update/Overview](https://iiw.idcommons.net/1C/_COVID_Credentials_Initiative_Update/Overview) by Lucy Yang, Kaliya Young, John Walker
Session Slides: [https://docs.google.com/presentation/d/11K027LlitWljJu_XNTztqc6BGvhsD8JBX5OkavLEEMA/](https://docs.google.com/presentation/d/11K027LlitWljJu_XNTztqc6BGvhsD8JBX5OkavLEEMA/edit?usp=sharing)
- [Response to Ada Lovelace Institute: Vaccine passports and COVID status apps: Call for Public Evidence](https://docs.google.com/document/d/1ykUUDak47lYkUJeZvxs7FxDyy8bQ48FkF47IxMclppE/edit?usp=sharing)
- [Response to WHO Interim Guidance for Development a Smart Vaccination Certificate](https://docs.google.com/document/d/1HwWUxMY2EynkWFrlNQqh8IF7rE_5aFn74ZreYq0IAYg/edit?usp=sharing)
- [Response to Call for Evidence: UK Parliament Covid 19 Vaccine Certification](https://docs.google.com/document/d/1y5vyLzsVUzhiFNcWHGHLVlQHnRad73q3F50a-8gr83Y/edit?usp=sharing) (Still open for contribution)
Current Open Proposals: We will host another session (Day 2 Session 14 2:30 pm PT) to talk about these proposals
- [Proofmarket](https://docs.google.com/document/d/1hlR_2yp7EJQqYvxm8mNY-KNgwScTsClKDp6W6yw33Ic/edit?usp=sharing) (Medcreds)
- [Indicio](https://docs.google.com/document/d/1Vl9IKRg6ygHD1njc8GfnjsQglDOVglBKbuXHSuqQ7T4/edit?usp=sharing)
* [Dynamic Disambiguation and Deconfliction of Complex Access Controls from Multiple Verifiable Sources](https://iiw.idcommons.net/1F/_Dynamic_Disambiguation_and_Deconfliction_of_Complex_Access_Controls_from_Multiple_Verifiable_Sources) by Chris Buchanan
@ -160,41 +315,15 @@ COVID-19, Good Health Pass Collaborative, Rules Engines, Verifiable Presentation
The transition from contemporary access controls to SSI will need a metalanguage for access control rules in order to allow verifiers and holders to trust the transaction.  Not everyone will know how to write the complex branching and contextual rules logic that make up real life access controls.
* [COVID Credentials Initiative: Challenges & Learning](https://iiw.idcommons.net/10C/_COVID_Credentials_Initiative:_Challenges_%26_Learning) by Lucy Yang, Kaliya Young, John Walker
* [Good Health Pass Collaborative Releases Draft Blueprint for Digital Health Passes in Advance of G7 Summit](https://id2020.medium.com/good-health-pass-collaborative-releases-draft-blueprint-for-digital-health-passes-in-advance-of-g7-68a48534f024)
> The Blueprint — released today in draft form for a three-week period of stakeholder consultations and public comment — is intended to stimulate discussion at the G7 Summit, which will open Friday in Carbis Bay, Cornwall, UK.
For a high level view, check out the [terminology deck](https://docs.google.com/presentation/d/1fM-EpIdLGdKniFjHR4ZhdgFA-HBSEmpMai8ljqti4Gw/edit) or the [slide deck](https://docs.google.com/presentation/d/1AibzpUh70UDJVapC2wlICz2voBAMxZLQ_jQOxZwF57Y/edit) that was shared on webinars with the travel industry.
* [CCI Introduction](https://docs.google.com/presentation/d/11K027LlitWljJu_XNTztqc6BGvhsD8JBX5OkavLEEMA/edit?usp=sharing)
* [Linux Foundation Public Health introduces the Global COVID Certificate Network to operationalize the Good Health Pass Interoperability Blueprint](https://humancolossus.foundation/blog/ujalo98s00b93gh7gqkuqd3lfj52xq-cn2ct)
Solution assumption with the Good Health Pass is revoking is not necessary as VCs are short lived (solution to invalid credential). Issuers will re-issue vs. revoke
Paul Knowles, Head of the Advisory Council at the Human Colossus Foundation, co-led the Standard Data Models and Elements drafting group, one of the nine interconnected GHPC drafting groups, to spearhead group recommendations on data elements, common models for data exchange, and semantic harmonization. The recommendations of that drafting group will help to enable data interoperability without putting any undue burden on existing health systems and workflows
In many cases, labs are providing incorrect information in vaccination records, which need to be re-issued
·         Still need to notify the holder that their (current VC) is invalid and they need to take action to resolve
·         Issuers asking what if we make a mistake (re-issue)
·         Holders having problems findin there vaccination VC
·         Many of the unresolved issues are governance/policy related (for which the “health authorities”) have not worked out the details
·         Policy providers are applying the brakes through in-grained bureaucracy to produce a perfect standard for their jurisdiction vs. rapidly evolving a common standard and “usable solution” in the short term.
·         Unclear on how to get VC and underlying data into the hands of holders, particularly as holders dont have the technology and skills to manage their health data.
·         Data privacy is an issue across each of the implementers and users of the Issuer, Holder and Verifier roles. Lack of common understanding and agreement on how and who owns and controls the data
·         WHO standard will likely be adopted in the Global South (hemisphere)
·         GHP looking to paint a forward looking common picture, including interim solutions (iterate standards)
·         The number of players (and their levels of understanding/expertise and agreement with the current direction) alone makes consensus very difficult
·         Paper credentials have been getting consensus on interim solutions.
·         W3C and WHO are great candidates.
·         Affinidi is making a universal verifier application (https://www.affinidi.com/)
##
## Trust Registries
* [Trust Registries - Good Health Pass - DIDs and X.509](https://iiw.idcommons.net/13G/_Trust_Registries_-_Good_Health_Pass_-_DIDs_and_X.509) by Darrell ODonnell
@ -202,112 +331,27 @@ Trust registries primarily answer the question of how a verifier can trust that
* [Dave Chadwick] The trust registry should not mandate that it contains a DID, The feedback is that it will be a URI.
* [Trinsic Open Source - BBS+ VCs over DIDComm v2 - End-to-end vaccination credential example](https://iiw.idcommons.net/index.php?title=23C/_Trinsic_Open_Source_-_BBS+_VCs_over_DIDComm_v2_-_End-to-end_vaccination_credential_example&action=edit&redlink=1) by Michael Boyd
* [Digital COVID Vaccine Passports- Is there really a need or are we creating a false certainty in uncertain times?](https://iiw.idcommons.net/20C/_Digital_COVID_Vaccine_Passports-_Is_there_really_a_need_or_are_we_creating_a_false_certainty_in_uncertain_times%3F)
The importance and need for an Ethical framework/standards for the delivery technology development and implementations in healthcare. Apply the biomedical ethics that exist in healthcare to technology specifically SSI & user sovereignty.
"The physician must ... have two special objects in view with regard to disease, namely, to do good or to do no harm.”
Hippocrates, Epidemics (book I, section. 11) c. 410 BC
Autonomy respect for the patients right to self-determination
Beneficence the duty to do good.
Non-Maleficence the duty to do no harm.
Justice to treat all people equally and equitably for the benefit of society.
4 principles of biomedical ethics
No more in my everyday life have these four pillars been so important to me as they have been over the past year.
I clutched on to these while delivering care to patients gasping for breath, clinging onto life and some sadly succumbing to COVID-19.
* [...]
Do we need a Covid vaccine passport whether this is paper based or digital?
If there is or are contexts where a vaccine passport would be more beneficial than not, what are the technical principles, implementations and considerations that need to be met to ensure that they are implemented to comply with medical ethics and law?
After all this is personal health information and therefore should be treated as such.
What problem are we really trying to solve with a Covid Vaccine Passport, Covid Passport, Covid credential, digital green certificate, or any other named health pass solution?
To do this there needs to be a basic understanding of this infectious disease, what tools we have currently to deal with it and address assumptions that have been made, many of which may change or are yet unknown such is the dynamic nature of a pandemic.
* [Jumpstart the Global Travel Industry Using Self-Sovereign Identity for COVID-19 Immunity Credentials](https://www.tcs.com/perspectives/articles/self-sovereign-identity-implementation-travel-industry) TATA
Reviving trust in safe travel is possible using digital identity and immunity credentials.
- Travel bans, quarantines and lockdowns have negatively impacted the travel industry
- Restoring trust and safety is paramount for travel, tourism and hospitality industries to recover
- Self-sovereign identity (SSI) built on distributed ledger technology (like blockchain) and cryptography could be used to reinvigorate travel by allowing individuals to easily and securely demonstrate their immunity status
* [A trusted internet. Easy and secure. For everyone.](https://esatus.com/solutions/self-self-sovereign-identity/?lang=en) Enabled by digital credentials and SSI technology.
Already today, credentials are being used in a wide variety of applications, such as a digital identity card, a work permit or a test certificate. We would like to explain the functionality and potential use cases for credentials by following our protagonist called Sam, who has just completed a Covid-19 rapid test.
* [Platform Architecture for Covid-19 Digital Passports](https://digitalscot.net/architecture-for-covid-19-passports/)
> - Appii Appii has developed their [Health Passport](https://appii.io/health-passport/), a service that verifies your identify through a selfie photo, is populated through recording your test result at one of their partner sites (eg. Lloyds Pharmacy) and provides a digital certification.
> - Digi.me Digi.me is a specialist in general data sharing services and have developed a number of apps that build on this capability, including a [Covid-19 solution](https://digi.me/covid19/).
* [Our digital future and economic recovery rests on getting digital ID right](https://diacc.ca/2021/05/31/our-digital-future-and-economic-recovery-rests-on-getting-digital-id-right/)
> With digital identity done right, a vaccine proof (passport) would allow Canadians to securely prove who they are, verify that they were vaccinated, and have a digital credential to use in any instance that requires it — all in a safe and secure way that does not divulge any other private health record.
* [Health data must be private and secure by design, always](https://blog.digi.me/2021/06/01/health-data-must-be-private-and-secure-by-design-always/)
> But there is always time to reflect on privacy and security, and design from the ground up accordingly. At digi.me, we practice what we preach, with privacy and security always core considerations for our health data capability as well as our [Consentry health pass](https://consentry.com/) as they move forwards.
* [How can we make platform livelihoods better for young women, especially during and after COVID-19?](https://medium.com/caribou-digital/how-can-we-make-platform-livelihoods-better-for-young-women-especially-during-and-after-covid-19-696b3974bf61)
> But who is the “we”? The research asks exactly that — who is the “we” that needs to [make the platform work better for women](https://medium.com/caribou-digital/female-livelihoods-in-the-gig-economy-tensions-and-opportunities-f14982b6aaad)?
* [How festival organisers can maximise Covid safety and eradicate ticket touts](https://blokbioscience.com/articles/how-festival-organisers-can-maximise-covid-safety-and-eradicate-ticket-touts/#respond)
> Festival organisers will also need to do better at managing delays than other sectors. In recent weeks, weve seen [Heathrow airport reporting delays of up to six hours](https://www.bbc.co.uk/news/business-56743571). This would be catastrophic at a festival to keep festival goers waiting, after they have already waited for months to have a great time, would only lead to frustration and likely cause a bad reputation for the festival itself.
* [JWTs done right: Quebec's proof of vaccination](https://mikkel.ca/blog/digging-into-quebecs-proof-of-vaccination/)
> Well, my proof of vaccination finally arrived, and the result is… actually pretty okay. Still, there's always some fun to be had in zero-knowledge hacks, so I thought I'd blog about my experiences anyway.
* [PocketCred Verifiable Credentials](https://www.pocketcred.com/)
> Pravici PocketCred (formerly VeriCred) is built on Blockchain technology, specifically to address credential issuance and verification, such as one for COVID-19 vaccines. We at Pravici have been working to build a digital pass that citizens can carry in their mobile device or digital card to prove that they have taken a test or vaccine. Our software application features user-friendly creation of schemas* and proof templates, as well as QR code technology for credential issuance and verification.
* [Good Health Pass Collaborative Releases Draft Blueprint for Digital Health Passes in Advance of G7 Summit](https://id2020.medium.com/good-health-pass-collaborative-releases-draft-blueprint-for-digital-health-passes-in-advance-of-g7-68a48534f024)
> The Blueprint — released today in draft form for a three-week period of stakeholder consultations and public comment — is intended to stimulate discussion at the G7 Summit, which will open Friday in Carbis Bay, Cornwall, UK.
For a high level view, check out the [terminology deck](https://docs.google.com/presentation/d/1fM-EpIdLGdKniFjHR4ZhdgFA-HBSEmpMai8ljqti4Gw/edit) or the [slide deck](https://docs.google.com/presentation/d/1AibzpUh70UDJVapC2wlICz2voBAMxZLQ_jQOxZwF57Y/edit) that was shared on webinars with the travel industry.
we are proud to [launch the Global COVID Certificate Network (GCCN)](https://www.prnewswire.com/news-releases/linux-foundation-public-health-creates-the-global-covid-certificate-network-gccn-301307874.html), an initiative to enable interoperable and trustworthy verification of COVID certificates between jurisdictions for safe border reopening. GCCN will include a global directory of trust registries to enable cross-border certificate verification, and be a home for toolkits and community-managed support for those building and managing COVID certificate systems.
* [Linux Foundation Public Health introduces the Global COVID Certificate Network to operationalize the Good Health Pass Interoperability Blueprint](https://humancolossus.foundation/blog/ujalo98s00b93gh7gqkuqd3lfj52xq-cn2ct)
6. [Trust Registries](https://wiki.trustoverip.org/display/HOME/Trust+Registries+Drafting+Group) will specify how verifiers can confirm that a digital health pass has been issued by an authorized issuer.
Paul Knowles, Head of the Advisory Council at the Human Colossus Foundation, co-led the Standard Data Models and Elements drafting group, one of the nine interconnected GHPC drafting groups, to spearhead group recommendations on data elements, common models for data exchange, and semantic harmonization. The recommendations of that drafting group will help to enable data interoperability without putting any undue burden on existing health systems and workflows
## Development
* [Explore Verifiable Health Records](https://developer.apple.com/videos/play/wwdc2021/10089/) Apple
* [Eight Simple Rules for Creating Decentralized Covid Credentials](https://indicio.tech/eight-simple-rules-for-creating-decentralized-covid-credentials/) Indicio
Apple Announces Support for [VCI](https://vci.org/) credentials at WWDC (Almost proper [JSON-JWT](https://github.com/smart-on-fhir/health-cards/issues/119) but not quite)
1. The thing just has to work — This may sound like a no-brainer, but from our experience, this can be often overlooked. Want broad adoption? Your application must be fast and functional. If it causes too much friction people either wont use it or theyll look for ways around it.
* [Covid-19 Vaccination Passes Could Cataylze Self-Sovereign Identity Adoption](https://hackernoon.com/covid-19-vaccination-passes-could-cataylze-self-sovereign-identity-adoption-6x3m3563)
* [Building an SSI Ecosystem: Health Passes and the Design of an Ecosystem of Ecosystems](https://www.windley.com/archives/2021/06/building_an_ssi_ecosystem_health_passes_and_the_design_of_an_ecosystem_of_ecosystems.shtml) Windley
The EU previously announced fully vaccinated Americans could travel this summer and regional EU travellers could potentially use an [EU Digital COVID Certificate](https://ec.europa.eu/info/live-work-travel-eu/coronavirus-response/safe-covid-19-vaccines-europeans/eu-digital-covid-certificate_en?ref=hackernoon.com#how-will-the-certificate-work) as early as July 1.
Ever since the Covid pandemic started in 2020, various groups have seen verifiable credentials as a means for providing a secure, privacy-respecting system for health and travel data sharing. This post explores the ecosystem of ecosystems that is emerging as hundreds of organizations around the world rise to the challenge of implementing a globally interoperable system that also respects individual choice and privacy.
* [Biometric Health Card  (Adrian Gropper)](https://iiw.idcommons.net/1A/_Biometric_COVID_Verifiable_Credential https://docs.google.com/document/d/1o_773vzcbtSf59oU-iRUfAy5WSz3Wn9JUAvi0hKHE48/edit)
* [Women and platform livelihoods in Kenya: The impact of COVID-19](https://medium.com/caribou-digital/women-and-platform-livelihoods-in-kenya-the-impact-of-covid-19-954d6b073997)
COVID, Verifiable Credentials, Biometrics, Privacy
We are starting a new research project — and wed like you to join us on the journey. Over the course of 2021, Qhala and Caribou Digital, with the support of the Mastercard Foundation, will work to understand the impact of COVID-19 on young womens experiences working or selling through online platforms in Kenya.
* [SITA Publishes 18-Month Plan for Digital Transformation in Air Travel](https://www.sita.aero/globalassets/docs/brochures/your-runway-to-success.pdf)
Converting the COVID CDC Vaccination Card into a standardized digital credential is turning out to be harder than expected. The conversation has become prominent in the news and risks being politicized to the detriment of public health efforts around the world.
* [Trinsic Open Source - BBS+ VCs over DIDComm v2 - End-to-end vaccination credential example](https://iiw.idcommons.net/index.php?title=23C/_Trinsic_Open_Source_-_BBS+_VCs_over_DIDComm_v2_-_End-to-end_vaccination_credential_example&action=edit&redlink=1) by Michael Boyd
This paper explores the five key challenges facing the industry and the IT investment priorities that have the greatest potential to support governments, airports, and airlines over the next 18 months to rebuild a strong and agile business.
* [@maheshbalan shares](https://twitter.com/maheshbalan/status/1352049833419239428)
> My presentation at the @Hyperledger Healthcare SIG about #VerifiableCredentials for Covid-19 - How a cryptographically secure digital credential can be used instead of paper documents. (Video)
* [Vaccine Credentials Focus Group - US Subgroup](https://covidcreds.groups.io/g/vaccinecredentials-us#publichealth)
This is the mailing list for the US subgroup of the Vaccine Credentials Focus Group. You can see the group charter [here](https://docs.google.com/document/d/10iXXW4c-lW9ZR-qey_92006muIBuLt3VN4GkZa214OA/edit?usp=sharing).
Participating and contributing in this group requires a CCI membership, open and free to all (organizations and individuals). If you are not a CCI member yet, please request a membership agreement at [https://www.covidcreds.org/#Join](https://www.covidcreds.org/#Join).
* [Vaccine Passports Must Leverage Decentralized Identity Solutions](https://medium.com/ontologynetwork/vaccine-passports-must-leverage-decentralized-identity-solutions-d454f9907fe9) Ontology
Decentralized identity solutions offer an ideal solution to the data privacy and identity risks associated with COVID-19 passports and other verification methods.
* [Why health passes are NOT vaccine passports and offer greater flexibility and choice](https://blog.digi.me/2021/08/18/why-health-passes-are-not-vaccine-passports-and-offer-greater-flexibility-and-choice/) Digi Me
Health passes, though, are much more flexible as they provide multiple options. They can still be used as proof of vaccination, if the user chooses to share their health information in this way.
But, importantly and in a crucial difference from vaccine passports, they can also be used to securely display a test result, such as a negative PCR or rapid antigen test (also known as lateral flow tests) today. Additionally, they are also future-proofed for options such as rapid antibody test results when those come into play on a large scale.
* [A Goldilocks point for Digitised Vaccination Certificates](https://lockstep.com.au/a-goldilocks-point-for-digitised-vaccination-certificates/)
* [Safeguarding COVID-19 Vaccines with SSI](https://medium.com/@frank.k./iot-network-security-protecting-covid-19-vaccines-with-ssi-part-1-requirements-b6523a607fbe) Frank Kottler — Part 1/3
Defining the Future of IoT with Distributed Identity Management
@ -320,134 +364,7 @@ Dylan realizes that the identified design requirements correspond to properties
Dylan has identified the requirements towards their IoT network and possible secure network architectures. Still, two challenges remain unsolved: the configuration effort required to setup device APIs and communication protocols, and the question of how to securely identify and authenticate the devices.
* [Ugh! There's an App for That!](https://www.windley.com/archives/2021/10/ugh_theres_an_app_for_that.shtml) <-Phil Windley on Vaccine certificates.
Interoperability is a fundamental property of tech systems that are generative and respect individual privacy and autonomy. And, as a bonus, it makes people's live easier!
* [Building an SSI Ecosystem: Health Passes and the Design of an Ecosystem of Ecosystems](https://www.windley.com/archives/2021/06/building_an_ssi_ecosystem_health_passes_and_the_design_of_an_ecosystem_of_ecosystems.shtml) Windley
Ever since the Covid pandemic started in 2020, various groups have seen verifiable credentials as a means for providing a secure, privacy-respecting system for health and travel data sharing. This post explores the ecosystem of ecosystems that is emerging as hundreds of organizations around the world rise to the challenge of implementing a globally interoperable system that also respects individual choice and privacy.
* [The Vaccine Certificate Experience](https://www.webistemology.com/vaccine_certificate_experience/) WEBISTEMOLOGY
### Version 1 of the Ontario COVID Vaccine Certificate is a cumbersome experience that needs some work
What I observed is NOT a user-friendly experience for either the customer or the business. For the experience to be improved it needs to be a single presentation operation of either a paper or digital certificate that the business can verify in one step.
The advantage of a paper and ID card presentation ritual is that it is difficult to hack. So if we are going to improve the presentation with a single credential as above, privacy and security MUST be protected.
* [COVID & Travel Resources for Phocuswright](https://identitywoman.net/covid-travel-resources-for-phocuswright/) IdentityWoman.net
* [Digital identity is critical in the new world since covid](https://digitalidentity.nz/2021/11/17/digital-identity-is-critical-in-the-new-world-since-covid/) DigitalID NZ
* [Their recent survey](https://digitalidentity.nz/wp-content/uploads/sites/25/2019/05/Digital-Identity-Yabble-Benchmark-Research-Infographic-May-2019.pdf) found 85 percent of respondents said there was a lack of transparency, as well as concern in having to share data with so many organisations.
* [How to Prove You're Vaccinated for COVID-19](https://www.consumerreports.org/covid-19/how-to-prove-youre-vaccinated-for-covid-19-a5516357574/) Consumer Reports
* [Eight Simple Rules for Creating Decentralized Covid Credentials](https://indicio.tech/eight-simple-rules-for-creating-decentralized-covid-credentials/) Indicio
1. The thing just has to work — This may sound like a no-brainer, but from our experience, this can be often overlooked. Want broad adoption? Your application must be fast and functional. If it causes too much friction people either wont use it or theyll look for ways around it.
* [COVID-19 as a Catalyst for the Advancement of Digital Identity](https://www.perkinscoie.com/images/content/2/4/247949/2021-Perkins-Coie-LLP-Health-Passport-White-Paper.pdf) Perkins Cole
This article discusses areas of law that are developing rapidly [...] our goal is to address some of the legal considerations that health certificates raise with respect to, and in the context of, the development of a comprehensive system of digital identity management.
* [The evolution of Covid testing peaks with at-home rapid antigen test-and-show capability](https://blog.digi.me/2021/08/20/the-evolution-of-covid-testing-peaks-with-at-home-rapid-antigen-test-and-show-capability/) Digi Me
fixes the pain points of other testing processes especially as infectious and asymptomatic people can test without travelling is cheap, eminently scalable, and can be used as secure proof of Covid health status where needed.
* [Innovation in Digital Identity and Credentials in the Post-Covid World](https://academy.affinidi.com/innovation-in-digital-identity-and-credentials-in-the-post-covid-world-f182a5743ce8) Affinidy
Though we often get lost in technologies, frameworks, legislation, and economic models, its ultimately the human aspect that will define the future of the digital identity industry. Bearing this in mind can determine the heights we scale and how quickly we can get there.
* [Building an SSI Ecosystem: Health Passes and the Design of an Ecosystem of Ecosystems](https://www.windley.com/archives/2021/06/building_an_ssi_ecosystem_health_passes_and_the_design_of_an_ecosystem_of_ecosystems.shtml) Windley
This post explores the ecosystem of ecosystems that is emerging as hundreds of organizations around the world rise to the challenge of implementing a globally interoperable system that also respects individual choice and privacy.
* [Panel: Paving the Way to a Safer Travel Experience - Heather Dahl, & Scott Harris & Adrien Sanglier](https://www.youtube.com/watch?v=YlgXNk4GRLc)
Together SITA and Indicio.tech utilized Hyperledger Aries, Ursa, and Indy to create a secure travel credential that is accepted by airlines, hotels and hospitality partners without sharing private health information. In this panel discussion, SITA and Indicio.tech will share their journey of applying verifiable credentials in commercial aviation and travel/hospitality to make it easy for visitors entering a country to share a trusted traveler credential based on their health status, yet revealing no personal information or health data privately and securely on their mobile device.
* [Blueprint for a Digital Health Pass](https://www.kuppingercole.com/blog/bailey/blueprint-for-a-digital-health-pass) Kuppinger Cole
Binding an identity to a Verifiable Credential remains valid beyond the point of verification by being able to match a real-time biometric data point with one which was logged at the point of verification
* [Setting up digital ID regime could provide boost to post-pandemic recovery](https://diacc.ca/2021/04/22/setting-up-digital-id-regime-could-provide-boost-to-post-pandemic-recovery/)
> If the global pandemic has shown us anything, its that the need for reliable and secure data is paramount as businesses, governments, and Canadians from Vancouver to Quebec City to Charlottetown and everywhere in between move online.
* [Digital vaccine certificate looms as HR's next problem](https://searchhrsoftware.techtarget.com/news/252494706/Digital-vaccine-certificate-looms-as-HRs-next-problem)
> It's going to take a while for the efforts to sort themselves out, Beck said, but he believes it will happen by the fall or year-end. Government funding may be forthcoming.
>
> Based on what Biden has said generally about public health, Beck believes the new administration plans to make "a big commitment to health equity and improving public health systems broadly," he said.
* [Covid Vaccinations Data Donor Program](https://digitalscot.net/covid-vaccinations-data-donor-proposal/)  A Proposal for the Scottish Government
> “The Scottish Government must invest in data, digital and technology in health and social care to help Scotland recover from Covid-19. Closing the data gap in the sector could be worth £800m a year and deliver savings of £5.4bn to NHS Scotland. SCD said better data would help to build resilience against future public health challenges, which in turn will drive a healthy economy.” - Scottish Council for Development and Industry
>
> Our solution provides a platform for achieving exactly this, both in terms of equipping Scotland with a powerful integrated data environment and also through a framework where developers can further build on this with other apps for a myriad of other use cases. It could be tied in with the [vaccination scheduling system](https://www.ukauthority.com/articles/nhs-scotland-launches-digital-service-for-covid-19-vaccinations/) as an immediate step for example.
* [SSI COVID Passports: Why, What and How](https://noha-abuaesh.medium.com/ssi-covid-passports-why-what-and-how-6f450fddfabf) Noha Abuaesh
What if people can prove their COVID status to different entities, prove that they are authentic and prove they were intended for them, without having to reveal any of their personal information; not even their names?
* [VeriFLY Lets Users Upload Vaccine Credentials](https://findbiometrics.com/verifly-lets-users-upload-vaccine-credentials/) FindBiometrics
“We envision a world where your VeriFLY digital wallet will provide access to the places you and your family want to visit. And the ability to accept a vaccine health credential will accelerate opportunities to resume activities weve all dearly missed.”   Tom Grissen, CEO, Daon
* [IATAs digital health passport paves the way to a new biometric identity for travel](https://www.futuretravelexperience.com/2021/04/iatas-digital-health-passport-paves-the-way-to-a-new-biometric-identity-for-travel/)
> As FTE has previously reported, a number of other solutions have entered the digital health passport space in the past few months from various suppliers, including AOKpass, CommonPass, Daons VeriFLY, CLEAR Health Pass and IBM Digital Health Pass, just to name a few. Despite the growing competition, IATA is clear that its aim is not to dominate the market, but to make sure that standards are established to create a secure and interoperable solution.
* [Working Together on What “Good” Looks Like](https://www.hyperledger.org/blog/2021/02/12/working-together-on-what-good-looks-like) - Hyperledger
> This initiative is intended to define, in the context of test results and vaccination records for opening up borders for travel and commerce, a high bar for implementations of identity and credentialing systems to meet with regards to privacy, ethics and portability. They will also work with the implementers of such systems to converge towards common standards and governance.
Immunity passports' could speed up return to work after Covid-19 https://www.theguardian.com/world/2020/mar/30/immunity-passports-could-speed-up-return-to-work-after-covid-19
* What are, in your opinion, the riskiest assumptions when writing an Software Development Kit?
* For you, what are the most promising SSI projects or repos?
* What do you believe are the bottlenecks for the cross-ledger SSI? How soon can we see cross-ledger credentials exchanges?
* What are the upsides of using Zero MQ over a common HTTP Rest connection?
* How hard would it be to replace the current Transport Layer Security architecture with SSI?
* Why was Rust chosen to write Indy-SDK?
* Specific roadblocks other people in this space should look out for?
* What are the books you have recommended most to others?
* [Vaccination Certificate Vocabulary](https://lists.w3.org/Archives/Public/public-credentials/2021Feb/0069.html) Tobias Looker
> I'd like to propose a new work item that formally defines a vocabulary for issuing Vaccination Certificates in the form of Verifiable Credentials.
* [Covid has accelerated Canadians demand for digital ID](https://diacc.ca/2021/02/16/covid-has-accelerated-canadians-demand-for-digital-id/) DIACC
> three-quarters of the population feels its important to have a secure, trusted and privacy-enhancing digital ID to safely and securely make transactions online. The majority of Canadians believe it is important for federal and provincial governments to move quickly on enabling digital ID in a safe and secure manner, according to the survey.
* [Digi.me partners with Healthmark to enable Covid testing and verified result reporting](https://blog.digi.me/2021/02/16/digi-me-partners-with-healthmark-to-enable-covid-testing-and-verified-result-reporting/)
> Consentry healthpass capability is an end-to-end solution which enables users to take a self-administered PCR saliva test, send it in for processing, and then receive an in-app result. Crucially, Consentry also generates a certified and dated travel certificate, together with qualifying details of the test taken, which can be printed, shared securely or displayed as needed.
* [Center for Global Development: A COVID Vaccine Certificate](https://www.cgdev.org/publication/covid-vaccine-certificate-building-lessons-digital-id-digital-yellow-card)
### Building on Lessons from Digital ID for the Digital Yellow Card
> Covid Vaccination Certificate will be a formidable challenge, not only to international cooperation, but because it will need to be implemented in the course of mass vaccination campaigns across countries with very different health management systems and ID systems and with a constantly evolving situation.
* [The fine line between global COVID-19 protocols and privacy](https://www.techrepublic.com/article/the-fine-line-between-global-covid-19-protocols-and-privacy/) Tech Republic
> A panel of experts considers the best methods for safe domestic and international air travel including proof of testing, vaccination passports, and digital health passes.
* [Vaccination Passports: State of Play](http://www.infiniteideasmachine.com/2021/02/vaccination-passports-state-of-play/) Infinite Ideas Machine
> vaccination passports are unwarranted, in practice near-pointless clinically, and potentially risky in a number of ways.
* [Digital Vaccination Certificates -- Here Be Dragons!](https://lists.w3.org/Archives/Public/public-credentials/2021Feb/0128.html)
This is a thread to keep an eye on. >> Anil John writes:
Because I believe that this is an important conversation, I figure I would put together some high level slideware that synthesizes and shares the answers I have provided directly to those who have asked.  I am not in the hearts and minds business, so consider this in the spirit of the quote from Bruce Lee - "Absorb what is useful, Discard what is not, Add what is uniquely your own."
Happy to chat to share our mistakes, so that you don't need to repeat them, with those who have a public interest focus in this area.
* [The inevitable vaccine passports Or, are they actually inevitable?](https://trustoverip.substack.com/p/the-inevitable-vaccine-passports)
Until the time digital records for vaccination are as simple and do not require a second thought around wallet/app/credential format etc - we have a long way to go before they are inevitable.
## CCI
* [CCI Knowledge Base](https://docs.google.com/spreadsheets/d/1z0MaGrb-Py7V3ZO4AnmYMHsXNgTmLhVocyaX7ySQ5mI/edit#gid=1671625933)
@ -457,6 +374,70 @@ As our community continues to grow and the pandemic situation keeps evoloving, t
If you'd like to submit relevant news or articles for the database, please go to [https://bit.ly/2JfKbpf.](https://bit.ly/2JfKbpf.)
* [COVID Credentials Initiative Update/Overview](https://iiw.idcommons.net/1C/_COVID_Credentials_Initiative_Update/Overview https://docs.google.com/presentation/d/11K027LlitWljJu_XNTztqc6BGvhsD8JBX5OkavLEEMA/) Lucy Yang, Kaliya Young, John Walker
CCI is an open global community collaborating to enable the use of W3C Verifiable Credentials (VCs) and other related privacy-preserving technologies for public health purposes.
CCI is hosted by Linux Foundation Public Health (LFPH), a project of the Linux Foundation that works with public health authorities and their key stakeholders to ensure that investments into public health technology meet common needs and have maximum impact.
* [COVID Credentials Initiative: Challenges & Learning](https://iiw.idcommons.net/10C/_COVID_Credentials_Initiative:_Challenges_%26_Learning) by Lucy Yang, Kaliya Young, John Walker
* [CCI Introduction](https://docs.google.com/presentation/d/11K027LlitWljJu_XNTztqc6BGvhsD8JBX5OkavLEEMA/edit?usp=sharing)
Solution assumption with the Good Health Pass is revoking is not necessary as VCs are short lived (solution to invalid credential). Issuers will re-issue vs. revoke<br><br>In many cases, labs are providing incorrect information in vaccination records, which need to be re-issued<br>- Still need to notify the holder that their (current VC) is invalid and they need to take action to resolve<br>- Issuers asking what if we make a mistake (re-issue)<br>- Holders having problems findin there vaccination VC<br>- Many of the unresolved issues are governance/policy related (for which the “health authorities”) have not worked out the details<br>- Policy providers are applying the brakes through in-grained bureaucracy to produce a perfect standard for their jurisdiction vs. rapidly evolving a common standard and “usable solution” in the short term.<br>- Unclear on how to get VC and underlying data into the hands of holders, particularly as holders dont have the technology and skills to manage their health data.<br>- Data privacy is an issue across each of the implementers and users of the Issuer, Holder and Verifier roles. Lack of common understanding and agreement on how and who owns and controls the data<br>- WHO standard will likely be adopted in the Global South (hemisphere)<br>- GHP looking to paint a forward looking common picture, including interim solutions (iterate standards)<br>- The number of players (and their levels of understanding/expertise and agreement with the current direction) alone makes consensus very difficult<br>- Paper credentials have been getting consensus on interim solutions.<br>- W3C and WHO are great candidates.<br>- Affinidi is making a universal verifier application (https://www.affinidi.com/)
* [Digital Vaccination Certificates -- Here Be Dragons!](https://lists.w3.org/Archives/Public/public-credentials/2021Feb/0128.html)
This is a thread to keep an eye on. >> Anil John writes:
Because I believe that this is an important conversation, I figure I would put together some high level slideware that synthesizes and shares the answers I have provided directly to those who have asked.  I am not in the hearts and minds business, so consider this in the spirit of the quote from Bruce Lee - "Absorb what is useful, Discard what is not, Add what is uniquely your own."
Happy to chat to share our mistakes, so that you don't need to repeat them, with those who have a public interest focus in this area.
* [Use Case Implementation Workstream](https://covidcreds.groups.io/g/usecaseCCI) [usecaseCCI@covidcreds.groups.io](mailto:usecaseCCI@covidcreds.groups.io)
This is the Use Case Implementation Workstream of the [COVID Credentials Initiative (CCI)](https://www.covidcreds.com/). This workstream identifies privacy-preserving verifiable credentials (VCs) that are most useful to the COVID-19 response and provides a forum and platform for those who are implementing COVID VCs to present their projects/solutions.
## User Experience
* [Covid has accelerated Canadians demand for digital ID](https://diacc.ca/2021/02/16/covid-has-accelerated-canadians-demand-for-digital-id/) DIACC
> three-quarters of the population feels its important to have a secure, trusted and privacy-enhancing digital ID to safely and securely make transactions online. The majority of Canadians believe it is important for federal and provincial governments to move quickly on enabling digital ID in a safe and secure manner, according to the survey.
* [Innovation in Digital Identity and Credentials in the Post-Covid World](https://academy.affinidi.com/innovation-in-digital-identity-and-credentials-in-the-post-covid-world-f182a5743ce8) Affinidy
Though we often get lost in technologies, frameworks, legislation, and economic models, its ultimately the human aspect that will define the future of the digital identity industry. Bearing this in mind can determine the heights we scale and how quickly we can get there.
* [Their recent survey](https://digitalidentity.nz/wp-content/uploads/sites/25/2019/05/Digital-Identity-Yabble-Benchmark-Research-Infographic-May-2019.pdf) found 85 percent of respondents said there was a lack of transparency, as well as concern in having to share data with so many organisations.
* [How to Prove You're Vaccinated for COVID-19](https://www.consumerreports.org/covid-19/how-to-prove-youre-vaccinated-for-covid-19-a5516357574/) Consumer Reports
* [Women and platform livelihoods in Kenya: The impact of COVID-19](https://medium.com/caribou-digital/women-and-platform-livelihoods-in-kenya-the-impact-of-covid-19-954d6b073997)
We are starting a new research project — and wed like you to join us on the journey. Over the course of 2021, Qhala and Caribou Digital, with the support of the Mastercard Foundation, will work to understand the impact of COVID-19 on young womens experiences working or selling through online platforms in Kenya.
* [How can we make platform livelihoods better for young women, especially during and after COVID-19?](https://medium.com/caribou-digital/how-can-we-make-platform-livelihoods-better-for-young-women-especially-during-and-after-covid-19-696b3974bf61)
But who is the “we”? The research asks exactly that — who is the “we” that needs to [make the platform work better for women](https://medium.com/caribou-digital/female-livelihoods-in-the-gig-economy-tensions-and-opportunities-f14982b6aaad)?
* [The evolution of Covid testing peaks with at-home rapid antigen test-and-show capability](https://blog.digi.me/2021/08/20/the-evolution-of-covid-testing-peaks-with-at-home-rapid-antigen-test-and-show-capability/) Digi Me
fixes the pain points of other testing processes especially as infectious and asymptomatic people can test without travelling is cheap, eminently scalable, and can be used as secure proof of Covid health status where needed.
* [JWTs done right: Quebec's proof of vaccination](https://mikkel.ca/blog/digging-into-quebecs-proof-of-vaccination/)
Well, my proof of vaccination finally arrived, and the result is… actually pretty okay. Still, there's always some fun to be had in zero-knowledge hacks, so I thought I'd blog about my experiences anyway.
* [The Vaccine Certificate Experience](https://www.webistemology.com/vaccine_certificate_experience/) WEBISTEMOLOGY
Version 1 of the Ontario COVID Vaccine Certificate is a cumbersome experience that needs some work<br><br>What I observed is NOT a user-friendly experience for either the customer or the business. For the experience to be improved it needs to be a single presentation operation of either a paper or digital certificate that the business can verify in one step.<br><br>The advantage of a paper and ID card presentation ritual is that it is difficult to hack. So if we are going to improve the presentation with a single credential as above, privacy and security MUST be protected.
* [Center for Global Development: A COVID Vaccine Certificate](https://www.cgdev.org/publication/covid-vaccine-certificate-building-lessons-digital-id-digital-yellow-card)
Building on Lessons from Digital ID for the Digital Yellow Card<br><br>Covid Vaccination Certificate will be a formidable challenge, not only to international cooperation, but because it will need to be implemented in the course of mass vaccination campaigns across countries with very different health management systems and ID systems and with a constantly evolving situation.
## Caution
* [Vaccination Passports: State of Play](http://www.infiniteideasmachine.com/2021/02/vaccination-passports-state-of-play/) Infinite Ideas Machine
> vaccination passports are unwarranted, in practice near-pointless clinically, and potentially risky in a number of ways.
* [Vaccine passports prove an ethical minefield](https://www.computerweekly.com/news/252496853/Vaccine-passports-prove-an-ethical-minefield)
Any [Covid-19 vaccine passport scheme](https://www.computerweekly.com/news/252494730/Covid-19-immunity-passport-tests-to-begin-in-UK) set up in the UK could easily turn out to be discriminatory and invasive, and open the door to worse abuses of privacy in future, say security experts and campaigners.
@ -465,53 +446,3 @@ Any [Covid-19 vaccine passport scheme](https://www.computerweekly.com/news/25249
*Not to late to contribute to this Ada Lovelace Institute Project the due date is Feb 28th*
> An evidence review and expert deliberation of the practical and ethical issues around digital vaccine passports and COVID status apps
* [Identity Ownership and Security in the Wake of the Pandemic](https://www.pingidentity.com/en/company/blog/posts/2021/identity-ownership-security.html)
Highlights from Ping Identitys Andre Durand, and Richard Bird on an episode of Pings new podast *[Hello User](https://www.pingidentity.com/en/company/podcast.html)*
> we explore how the pandemic has opened up an opportunity to shape the future of personal identity.
> - Takeaway #1: We digitized much of our economy during the pandemic but neglected one important aspect: identity.
> - Takeaway #2: Third parties have much more control over digital identity than individuals.
> - Takeaway #3: Were on the cusp of a tectonic shift in the notion of digital identity.
> - Takeaway #4: The pandemic has accelerated the changes needed to shape the future of digital identity security.
> - Takeaway #5: Moving control of digital identity to the individual will dramatically change our current identity and access management systems.
>
### Zada
* [We are now officially live in Myanmar!](https://zada.io/we-are-now-officially-live-in-myanmar/)
ZADA apps are all launched and our first digital ID a COVIDPASS is being issued by Pun Hlaing Hospitals to everyone who gets vaccinated.
### LFPH
* [Understanding the Global COVID Certificate Landscape](https://www.lfph.io/2021/10/13/divoc/) DIVOC
The DIVOC project is hosted and maintained by [Indias eGov Foundation](https://egov.org.in/) and is available as an MIT-licensed open source software package DIVOC is also supported by various multilateral funding institutions, as well as a community of software contributors and adopters in various geographies. DIVOCs verifiable COVID credentials have also been tested for interoperability with several consumer-health and locker applications globally; and DIVOCs certificates from the adopter countries can now be scanned/read/ingested by these domestic and international applications.
* [From Closed Loop Systems to Open World COVID Credentials Exchange](https://www.lfph.io/wp-content/uploads/2021/04/CCI-Summit-Summary-Report-From-Closed-to-Open.pdf) CCI Report
> This summit, convened by CCI, was designed to beginarticulating a roadmap to get from closed loop systems to an open systemwhere it doesnt matter if issuers, holders and verifiers are using the tool provided by the same solution provider as long as all solution providers are building on a certain common ground.The discussion focused on domestic reopening use cases using the US as the context.
* [Governor Cuomo Announces Launch of Excelsior Pass Plus to Support the Safe, Secure Return of Tourism and Business Travel](https://www.governor.ny.gov/news/governor-cuomo-announces-launch-excelsior-pass-plus-support-safe-secure-return-tourism-and) NYS Gov
Excelsior Pass Plus, a result of the strategic partnership between New York State and VCI, will provide New Yorkers safe access to retrieve a secure, digital copy of their COVID-19 vaccination record using the [SMART Health Cards Framework](https://protect2.fireeye.com/v1/url?k=c0acc09b-9f37f85c-c0ae39ae-000babd9f75c-7271080d81ab95a1&q=1&e=61cb6a92-1e48-44b8-96be-e1dd24b53960&u=https%3A//vci.org/about#smart-health) - making their interstate and international travel and commerce experiences safer, contact-less, and more seamless.
* [Use Case Implementation Workstream](https://covidcreds.groups.io/g/usecaseCCI) [usecaseCCI@covidcreds.groups.io](mailto:usecaseCCI@covidcreds.groups.io)
This is the Use Case Implementation Workstream of the [COVID Credentials Initiative (CCI)](https://www.covidcreds.com/). This workstream identifies privacy-preserving verifiable credentials (VCs) that are most useful to the COVID-19 response and provides a forum and platform for those who are implementing COVID VCs to present their projects/solutions.
* [Introducing the Global COVID Certificate Network (GCCN)](https://www.lfph.io/2021/06/08/gccn/)
* [Implementing the Good Health Passs recommendations with Cardea](https://indicio.tech/blog/implementing-the-good-health-passs-recommendations-with-cardea/)
> Cardea, a full, open-source ecosystem for verifiable health credentials developed by Indicio and now a community-led project at LFPH, meets the major recommendations of the Good Health Pass and facilitates the goals of the Global COVID Certificate Network.
Good Health Pass Blueprint and the Global Covid Credentials Initiative by LFPH presented at the [DIF Interop Working Group](https://us02web.zoom.us/rec/play/Si6s-_rvMU7FuHW6QnJVxW47CFiotXDMWutkWMgePKdSWVhTYyADaldJhvzqOl1JPP297-lvSYXCDuk2.rMFee21Ba1fU6y2R?continueMode=true&_x_zm_rtaid=dQ0WNpJPS2WF1QUlmxYwBQ.1624241159436.7617ddee4319249d32a108bb882dc0ec&_x_zm_rhtaid=623)
As more and more governments adopt [major COVID certificate standards](https://www.lfph.io/2021/10/12/global-covid-certificate-landscape/) to reopen borders, the travel industry is working hard to catch up on their technology to meet the evolving travel requirements. However, there is still no shortage of complaints from travelers about their cumbersome international travel experiences.
LFPH Calls for Coordination of Digital Vaccination Records Using Open Standards
The CCI community collaborated with Linux Foundation Public Health to [write a letter to the Biden Administration](https://www.lfph.io/wp-content/uploads/2021/02/LFPH-Calls-for-Coordination-of-Digital-Vaccination-Records-Using-Open-Standards.pdf) about how Verifiable Credentials could be used to support re-opening the economy.
> Some states and other countries have started to pilot this approach, as have various industries like film and aviation. But, the inconsistent use of standards and varying implementations have already led to confusion and public concern. An effort coordinated at the federal level would lead most quickly to uniform adoption and true inter-state and cross-domain interoperability.
>
> LFPH and our partner organizations are ready to collaborate with you on this.

View File

@ -4,38 +4,51 @@ published: false
# Education
* [Understand the usage in Education](https://www.ssi.crubn.com/education) CRUBN
## Real World
* [GATACA joins EU Commissions Early Adopters Program as SSI provider in the Spanish group](https://gataca.io/insights/gataca-joins-the-european-commission-s-early-adopters-program-as-the-ssi-technology-provider-in-the-spanish-group)
> In Spain, three universities will pioneer the issuance of digital Academic Diplomas. The issuance will be performed 100% online, where students will authenticate themselves using a digital ID previously issued by FNMT (the Royal Mint of Spain) and stored in their mobile wallets.
* [RMIT future-proofs the university-to-student connection with verifiable credentials in Azure Active Directory](https://customers.microsoft.com/en-au/story/1481006006183422060-rmit-university-higher-education-azure-active-directory Azure AD, ION)
Many of the components we needed were readily available to us within the Microsoft suite. RMIT uses Azure AD today for student and staff login as an identity provider. ION is an open, permissionless Layer 2 network based on the purely deterministic Sidetree protocol based on open standards.
* [Blockchain and the future of Education](https://wellthatsinteresting.tech/blockchain-and-the-future-of-education/) WellThatsInteresting.tech
It highlights the [recent announcement from Digitary](https://www.digitary.net/myequals-1-million/) about having issued over four million digitally verified documents from 100+ institutions for millions of learners in 135 countries.
## Government
* [US Education Department promotes putting student records on blockchain](https://cointelegraph.com/news/us-education-department-promotes-putting-student-records-on-blockchain)
> The COVID-19 pandemic has exposed flaws across various sectors. As a result, a number of government departments are evaluating blockchain-based systems as possible solutions for challenges involving multiparty workflows, record-keeping, transparency and more.
>
> For example, the United States Department of Education recently provided funding for the launch of the “[Education Blockchain Initiative](https://www.acenet.edu/Research-Insights/Pages/Education-Blockchain-Initiative.aspx).” Referred to as the EBI, this project is led by the American Council on Education — an organization that helps the higher education community shape effective public policy — and is designed to identify ways that blockchain can improve data flow between academic institutions and potential employers.
## Paper
* [Blockchain, Self-Sovereign Identity and Digital Credentials: Promise Versus Praxis in Education](https://www.frontiersin.org/articles/10.3389/fbloc.2021.616779/full) Alex Grech, Ira Sood and Lluís Ariño
Although the blockchain has long been identified as an opportunity for driving much-needed change in the core processes of the education sector, use cases to date have been limited in scope and execution, with blockchain advocates and education policy makers seemingly disconnected on fundamental issues such as governance, self-sovereignty, interoperability, choice of blockchain platforms and overall trust in standards and the integrity of the infrastructure.
* [Blockchain in the Education Sector](https://potech.global/assets/pdfs/Potech-Labs-White%20Paper_Blockchain-in-the-Education-Sector.pdf)
> Since most of the educational institutes were facing security crises, new challenges are added to the security system to identify and manage the users access to these platforms.The most relevant challenges include but not limited to, legacy identity infrastructure, student lifecycle and users access complexity and new cyber threats.
## Explainer
* [The digital transformation of the education sector](https://www.validatedid.com/post-en/the-digital-transformation-of-the-education-sector) ValidatedID
For schools and universities, adopting the electronic signature as a tool not only implies an improvement in the experience for students and employees, but it also means a great improvement in administrative processes.
* [RMIT future-proofs the university-to-student connection with verifiable credentials in Azure Active Directory](https://customers.microsoft.com/en-au/story/1481006006183422060-rmit-university-higher-education-azure-active-directory)
Compatibility with open standards is key to optimizing innovation. “We consider this solution part of a bigger ecosystem that will connect and cooperate with other ecosystems,” adds Radhakrishnan. “Were exploring linking student credentials to the transportation authorities in Victoria and Melbourne to provide students with discounts on those systems. Microsoft embracing open-source technologies opens possibilities like these.”
* [Self-Sovereign Identity User Scenarios in the Educational Domain](https://er.educause.edu/articles/2022/4/self-sovereign-identity-user-scenarios-in-the-educational-domain) Educause Review
Due to the high level of international mobility in the academic sector, insular solutions relying on only one national type of government-issued digital ID card will be insufficient; instead, the officials at the federation need to decide which digital ID cards are valid to uniquely associate an individual with private cryptographic keys, similar to the way passports are acknowledged internationally
* [Education pilot](https://www.krakenh2020.eu/pilots/education) Kraken
This pilot allows university students to trade their academic records in a privacy-preserving way, and recruitment agencies to acquire this data and process it, keeping the student's privacy intact.
* [CONNECTED IMPACT Unlocking Education and Workforce Opportunity Through Blockchain](https://www.acenet.edu/Documents/ACE-Education-Blockchain-Initiative-Connected-Impact-June2020.pdf?fbclid=IwAR22cl_g-DzoZOEBStwKhrsuQpqqA66ZyZhKdd_4NmER2GyDMXbatuUsUuw) ACE
This report is the first phase of the Education Blockchain Initiative, funded by the U.S. Department of Education and managed by the American Council on Education (ACE). It summarizes an intensive research project to better understand the application of blockchain, a form of distributed ledger technology, to education. Its content is intended to inform policymakers, technology developers, education practitioners, and workforce entities about the state of and potential of interoperable digital credentials anchored on blockchains. This report also provides guidance to these stakeholders on the effective implementation of blockchain-based digital credentials infrastructure.
* [Lissi use cases: Education](https://lissi-id.medium.com/lissi-use-cases-education-c39908690300)
Upon successful graduation from a school or university, a certificate is issued as proof of the achievements. However, these are currently still only issued in paper form and therefore cannot be easily presented to third parties.
* [The Block Space @theblockspaceio](https://twitter.com/theblockspaceio) via Twitter
we believe that education should evolve, apadt and adopt the latest technologies available such as #Web3. Let's talk about why self-sovereign identity will increase the demand of educational institutions for a future in lifetime digital credentials
* [Self-Sovereign Identity User Scenarios in the Educational Domain](https://er.educause.edu/articles/2022/4/self-sovereign-identity-user-scenarios-in-the-educational-domain) EduCause
The model of self-sovereign identity offers tempting benefits as educational systems become increasingly global and as learning spans a lifetime.
* [Digital Credentials the new student experience](https://condatis.com/webinars/webinar/digital-credentials/) Condatis
- The challenges universities are facing.
@ -43,24 +56,9 @@ The model of self-sovereign identity offers tempting benefits as educational sys
- How universities can support students beyond graduation.
- The benefits for universities, students, and employers.
* [Blockchain and the future of Education](https://wellthatsinteresting.tech/blockchain-and-the-future-of-education/) WellThatsInteresting.tech
It highlights the [recent announcement from Digitary](https://www.digitary.net/myequals-1-million/) about having issued over four million digitally verified documents from 100+ institutions for millions of learners in 135 countries.
* [Blockchain in the Education Sector](https://potech.global/assets/pdfs/Potech-Labs-White%20Paper_Blockchain-in-the-Education-Sector.pdf)
> Since most of the educational institutes were facing security crises, new challenges are added to the security system to identify and manage the users access to these platforms.The most relevant challenges include but not limited to, legacy identity infrastructure, student lifecycle and users access complexity and new cyber threats.
* [Digital Identity in Education](https://www.thedinglegroup.com/blog/2020/10/4/digital-identity-in-education) Dingle Group
> September 28 the 14th [2020] [Vienna Digital Identity Meetup](https://www.meetup.com/Vienna-Digital-Identity-Meetup/) hosted [a focused session](https://vimeo.com/464715275) on digital identifiers and verifiable credentials in education. We have two great updates from Kim Hamilton Duffy (Architect Digital Credentials Consortium, Chair of the W3C CCG and Verifiable Credentials for Education Task Force) and Lluis Arińo (convenor of Diplomas Use Case at European Blockchain Service Infrastructure and CIO Rovira i Virgili University, Spain).
* [US Education Department promotes putting student records on blockchain](https://cointelegraph.com/news/us-education-department-promotes-putting-student-records-on-blockchain)
> The COVID-19 pandemic has exposed flaws across various sectors. As a result, a number of government departments are evaluating blockchain-based systems as possible solutions for challenges involving multiparty workflows, record-keeping, transparency and more.
>
> For example, the United States Department of Education recently provided funding for the launch of the “[Education Blockchain Initiative](https://www.acenet.edu/Research-Insights/Pages/Education-Blockchain-Initiative.aspx).” Referred to as the EBI, this project is led by the American Council on Education — an organization that helps the higher education community shape effective public policy — and is designed to identify ways that blockchain can improve data flow between academic institutions and potential employers.
* [Redefining the Student Journey](https://www.youtube.com/watch?v=enqQ0FyLaBc) Condatis
Digital innovation has been front and centre in Higher Education since the pandemic. The challenges remain for universities supporting students now and for the future. With the help of Microsoft Azure AD Verifiable Credentials, universities can support student needs effective and innovative digital approach.
* [Blockchain, Self-Sovereign Identity and Digital Credentials: Promise Versus Praxis in Education](https://www.frontiersin.org/articles/10.3389/fbloc.2021.616779/full) Alex Grech, Ira Sood and Lluís Ariño
Although the blockchain has long been identified as an opportunity for driving much-needed change in the core processes of the education sector, use cases to date have been limited in scope and execution, with blockchain advocates and education policy makers seemingly disconnected on fundamental issues such as governance, self-sovereignty, interoperability, choice of blockchain platforms and overall trust in standards and the integrity of the infrastructure.
* [Blockchain and the future of education](https://wellthatsinteresting.tech/blockchain-and-the-future-of-education/) Well Thats Interesting
@ -70,10 +68,32 @@ The user has one wallet where all their important documents are kept safe and se
The electronic signature improves the experience in education for students, teachers, parents, guardians and other school staff.
* [Self-Sovereign Identity User Scenarios in the Educational Domain](https://er.educause.edu/articles/2022/4/self-sovereign-identity-user-scenarios-in-the-educational-domain) [Gerd Kortemeyer](https://members.educause.edu/gerd-kortemeyer) Educause
* [Self-Sovereign Identity User Scenarios in the Educational Domain Gerd Kortemeyer Educause](https://er.educause.edu/articles/2022/4/self-sovereign-identity-user-scenarios-in-the-educational-domain)
The model of self-sovereign identity offers tempting benefits as educational systems become increasingly global and as learning spans a lifetime.
* [Blockchains in HR: Prosoon and Talao go together on SSI and HR credentials](https://medium.com/@talao_io/blockchains-in-hr-prosoon-and-talao-go-together-on-ssi-and-hr-credentials-3b92968011fe) Talao
* [Super Skills, a mobile application use case for DIDs and VCs](https://medium.com/@ntonani/super-skills-a-mobile-application-use-case-for-dids-and-vcs-d174467ccf46)
Beyond directly helping children learn in playful ways, this partnership was forged to assist in championing the importance of three learning primitives of tomorrows educational landscape: decentralized identifiers (DIDs), verifiable credentials (VCs), and digital wallets.
* [When Job Candidates Lie, New Tech From ZippedScript And LearnCard Will Help You Catch Them](https://www.forbes.com/sites/zengernews/2022/09/16/when-job-candidates-lie-new-tech-from-zippedscript-and-learncard-will-help-you-catch-them/?sh=731b54b63ed4) Forbes
“recently launched [LearnCard](http://www.learncard.com/), a digital wallet for education and employment programmable verifiable credentials”
## Pilot
* [Education pilot](https://www.krakenh2020.eu/pilots/education) Kraken
This pilot allows university students to trade their academic records in a privacy-preserving way, and recruitment agencies to acquire this data and process it, keeping the student's privacy intact.
## Report
* [CONNECTED IMPACT Unlocking Education and Workforce Opportunity Through Blockchain](https://www.acenet.edu/Documents/ACE-Education-Blockchain-Initiative-Connected-Impact-June2020.pdf?fbclid=IwAR22cl_g-DzoZOEBStwKhrsuQpqqA66ZyZhKdd_4NmER2GyDMXbatuUsUuw) ACE
This report is the first phase of the Education Blockchain Initiative, funded by the U.S. Department of Education and managed by the American Council on Education (ACE). It summarizes an intensive research project to better understand the application of blockchain, a form of distributed ledger technology, to education. Its content is intended to inform policymakers, technology developers, education practitioners, and workforce entities about the state of and potential of interoperable digital credentials anchored on blockchains. This report also provides guidance to these stakeholders on the effective implementation of blockchain-based digital credentials infrastructure.
## Working group
* [Digital Identity in Education](https://www.thedinglegroup.com/blog/2020/10/4/digital-identity-in-education) Dingle Group
> September 28 the 14th [2020] [Vienna Digital Identity Meetup](https://www.meetup.com/Vienna-Digital-Identity-Meetup/) hosted [a focused session](https://vimeo.com/464715275) on digital identifiers and verifiable credentials in education. We have two great updates from Kim Hamilton Duffy (Architect Digital Credentials Consortium, Chair of the W3C CCG and Verifiable Credentials for Education Task Force) and Lluis Arińo (convenor of Diplomas Use Case at European Blockchain Service Infrastructure and CIO Rovira i Virgili University, Spain).
This partnership will enable the use of Blockchain and Self-Sovereign Identity technologies such as verifiable credentials to enable the support of diplomas and professional certifications in compliance with personal data in a decentralized environment (#web3).

View File

@ -4,56 +4,29 @@ published: false
# Healthcare
## Company Stories
* [Self-Sovereign Identity and Blockchain in the Healthcare Industry](https://knowledge.wealize.digital/en/blog/blog/ssi-at-healthcare-industry) Wealize Digital
* [Patient-Centric Identity Management for Healthcare with Jim St-Clair](https://northernblock.io/patient-centric-identity-management-for-healthcare/)
Healthcare is a key case-use of the SSI model employing blockchain given the significance and scalability of this sectoral. In this article, we give you details about a pilot project developed for the Andalusian Health Service in Spain to evidence the feasibility of a vaccination card according to the Alastria Self-Sovereign Identity system based on Blockchain technology.
* [How decentralised identity & verifiable credentials will transform the world of healthcare](https://www.htworld.co.uk/insight/decentralized-identity-verifiable-credentials-healthcare/) HealthTech World
When a medical accrediting agency provides a digitally signed certificate, the healthcare practitioner and owner of that certificate holds the credential in a digital wallet. The details of the credential such as the time stamp in which the certificate was given and how long it is valid for, can be optionally held within a blockchain network, digitally linked to the certificate, this process is called anchoring.
* [Unlocking the Value of Verifiable Credentials in the Health Sector](https://www.affinidi.com/post/unlocking-the-value-of-verifiable-credentials-in-the-health-sector) Affinidi
- Digital Infrastructure for Vaccination Open Credentialing (DIVOC) - This is an open-source platform that enables countries to digitally orchestrate country-wide health campaigns such as vaccinations and certifications.
- EU Digital COVID Certificate (EU-DCC) - This specification allows EU citizens and residents to have their digital health certificates issued and verified across the EU.
- Smart Health Card (SHC) - This initiative encourages the development of open standards and technologies to connect people with their health data. Led by Microsoft, Vaccination Credential Initiative (VCI), The Commons Project, and The MITRE Corporation, SHCs are seeing wide adoption across North America.
- International Civil Aviation Organisation - Visible Digital Seal (ICAO-VDS) - This is a travel document verification to re-establish travel and trade through aviation.
I began working with Lumedic in January of this year, specifically focused on digital identity standards, especially in self-sovereign identity, and also continuing to work in HL7. Lumedic is part of Providence Health Systems, and we play a very active role in several HL7 initiatives for health IT and data exchange. Its very complementary to the work were doing with groups like Sovrin, the Trust over IP Foundation, and so on.
* [The Human Colossus Foundation will present its Dynamic Data Economy -DDE concept at the DIA conference in Brussels](https://humancolossus.foundation/blog/dde-dia)
Promising advances in digital personal health empower patients. Technologically, we could shift from symptom based intervention to prevention and early treatment.  But advanced innovations also generate debates on trust in sharing intrusive data and regulatory compliance. You can find details regarding our panel presentation [here](https://www.diahome.org/en/conference-listing/meetings/2022/03/dia-europe-2022/agenda/29/precision-prevention-in-a-dynamic-data-economy?ref=PrecisionPreventioninaDynamicDataEconomy).
* [A Digital Staff Passport for hospital facilities, DIZME voted best solution at SHACK22 hackathon](https://infocert.digital/a-digital-staff-passport-for-the-safe-mobility-of-staff-in-hospital-facilities-dizme-has-been-voted-as-the-best-solution-at-shack22-hackathon/) Infocert
The hackathon held by INTEROPen, a leading organization to support & accelerate the delivery and adoption of Interoperability Standards in health & social, in partnership with NHS (National Health System) was aimed at developing innovative solutions for the management of access and safe mobility of staff in hospital facilities.
* [Accessing Medical Records Anywhere](https://academy.affinidi.com/accessing-medical-records-anywhere-a-use-case-for-verifiable-credentials-81a248f9b746) Affinidi
> this workflow doesnt involve any third-party to store your medical data and this also means no worry about medical data storage policies and the laws associated with it. The holder completely owns his or her medical data and stores it exclusively in his or her digital wallet, thereby making it secure and hassle-free.
* [Verifiable Credentials set to Revolutionize Health and Safety Compliance](https://blog.dock.io/verifiable-credentials-set-to-revolutionize-health-and-safety-compliance/) Dock
By integrating with Dock and utilizing verifiable credentials, the process of verifying a workers qualifications goes from analysing paper-based certificates and calling each educational body to certify the legitimacy of it, to having the accreditations sitting in a tamper-proof digital wallet, with a digital signature signature from the issuing body certifying the legitimacy.
* [Simplify medical supply orders with SSI: Techruption innovation project](https://www.brightlands.com/en/brightlands-smart-services-campus/brightlands-techruption-SSI-simplifies-medical-supply-orders)
* [Technical Design and Development of a Self-Sovereign Identity Management Platform for Patient-Centric Healthcare Using Blockchain Technology](https://www.blockchainhealthcaretoday.com/index.php/journal/article/view/196)
* [Case study: Gravity digital ID solution enables vulnerable migrants in Kenya to receive consistent healthcare services](https://medium.com/gravity-earth/case-study-gravity-digital-id-solution-enables-vulnerable-migrants-in-kenya-to-receive-consistent-713a78f9e0d8) Shiyao Zhang
Participants in this co-creation use case were TNO, CZ, Rabobank and Accenture. The developed solution can be applied in other industries as well. For example in public services, which are often offered by a network of organisations that are all required to comply with high administrative standards.
Since 2019, Gravity has been providing decentralized identity solutions for the
## Pilot
* [The Future of Healthcare Relies on Adaptation](https://auth0.com/blog/the-future-of-healthcare-relies-on-adaptation/) auth0
* [Self-Sovereign Identity and Blockchain in the Healthcare Industry](https://knowledge.wealize.digital/en/blog/blog/ssi-at-healthcare-industry) Wealize Digital
Most healthcare organizations are and should be, focused on their core business pursuits, such as patient care or processing insurance claims. Information security and identity management is not their core business, yet is a critical factor in compliant, secure business operations.
* [TheirCharts](https://blogs.harvard.edu/doc/2022/01/15/theircharts/) Doc Searls
If youre getting health care in the U.S., chances are your providers are now trying to give you a better [patient experience](https://www.epic.com/software#PatientEngagement) through a website called MyChart.
This is supposed to be yours, as the first person singular pronoun My implies. Problem is, its TheirChart.
* ["Member as API" - The Interoperability and Patient Access final rule and Verifiable Credentials](https://www.pocketcred.com/post/member-as-api-the-interoperability-and-patient-access-final-rule-and-verifiable-credentials)
The Interoperability and Patient Access final rule (CMS-9115-F) delivers on the government's promise to put patients first, giving them access to their health information when they need it most and in a way they can best use it. As part of the MyHealthEData initiative, this final rule is focused on driving interoperability and patient access to health information by liberating patient data using CMS authority to regulate Medicare Advantage (MA), Medicaid, CHIP, and Qualified Health Plan (QHP) issuers on the Federally-facilitated Exchanges (FFEs).
* [Advances in health "must ensure self-sovereign identity"](https://healthcareglobal.com/digital-healthcare/advances-health-must-ensure-self-sovereign-identity?page=1) Healthcare Global
Meanwhile a new report has found that the majority of the British public is willing to embrace digital healthcare tools  such as apps and digital therapies prescribed by a trusted healthcare professional.
Shaw adds: “The vital point to make is this: innovations in health technology must ensure self-sovereign identity.
Healthcare is a key case-use of the SSI model employing blockchain given the significance and scalability of this sectoral. In this article, we give you details about a pilot project developed for the Andalusian Health Service in Spain to evidence the feasibility of a vaccination card according to the Alastria Self-Sovereign Identity system based on Blockchain technology.
* [SSI For Healthcare: Lessons from the NHS](https://vimeo.com/543285754)
> - Lessons learned from working with self-sovereign identity (SSI) at the NHS, and the needs highlighted when leading the frontline response during COVID-19
@ -61,15 +34,75 @@ Shaw adds: “The vital point to make is this: innovations in health technology
> - Applying the four principles of healthcare ethics to verifiable credential technology
> - The top use cases for healthcare, including “staff passports” and portable health records
* [Solving Identity Challenges at the Intersection of Education and Healthcare](https://iiw.idcommons.net/21C/_Solving_Identity_Challenges_at_the_Intersection_of_Education_and_Healthcare) by Kimberly Linson
## explainer
* [Advances in health "must ensure self-sovereign identity"](https://healthcareglobal.com/digital-healthcare/advances-health-must-ensure-self-sovereign-identity) HealthCareGlobal.com
* [How decentralised identity & verifiable credentials will transform the world of healthcare](https://www.htworld.co.uk/insight/decentralized-identity-verifiable-credentials-healthcare/) HealthTech World
When a medical accrediting agency provides a digitally signed certificate, the healthcare practitioner and owner of that certificate holds the credential in a digital wallet. The details of the credential such as the time stamp in which the certificate was given and how long it is valid for, can be optionally held within a blockchain network, digitally linked to the certificate, this process is called anchoring.
* [Accessing Medical Records Anywhere](https://academy.affinidi.com/accessing-medical-records-anywhere-a-use-case-for-verifiable-credentials-81a248f9b746) Affinidi
> this workflow doesnt involve any third-party to store your medical data and this also means no worry about medical data storage policies and the laws associated with it. The holder completely owns his or her medical data and stores it exclusively in his or her digital wallet, thereby making it secure and hassle-free.
* [Verifiable Credentials set to Revolutionize Health and Safety Compliance](https://blog.dock.io/verifiable-credentials-set-to-revolutionize-health-and-safety-compliance/) Dock
By integrating with Dock and utilizing verifiable credentials, the process of verifying a workers qualifications goes from analysing paper-based certificates and calling each educational body to certify the legitimacy of it, to having the accreditations sitting in a tamper-proof digital wallet, with a digital signature signature from the issuing body certifying the legitimacy.
* [TheirCharts](https://blogs.harvard.edu/doc/2022/01/15/theircharts/) Doc Searls
If youre getting health care in the U.S., chances are your providers are now trying to give you a better [patient experience](https://www.epic.com/software#PatientEngagement) through a website called MyChart.
This is supposed to be yours, as the first person singular pronoun My implies. Problem is, its TheirChart.
* [Advances in health "must ensure self-sovereign identity"](https://healthcareglobal.com/digital-healthcare/advances-health-must-ensure-self-sovereign-identity?page=1) Healthcare Global
Meanwhile [a new report](https://orchahealth.com/patients-seek-digital-health-to-reduce-pressure-on-the-nhs/) has found that the majority of the British public is willing to embrace digital healthcare tools  such as apps and digital therapies prescribed by a trusted healthcare professional.
Shaw adds: “The vital point to make is this: innovations in health technology must ensure self-sovereign identity.
## Devices
[In 2021, #RuggedIoMD becomes an #IIoT category](https://wider.team/2020/12/23/2021ruggediomd/)
So theres demand for a new category of IoT and #IoMD that survives and thrives despite these challenges. Very low power consumption. Lots of storage and caching to hold on through power outages. Ruggedized for use outside clinics. Easy and cheap to field-repair. Lots of smarts inside so they work without an internet tap. Many flavors of connectivity to exploit opportunities as they knock. Open sourced, the better to adapt to new and unplanned problems.
* [Rugged Identity: resilience for Identity of Things to bad latency, signal, power, physical integrity. Mars, war zones, bad neighbors, Great Firewalls.](https://iiw.idcommons.net/11C/_Rugged_Identity:_resilience_for_Identity_of_Things_to_bad_latency,_signal,_power,_physical_integrity.) by Phil Wolff
Problem: So, what happens when you cant call home to conduct an identity conversation? Youre on Mars and the latency is long. Youre in Haiti and the bandwidth is very limited during a storm. Youre in a war zone and your signal is noisy due to interference.
Rugged Identity is hoped-for resilience from very long latency, noisy signal, low bandwidth, interrupted connections, very low power computing and radio, power outages, and attacks on physical integrity like device tampering.
## paper
* [Technical Design and Development of a Self-Sovereign Identity Management Platform for Patient-Centric Healthcare Using Blockchain Technology](https://www.blockchainhealthcaretoday.com/index.php/journal/article/view/196)
Results: MediLinker allows users to store their personal data on digital wallets, which they control. It uses a decentralized trusted identity using Hyperledger Indy and Hyperledger Aries. Patients use MediLinker to register and share their information securely and in a trusted system with healthcare and other service providers. Results: MediLinker allows users to store their personal data on digital wallets, which they control. It uses a decentralized trusted identity using Hyperledger Indy and Hyperledger Aries. Patients use MediLinker to register and share their information securely and in a trusted system with healthcare and other service provid-ers.
## Real World
* [Case study: Gravity digital ID solution enables vulnerable migrants in Kenya to receive consistent healthcare services](https://medium.com/gravity-earth/case-study-gravity-digital-id-solution-enables-vulnerable-migrants-in-kenya-to-receive-consistent-713a78f9e0d8) Shiyao Zhang
For patients who have a smartphone, they can directly view and manage their medical credentials on their wallet application; for patients who are equipped with feature phones, they can interact with their credentials via a dedicated USSD menu; for those who dont have a phone, the medical credentials will be stored in a printed QR code.
## Business
* [The Future of Healthcare Relies on Adaptation](https://auth0.com/blog/the-future-of-healthcare-relies-on-adaptation/) auth0
Most healthcare organizations are and should be, focused on their core business pursuits, such as patient care or processing insurance claims. Information security and identity management is not their core business, yet is a critical factor in compliant, secure business operations.
## Policy
* ["Member as API" - The Interoperability and Patient Access final rule and Verifiable Credentials](https://www.pocketcred.com/post/member-as-api-the-interoperability-and-patient-access-final-rule-and-verifiable-credentials)
The Interoperability and Patient Access final rule (CMS-9115-F) delivers on the government's promise to put patients first, giving them access to their health information when they need it most and in a way they can best use it. As part of the MyHealthEData initiative, this final rule is focused on driving interoperability and patient access to health information by liberating patient data using CMS authority to regulate Medicare Advantage (MA), Medicaid, CHIP, and Qualified Health Plan (QHP) issuers on the Federally-facilitated Exchanges (FFEs).
“I wholeheartedly agree that individuals should not be required to share their own personal health information with unknown third parties or with anyone in authority who demands it" Shaw adds. "But I strongly disagree with the suggestion that events and businesses are either safe to open for everyone, or no one. It creates a false dichotomy that either everyone is safe, or nobody is safe
* [What SMART on FHIR Means for the Future of Healthcare](https://auth0.com/blog/what-smart-on-fhir-means-for-the-future-of-healthcare/) Auth0
The Substitutable Medical Applications and Reusable Technologies (SMART) platform promises to solve these data fragmentation challenges by standardizing how patient data is accessed and shared. And given SMARTs inclusion in the [21st Century Cures Act](https://www.federalregister.gov/documents/2020/05/01/2020-07419/21st-century-cures-act-interoperability-information-blocking-and-the-onc-health-it-certification), the platform will become the standard protocol for accessing electronic health records (EHRs) in the near future.
* [Unlocking Possibilities](https://magnacerta.com) MagnaCerta
## Development
As different certificate frameworks emerge, there is a need for simple tools that enable Health Service Providers to deliver interoperable certificates valid across different channels, or built according to different specifications.
* [Solving Identity Challenges at the Intersection of Education and Healthcare](https://iiw.idcommons.net/21C/_Solving_Identity_Challenges_at_the_Intersection_of_Education_and_Healthcare) by Kimberly Linson
- We have to get to protocol/standards like we did with email
- It will be messy and competitive with new players who emerge and offer more freedom
- Those who cant adapt will lose ground - need to be willing to let go
- Messaging apps: Signal/Whats APp - PRESSURE...eventually someone will make it so that they work together and scoop up everyones business

View File

@ -2,6 +2,8 @@
published: false
---
https://www.crowdfundinsider.com/2020/09/166678-global-id-verification-provider-onfido-to-offer-authentication-services-to-malaysias-mycash-money/
# Humanitarian
* [Fixing Aid | Can blockchain help fix the I.D. problem for a billion people?](https://www.thenewhumanitarian.org/podcast/2022/03/31/Fixing-Aid-can-blockchain-help-fix-the-ID-problem-for-a-billion-people) The New Humanitarian

View File

@ -4,119 +4,34 @@ published: false
# IOT
## Explainer
* [Alternatives to the CompuServe of Things](https://www.windley.com/archives/2021/07/alternatives_to_the_compuserve_of_things.shtml) Windley
^^^ Interesting feature: Phil is leveraging the Hypothesis sidebar for comments\annotation -
The current model for connected things puts manufacturers in between people and their things. That model negatively affects personal freedom, privacy, and society. Alternate models can provide the same benefits of connected devices without the societal and personal costs.
* [Decentralized Identity of Things](https://blog.darrenjrobinson.com/decentralized-identity-of-things/) Winner Microsoft Decentralized Identity Hackathon
* [DIDoT - DID of Things. Decentralized Identity of Things](https://devpost.com/software/did-of-things-didot-allergen-management-in-food-shopping). Allergen management in food shopping. Based on the concept of things having verifiable credentials.
* [More Security in the Internet of Things Thanks to ETO](https://www.etogruppe.com/en/news/news-from-eto/more-security-in-the-internet-of-things-thanks-to-eto.html) ETO
ETO uses a network of distributed digital identities (DIDs) and verifiable credentials (VCs). A side benefit from the perspective of human Internet users: they regain data sovereignty over their personal data. [[github](https://gitlab.com/anchor-bundle/angular-webapp)]
* [Why Machines Need Self-Sovereign Identities](https://www.peaq.com/blog/why-machines-need-self-sovereign-identities) Peaq
As the world becomes even more connected and more machines are hooked up to the internet, the ability for machines to move, trade and interact securely and efficiently becomes increasingly important to life and business. Todays centralized networks do not enable this. Machines today exist on closed, permission-based environments which massively limit which other machines can be interacted with, what machines can do and where they can go.
* [Digital Twins and Self-Sovereign Identity: Build the next generation of Simulation with privacy preservation](https://iotpractitioner.com/digital-twins-and-self-sovereign-identity-build-the-next-generation-of-simulation-with-privacy-preservation/) IOT Practicioner
The rise in the use of advanced analytics, machine learning (ML) and Artificial Intelligence (AI) and the Internet of Things (IoT) today have driven the technology of simulation into the concept of the digital twin. Digital twins are generally defined as a virtual digital model of a physical system that is used to make better decisions about the real world physical system. Digital twins are usually intertwined with sensors and include a two-way interaction between the physical and digital twin.
* [@debimr75](https://twitter.com/debimr75/status/1347915348293533699) shares
> Now Animals too can have their own #decentralizedidentity to help them send their status updates to the rightful owner from their #IoT devices. #Decentralized #digitalidentity for #IoT devices would lead to #SmartFarming
* [Trust but Verify](https://stateofidentity.libsyn.com/trust-but-verify) Liminal Podcasts
Peter Padd, Co-Founder & CEO at Fortifyedge shares how he's built Zero Trust authentication software that provides IoT device OEM's with password-free authentication utilizing Tiny Machine Learning at the edge.
* [Why is Trusted Identity Important in IoT Commerce?](https://dlt.mobi/why-is-trusted-identity-important-in-iot-commerce/)
The evident solution is to imbue connected entities with unique, tamper-evident, self-sovereign, [Decentralized Identifiers (DIDs)](https://www.w3.org/TR/did-core/?mc_cid=1a98f7f0e4&mc_eid=UNIQID), developed by the [W3C](https://www.w3.org/?mc_cid=1a98f7f0e4&mc_eid=UNIQID), anchored in a decentralized trust network. For MOBIs community, this is the [Integrated Trust Network, or ITN](http://dlt.mobi/itn?mc_cid=1a98f7f0e4&mc_eid=UNIQID).
* [Ep. 146 Self-Sovereign Identity and IoT insights from the Sovrin Foundation](https://insureblocks.com/ep-146-self-sovereign-identity-and-iot-insights-from-the-sovrin-foundation/) Insureblocks
we discussed the white paper he authored on [Self Sovereign Identity and IoT](https://sovrin.org/library-iot/). To explain the opportunities SSI can provide to IoT, Michael introduces us to three profiles: Jamie (machine to person), Bob (machine to machine) and Bessie the cow (digital twin).
* [Self-Sovereign Digital Twins](https://dlt.mobi/self-sovereign-digital-twins/) mobi
* [Battery Passport and the Battery Self-Sovereign Digital Twin](https://dlt.mobi/battery-passport-the-battery-ssdt/) Mobi
> Similarly, a [battery passport](https://dlt.mobi/battery-passport) is nothing but a presentation of data points about a particular battery who manufactured it, its physical and chemical composition, its current state of health, whether it was refurbished or repurposed from another battery, and so on.
* [Ceramic, SkyNet, LoRa, IoT. low bandwidth & memory, distributed network. Managing schemas, DIDComm, and V.C. in context](https://iiw.idcommons.net/14M/_Ceramic,_SkyNet,_LoRa,_IoT._low_bandwidth_%26_memory,_distributed_network._Managing_schemas,_DIDComm,_and_V.C._in_context) by Brent Shambaugh
From memory:
I recall that Joe suggested simplification. I may not need to use ceramic and I may not need to use LoRa. I may not even need a blockchain or ledger. I may want to exchange public keys with friends to start out and use did:web.
Kim commented about her experience with BTCR. It was a great discussion. Unfortunately, it was not recorded.
When Brent mentioned a hackerspace and IoT use case using verifiable credentials to access machines that one had been trained on, Kim liked the idea.
Brent admitted that this was an exploratory project and there currently were no customers. Kim and (Joe) thought that working on a project was a good way to meet people.
Brent found it to be a productive way to learn about the technology. He admitted that he had not implemented verifiable credentials or completed a did method over ceramic. He admitted that he had only recently learned about the size issues of verifiable credentials on embedded devices from Mrinal from Ockam. He also mentioned that there was an earlier IIW session that talked about the size limitations of Lora: 200 bytes for LoRa and 150 bytes for LoraWAN. The title was similar to “ IoT swarms, communication in bandwidth constrained environments”.
Joe questioned why LoRa was used. Brent said it was legacy and the project originally started out through a suggestion from a friend to investigate LoRa and drone tracking (to satisfy a potential FAA regulation). He claimed to be unsure about it. He knew that the hobbyists had complained.
Joe suggested that other protocols could be fine, and there was a way that he recalled that ESP32 devices could form mesh networks (out of the box).
Then came discussion of OpenWRT. Brent thought Joe meant (wireless access points? softtAP?) with ESP32.
Discussion of did:web came up. Did:key was thought of as a good way forward (IIRC).  There were 3 things that joe mentioned to do, starting with authentication.
* [...]
* [UX for AR, ambient identity, IoT? Human disclosure, consent, auth with devices.](https://iiw.idcommons.net/21J/_UX_for_AR,_ambient_identity,_IoT%3F_Human_disclosure,_consent,_auth_with_devices.) by Phil Wolff
Distrust of devices is rising. [https://wider.team/2021/04/21/resistiot/](https://wider.team/2021/04/21/resistiot/) IoT is being felt as the introduction of surveillance. “Devices are feared and distrusted as proxies for our distrust of the people and organizations behind them.” From the post:
- Clinical technology as workplace surveillance. Hospital providers talk about their frustration with connected technologies because it feels like their every motion is being monitored and tracked, used by bosses to evaluate their speed and cost efficiency.
- Civic technologies as government surveillance. From [Oaklands corner traffic cameras](https://www.aclunc.org/blog/how-fight-stop-oaklands-domain-awareness-center-laid-groundwork-oakland-privacy-commission) leading to mass rallies to [Boston Police](https://www.independent.co.uk/life-style/gadgets-and-tech/news/robots-police-dog-spot-boston-dynamics-a9218491.html) [tests](https://reason.com/2019/11/26/massachusetts-police-test-out-robot-dogs-is-dystopia-on-its-way/) and [NYPD robot dogs](https://www.theverge.com/2021/2/24/22299140/nypd-boston-dynamics-spot-robot-dog), IoT is deep in the creepy depths of [the uncanny valley](https://en.wikipedia.org/wiki/Uncanny_valley).
- Consumer technology as commercial surveillance. Alexa, Google, and Apple know too much about you and use it to sell adjacent services.
Why these feelings?
- Devices project power into physical spaces where people live and work.
- Devices are opaque: they hide what happens downstream with device data and upstream with device control.
### Devices dont put nearby-humans at the center of experience. “User experience” isnt for them but designed by and for absent institutions. When exactly did Amazon Alexa last ask for your consent when you walked in a room? When did Google Nest ask for permission to send your picture to the cloud? What happened to the gigabytes of data produced during your colonoscopy? Who is looking and listening? What bots are judging your behavior or speech?
* [IoT Swarms + SSI in constrained networks](https://iiw.idcommons.net/12E/_IoT_Swarms_+_SSI_in_constrained_networks) by Geovane Fedrecheski
* [Presentation](https://docs.google.com/presentation/d/15ix2vzR_Dq9xcs-8OY0qBjapy9dpY-WdRKph9SiEY-0/edit?usp=sharing)
Summary: This session was a discussion about three topics: IoT Swarms, the challenges of SSI in constrained networks, and preliminary results on how to overcome them. The results showed that, while a DIDComm message with a DID Document as payload used almost 1 kilobyte, a binary approach can be used to cut it to just about 200 bytes.
IoT Swarms enable resource sharing among autonomous IoT devices. The presenter mentioned some papers published in this regard [1][2], including one that analyses using SSI in IoT and Swarm systems [3].
One of the challenges identified by this last paper is the overhead of using SSI, which poses a challenge for adoption on constrained IoT networks. For example, while the Long Range (LoRa) communication, often used in IoT systems, only allows payloads of up to 240 bytes, a single DID Document typically occupies 500 bytes or more. Similarly, messages using DIDComm tend to use at least 1 kilobyte, which prevents its use on constrained networks.
Figure 1. Binary versions of DIDComm and DID Documents are needed to allow transmission in LoRa networks. The payload, in blue, is a DID Document. The overhead, in orange, is the protocol overhead due to the message signature.
* [Rugged Identity: resilience for Identity of Things to bad latency, signal, power, physical integrity. Mars, war zones, bad neighbors, Great Firewalls.](https://iiw.idcommons.net/11C/_Rugged_Identity:_resilience_for_Identity_of_Things_to_bad_latency,_signal,_power,_physical_integrity.) by Phil Wolff
Problem: So, what happens when you cant call home to conduct an identity conversation? Youre on Mars and the latency is long. Youre in Haiti and the bandwidth is very limited during a storm. Youre in a war zone and your signal is noisy due to interference.
Rugged Identity is hoped-for resilience from very long latency, noisy signal, low bandwidth, interrupted connections, very low power computing and radio, power outages, and attacks on physical integrity like device tampering.
* [https://wider.team/2020/12/23/2021ruggediomd/](https://wider.team/2020/12/23/2021ruggediomd/) Concerns for connected medical devices that work in remote locations, in emergency/crisis conditions, atop undeveloped infrastructure.
Solving these problems should bring curb-cut effects to all digital identity protocols. So medical devices still work in hospitals that block signals or homes where the router is overloaded.
* [Self-Sovereign Identity and IoT insights from the Sovrin Foundation](https://insureblocks.com/ep-146-self-sovereign-identity-and-iot-insights-from-the-sovrin-foundation/)
* [Self-Sovereign Identity and IoT insights from the Sovrin Foundation](https://insureblocks.com/ep-146-self-sovereign-identity-and-iot-insights-from-the-sovrin-foundation/) Insureblocks
> Michael Shea is the Managing Director of the Dingle Group and the Chair of Sovrin FoundationsSSI in IoT Working Group. In this podcast we discussed the white paper he authored on Self Sovereign Identity and IoT. To explain the opportunities SSI can provide to IoT, Michael introduces us to three profiles: Jamie (machine to person), Bob (machine to machine) and Bessie the cow (digital twin).
)
Using SSI, they can not only provide their machines with a decentralized and secure identity but also cover authentication and authorization through verifiable credentials issued on top of these identities. With this solution we built with Venafi, we can communicate or authenticate, authorize these devices, and prevent them from vulnerability to attack or counterfeit.
* [SSI In IoT, The SOFIE Project](https://www.thedinglegroup.com/blog/2021/4/6/ssi-in-iot-the-sofie-project) The Dingle Group
> For the 22nd Vienna Digital Identity Meetup* we hosted three of the lead researchers from the [EU H2020](https://ec.europa.eu/programmes/horizon2020/) funded The [SOFIE Project](https://www.sofie-iot.eu/).  The SOFIE Project wrapped up at the end of last year a key part of this research focused on the the use of SSI concepts in three IoT sectors (energy, supply chain, and mixed reality gaming) targeting integrating SSI in without requiring changes to the existing IoT systems.
* [Relationships in the Self-Sovereign Internet of Things](https://www.windley.com/archives/2020/12/relationships_in_the_self-sovereign_internet_of_things.shtml) Phil WIndley
> This post looks at Alice and her digital relationship with her F-150 truck. She and the truck have relationships and interactions with the people and institutions she engages as she co-owns, lends and sells it.
* [Capitalizing on Self-Sovereign Identity for Machines](https://venafi.com/blog/capitalizing-self-sovereign-identity-machines-part-one) [Part One]
> By providing a means to globally define an indisputable link between a machine and its machine identity across different sites, networks and businesses, we can secure IoT like never before.
>
> The filancore integration for Verifiable Credentials is available now. You can learn more from the [Venafi Marketplace](https://marketplace.venafi.com/details/verifiable-credentials-for-iot/).
* [Relationships in the Self-Sovereign Internet of Things](https://www.windley.com/archives/2020/12/relationships_in_the_self-sovereign_internet_of_things.shtml)
> DIDComm-capable agents provide a flexible infrastructure for numerous internet of things use cases. This post looks at Alice and her digital relationship with her F-150 truck. She and the truck have relationships and interactions with the people and institutions she engages as she co-owns, lends and sells it. These and other complicated workflows are all supported by a standards-based, open-source, protocol-supporting system for secure, privacy-preserving messaging.
* [Self-Sovereign Identity and IoT](https://insureblocks.com/ep-146-self-sovereign-identity-and-iot-insights-from-the-sovrin-foundation/)
> Michael Shea is the Managing Director of the Dingle Group and the Chair of Sovrin FoundationsSSI in IoT Working Group. In this podcast we discussed the white paper he authored on Self Sovereign Identity and IoT. To explain the opportunities SSI can provide to IoT, Michael introduces us to three profiles: Jamie (machine to person), Bob (machine to machine) and Bessie the cow (digital twin).
* [Self-Sovereign Identity for IoT Devices](https://dltc.spbu.ru/images/articles/Kulabukhova2019_Chapter_Self-SovereignIdentityForIoTDe_compressed.pdf) Nataliia Kulabukhova, Andrei Ivashchenko, Iurii Tipikin, and Igor Minin
* [APPLYING CONCEPTS FROM SELF SOVEREIGN IDENTITY TO IOT DEVICES](https://www.theinternetofthings.eu/tim-weingartner-oskar-camenzind-identity-things-applying-concepts-self-sovereign-identity-iot) IOT dot EU
Devices are equipped by the manufacturer with an identity stored in a trusted execution environment (TEE) and secured by a blockchain. This identity can be used to trace back the origin of the device. During the bootstrapping process on the customer side, the identity registration of the device is updated in the blockchain. This process is performed by a so-called registrar. Smart contracts prevent unsolicited transfer of ownership and track the history of the device. Besides proof of origin and device security our concept can be used for device inventory and firmware upgrade.
* [Easier IoT Deployments with LoraWan and Helium](https://www.windley.com/archives/2022/04/easier_iot_deployments_with_lorawan_and_helium.shtml) Phil Windley
Unlike a Wifi network, you don't put the network credentials in the device, you put the devices credentials (keys) in the network. Once I'd done that, the sensor started connecting to hotspots near my house and transmitting data. Today I've been driving around with it in my truck and it's roaming onto other hotspots as needed, still reporting temperatures.
in our point of view, a lot of development groups are working in parallel on the similar topics, yet it is not clear what is going on inside. In this paper we will try to define the differences and discuss both pros and cons of using such commonly known technologies as Sovrin based upon the Hyperledger Indy technology, Civic, Jolocom, uPort and some others. Besides, well tackle the idea of using the SSI for inanimate object and how it can be constructed in this way.
* [Digital Twins and Self-Sovereign Identity: Build the next generation of Simulation with privacy preservation](https://iotpractitioner.com/digital-twins-and-self-sovereign-identity-build-the-next-generation-of-simulation-with-privacy-preservation/) IOT Practicioner
Managing IoT devices and user identities as well as the relationships among various devices and their digital twins face significant challenges. First, a lack of Identity Credential and Access Management (ICAM) standards for IoT creates proprietary standards and a lack of interoperability. Second, the operational lifecycle of IoT devices complicates integration of traditional ICAM. Lastly, ICAM technology must adapt to the proliferation of connected devices. This evolution requires a digital trust framework and the decentralized architecture of Self-Sovereign Identity (SSI).
@ -125,17 +40,55 @@ Managing IoT devices and user identities as well as the relationships among vari
Smart property is much more than the anemic connected things we have now. Smart property imagines a world where every thing participates in digital communities and ecosystems, working through programmable agents under the owners control.
* [APPLYING CONCEPTS FROM SELF SOVEREIGN IDENTITY TO IOT DEVICES](https://www.theinternetofthings.eu/tim-weingartner-oskar-camenzind-identity-things-applying-concepts-self-sovereign-identity-iot) IOT dot EU
### Digital Twins
Devices are equipped by the manufacturer with an identity stored in a trusted execution environment (TEE) and secured by a blockchain. This identity can be used to trace back the origin of the device. During the bootstrapping process on the customer side, the identity registration of the device is updated in the blockchain. This process is performed by a so-called registrar. Smart contracts prevent unsolicited transfer of ownership and track the history of the device. Besides proof of origin and device security our concept can be used for device inventory and firmware upgrade.
* [Digital Twins and Self-Sovereign Identity: Build the next generation of Simulation with privacy preservation](https://iotpractitioner.com/digital-twins-and-self-sovereign-identity-build-the-next-generation-of-simulation-with-privacy-preservation/) IOT Practicioner
The rise in the use of advanced analytics, machine learning (ML) and Artificial Intelligence (AI) and the Internet of Things (IoT) today have driven the technology of simulation into the concept of the digital twin. Digital twins are generally defined as a virtual digital model of a physical system that is used to make better decisions about the real world physical system. Digital twins are usually intertwined with sensors and include a two-way interaction between the physical and digital twin.
## Hackathon Entries
* [Decentralized Identity of Things](https://blog.darrenjrobinson.com/decentralized-identity-of-things/) Winner Microsoft Decentralized Identity Hackathon
In a real world scenario we anticipate a software based wallet for Decentralized Identity of Things. That would allow automation of online stores to obtain verifiable credentials programmatically.
* [DIDoT - DID of Things. Decentralized Identity of Things](https://devpost.com/software/did-of-things-didot-allergen-management-in-food-shopping).
Allergen management in food shopping. Based on the concept of things having verifiable credentials. [...] Our proposed solution requires a virtual wallet that can be orchestrated programmatically. We discussed how other self sovereign solutions have this capability and confirmed with the AAD Verifiable Credentials hackathon support team that this capability is not available.
## Company Stories
* [More Security in the Internet of Things Thanks to ETO](https://www.etogruppe.com/en/news/news-from-eto/more-security-in-the-internet-of-things-thanks-to-eto.html https://gitlab.com/anchor-bundle/angular-webapp) ETO
The ETO GRUPPE has set itself the goal of automating communication in the Internet of Things (IoT) and, on top of that, making it more secure against access and manipulation. To achieve this, these "things" - machines, devices or vehicles - must first be given a unique identity. The solution of the innovative corporate group consists of a new type of network and authentication processes that have what it takes to revolutionize the way we use the Internet today. ETO uses a network of distributed digital identities (DIDs) and verifiable credentials (VCs). A side benefit from the perspective of human Internet users: they regain data sovereignty over their personal data. The ETO solution will enable secure logins on both the Internet and the Internet of Things (IoT)
* [Trust but Verify](https://stateofidentity.libsyn.com/trust-but-verify) Liminal Podcasts
Peter Padd, Co-Founder & CEO at Fortifyedge shares how he's built Zero Trust authentication software that provides IoT device OEM's with password-free authentication utilizing Tiny Machine Learning at the edge.
* [Capitalizing on Self-Sovereign Identity for Machines](https://venafi.com/blog/capitalizing-self-sovereign-identity-machines-part-one) [Part One]
> By providing a means to globally define an indisputable link between a machine and its machine identity across different sites, networks and businesses, we can secure IoT like never before.
>
> The filancore integration for Verifiable Credentials is available now. You can learn more from the [Venafi Marketplace](https://marketplace.venafi.com/details/verifiable-credentials-for-iot/).
## Protocols
* [Picos at the Edge](https://www.windley.com/archives/2021/11/picos_at_the_edge.shtml) Windley
You can play with this first hand at [NoFilter.org](https://nofilter.org/), which brands itself as a "the world's first unstoppable, uncensorable, undeplatformable, decentralized freedom of speech app." There's no server storing files, just a set of Javascript files that run in your browser. Identity is provided via [Metamask](https://metamask.io/) which uses an Ethereum address as your identifier. [I created some posts on NoFilter](https://nofilter.org/#/0xdbca72ed00c24d50661641bf42ad4be003a30b84) to explore how it works.
* [Easier IoT Deployments with LoraWan and Helium](https://www.windley.com/archives/2022/04/easier_iot_deployments_with_lorawan_and_helium.shtml) Phil Windley
Unlike a Wifi network, you don't put the network credentials in the device, you put the devices credentials (keys) in the network. Once I'd done that, the sensor started connecting to hotspots near my house and transmitting data. Today I've been driving around with it in my truck and it's roaming onto other hotspots as needed, still reporting temperatures.
## Infographic
* [Now Animals too can have their own #decentralizedidentity to help them send their status updates](https://twitter.com/debimr75/status/1347915348293533699 https://pbs.twimg.com/media/ErTBmLrXIAYCFpT?format=jpg) Debajani Mohanty
> to the rightful owner from their #IoT devices. #Decentralized #digitalidentity for #IoT devices would lead to #SmartFarming
## Organization
* [Self-Sovereign Digital Twins](https://dlt.mobi/self-sovereign-digital-twins/) mobi
A Citopia Self-Sovereign Digital Twin™ (SSDT™) is a digital twin whose controller has the ability to participate as an autonomous economic agent in trusted Web3 transactions.
* [Battery Passport and the Battery Self-Sovereign Digital Twin](https://dlt.mobi/battery-passport-the-battery-ssdt/) Mobi
> Similarly, a [battery passport](https://dlt.mobi/battery-passport) is nothing but a presentation of data points about a particular battery who manufactured it, its physical and chemical composition, its current state of health, whether it was refurbished or repurposed from another battery, and so on.
* [LFPH tackles the next frontier in Open Source Health Technology: The rise of Digital Twins](https://www.lfph.io/2022/08/29/lfph-tackles-the-next-frontier-in-open-source-health-technology-the-rise-of-digital-twins/) Linux Foundation Public Health
@ -144,3 +97,28 @@ To create a pairing between the digital world and the real world, a digital twin
* [Digital Twin Consortium](https://www.digitaltwinconsortium.org/)
Digital Twin Consortium drives the awareness, adoption, interoperability, and development of digital twin technology. Through a collaborative partnership with industry, academia, and government expertise, the Consortium is dedicated to the overall development of digital twins. We accelerate the market by propelling innovation and guiding outcomes for technology end-users.
## User experience
* [#ResistIoT: IoT as a medium for surveillance](https://wider.team/2021/04/21/resistiot/) wider team
- Clinical technology as workplace surveillance. Hospital providers talk about their frustration with connected technologies because it feels like their every motion is being monitored and tracked, used by bosses to evaluate their speed and cost efficiency.
- Civic technologies as government surveillance. From [Oaklands corner traffic cameras](https://www.aclunc.org/blog/how-fight-stop-oaklands-domain-awareness-center-laid-groundwork-oakland-privacy-commission) leading to mass rallies to [Boston Police](https://www.independent.co.uk/life-style/gadgets-and-tech/news/robots-police-dog-spot-boston-dynamics-a9218491.html) [tests](https://reason.com/2019/11/26/massachusetts-police-test-out-robot-dogs-is-dystopia-on-its-way/) and [NYPD robot dogs](https://www.theverge.com/2021/2/24/22299140/nypd-boston-dynamics-spot-robot-dog), IoT is deep in the creepy depths of [the uncanny valley](https://en.wikipedia.org/wiki/Uncanny_valley).
- Consumer technology as commercial surveillance. Alexa, Google, and Apple know too much about you and use it to sell adjacent services.
## Paper
* [IoT Swarms + SSI in constrained networks](https://docs.google.com/presentation/d/15ix2vzR_Dq9xcs-8OY0qBjapy9dpY-WdRKph9SiEY-0/edit?usp=sharing https://iiw.idcommons.net/12E/_IoT_Swarms_+_SSI_in_constrained_networks) by Geovane Fedrecheski
One of the challenges identified by this last paper is the overhead of using SSI, which poses a challenge for adoption on constrained IoT networks. For example, while the Long Range (LoRa) communication, often used in IoT systems, only allows payloads of up to 240 bytes, a single DID Document typically occupies 500 bytes or more. Similarly, messages using DIDComm tend to use at least 1 kilobyte, which prevents its use on constrained networks.<br>Figure 1. Binary versions of DIDComm and DID Documents are needed to allow transmission in LoRa networks. The payload, in blue, is a DID Document. The overhead, in orange, is the protocol overhead due to the message signature.
A low-overhead approach for self-sovereign identity in IoT We present a low-overhead mechanism for self-sovereign identification and communication of IoT agents in constrained networks. Our main contribution is to enable native use of Decentralized Identifiers (DIDs) and DID-based secure communication on constrained networks, whereas previous works either did not consider the issue or relied on proxy-based architectures. We propose a new extension to DIDs along with a more concise serialization method for DID metadata. Moreover, in order to reduce the security overhead over transmitted messages, we adopted a binary message envelope. We implemented these proposals within the context of Swarm Computing, an approach for decentralized IoT. Results showed that our proposal reduces the size of identity metadata in almost four times and security overhead up to five times. We observed that both techniques are required to enable operation on constrained networks. https://arxiv.org/abs/2107.10232 Geovane Fedrecheski, Laisa C. P. Costa, Samira Afzal, Jan M. Rabaey, Roseli D. Lopes, Marcelo K. Zuffo
* [Self-Sovereign Identity for IoT Devices](https://dltc.spbu.ru/images/articles/Kulabukhova2019_Chapter_Self-SovereignIdentityForIoTDe_compressed.pdf) Nataliia Kulabukhova, Andrei Ivashchenko, Iurii Tipikin, and Igor Minin
in our point of view, a lot of development groups are working in parallel on the similar topics, yet it is not clear what is going on inside. In this paper we will try to define the differences and discuss both pros and cons of using such commonly known technologies as Sovrin based upon the Hyperledger Indy technology, Civic, Jolocom, uPort and some others. Besides, well tackle the idea of using the SSI for inanimate object and how it can be constructed in this way.
## Government
* [SSI In IoT, The SOFIE Project](https://www.thedinglegroup.com/blog/2021/4/6/ssi-in-iot-the-sofie-project) The Dingle Group
> For the 22nd Vienna Digital Identity Meetup* we hosted three of the lead researchers from the [EU H2020](https://ec.europa.eu/programmes/horizon2020/) funded The [SOFIE Project](https://www.sofie-iot.eu/).  The SOFIE Project wrapped up at the end of last year a key part of this research focused on the the use of SSI concepts in three IoT sectors (energy, supply chain, and mixed reality gaming) targeting integrating SSI in without requiring changes to the existing IoT systems.

View File

@ -3,12 +3,16 @@ published: false
---
# Travel
* [Is the biggest tech change for travel since the internet and mobile the shift to self-sovereign identity tech?](https://centreforaviation.com/analysis/video/is-the-biggest-tech-change-for-travel-since-the-internet-and-mobile-the-shift-to-self-sovereign-identity-tech-1594) CAPA TV
- What are some of the benefits of this new wave, such as reduced cybersecurity risk and enhanced travel experiences/personalisation?
- Will this affect the way travel is distributed and paid for change?
- What can players in the established travel eco-system expect?
- When will we see this come about where will we be by 2030?
* [SOUNDING OFF: A MAJOR - AND OVERDUE - POWER SHIFT IS COMING TO TRAVEL](https://www.phocuswire.com/sounding-off-144-ssi-power-shift-in-travel) Phocuswire
When this comes to fruition and not if, but when it will be a transformative change, shifting power from travel suppliers to travelers themselves and giving travelers more choice, better personalization, lower friction and more security.

View File

@ -2,20 +2,37 @@
published: false
---
* [Self-Sovereign Identity: More Use Cases](https://www.bankinfosecurity.com/self-sovereign-identity-more-use-cases-a-16448): Heather Dahl and Ken Ebert of Indicio Discuss Decentralized ID Management
> In a video interview with Information Security Media Group, Dahl and Ebert discuss:
>
> - The evolution of Indicio.tech from the Sovrin Foundation;
> - Key initiatives in implementing and testing decentralized identity;
> - How a decentralized workforce is accelerating the need for identity management.
# Verifiable Credentials
* [How Exactly Are Verifiable Credentials Making the World Better?](https://sgershuni.medium.com/how-exactly-are-verifiable-credentials-making-the-world-better-eb72145c061) Stepan Gershuni
> 6 stories of how verifiable credentials can improve the lives of every day people:
>
> Ajay is an Uber driver in San Francisco. He wants to try various temporary jobs while hes studying but joining Lyft, Postmates and other platforms requires going through a long and tedious background verification and car certification process over and over again.
* [Reimagining Customer Loyalty Programs With Verifiable Credentials: A Pravici Case Study](https://www.evernym.com/blog/customer-loyalty-verifiable-credentials/) Evernym
> [Pravici](https://pravici.com/), an Evernym customer and startup based out of Chandler, Arizona, is looking to flip the equation. Their solution, Tokenized Loyalty Points (TLP), uses verifiable credential technology to give individual consumers control over their data, while empowering them to direct how their favorite brands can use this data for loyalty and other campaigns.
* [26 Suggested Use Cases of Verifiable Credentials (With Some Real-World Examples)](https://academy.affinidi.com/25-real-world-use-cases-of-verifiable-credentials-4657c9cbc5e)
> we hope that business leaders, entrepreneurs, and developers will use this article as a guide to create some breakthrough solutions that will benefit the society at large.
## Evan Network
## Supply Chain
* [Trusted Supply Chain: end-to-end compliance in multi-tier supply chain](https://evan.network/use-cases/trusted-supply-chain/) Evan Network
> In the real estate industry, TRUST&TRACE can be used by companies to obtain required compliance information from a network of participating companies. In this way, all property data is collected step by step: from building construction and leasing to sale and demolition.
## Mavnet
* [SAP Completes Pharmaceutical Industry Pilot to Improve Supply Chain Authenticity](https://news.sap.com/2021/03/pharmaceutical-supply-chain-industry-pilot/)
> today announced the completion of an industry-wide pilot utilizing self-sovereign identity (SSI) credentials to establish trust in the pharmaceutical supply chain for indirect trade relationships.
* [The missing link: digitizing supply chains with portable data](https://medium.com/mavennet/the-missing-link-digitizing-supply-chains-with-portable-data-583b66acc9bc) Mavnet
> The traceability vocabulary bridges the gap between existing record-keeping systems and the verifiable exchange of supply chain information across organizations envisioned by proponents of these data portability technologies.
* [The Phygital Future of the Supply Chain](https://nextlevelsupplychainpodwithgs1us.libsyn.com/the-phygital-future-of-the-supply-chain) Next Level Supply Chain Podcast with GS1
> The digital and physical world are merging more than ever before. As the supply chain becomes more phygital, innovative ways of sharing data like using verifiable credentials are helping to build more trust with data along the supply chain. Join us as we chat with Senior VP of Innovation & Partnerships at GS1 US, Melanie Nuce, as we explore whats around the corner and how standards play
* [How to Prevent Supply Chain Fraud With Blockchain](https://www.dock.io/post/supply-chain-fraud-blockchain) Dock
> The global [supply chain management market size](https://www.prnewswire.com/news-releases/supply-chain-management-scm-market-size-worth--19-3-billion-globally-by-2028-at-9-02--cagr-verified-market-research-301540702.html) was valued at USD 10.1 Billion in 2020 and is projected to reach USD 19.3 Billion by 2028. Supply chain is the path for any product such as food, clothes, or appliances to go from where it was a produced, to distributors, procurement officers (quality inspections), and the market.
* [SAP Pharma Solution Supports Supply Chain Compliance](https://insidesap.com.au/sap-pharma-solution-supports-supply-chain-compliance/)
> SAP has chosen an open, interoperable technology to validate all stakeholders in the pharma supply chain in order to provide customers with the best solution for compliance under the U.S. Drug Supply Chain Security Act (DSCSA) requirements. The DSCSA also limits stakeholders interactions to ATPs.
## Personal Data
* [Why Location Data Brokers Put All Communities At Risk](https://me2ba.org/why-location-data-brokers-put-all-communities-at-risk/) Zach Edwards M2BA
@ -23,24 +40,13 @@ published: false
* [Julian Wilson: Self-Sovereign Data meets Open Banking](https://mastersofprivacy.com/julian-wilson-self-sovereign-data-meets-open-banking/) Masters of Privacy
> Julian Wilson began his career at Apple in the late 80s [...] joined Ecospend in 2019 to build a self-sovereign data service on top of an Open Banking platform. He describes his role as putting an Internet lens onto product design.
## GS1
## Banking
* [Impacts from a new reality drive the need for an enhanced digital identity framework](https://bankautomationnews.com/allposts/risk-security/impacts-from-a-new-reality-drive-the-need-for-an-enhanced-digital-identity-framework/) Bank Automation News
* [The Phygital Future of the Supply Chain](https://nextlevelsupplychainpodwithgs1us.libsyn.com/the-phygital-future-of-the-supply-chain) Next Level Supply Chain Podcast with GS1
> The digital and physical world are merging more than ever before. As the supply chain becomes more phygital, innovative ways of sharing data like using verifiable credentials are helping to build more trust with data along the supply chain. Join us as we chat with Senior VP of Innovation & Partnerships at GS1 US, Melanie Nuce, as we explore whats around the corner and how standards play
While US-based entities are adhering to an enhanced regulatory framework, these mandates are particularly applicable in Europe, where there is necessary compliance with enacted standards (such as the General Data Protection Regulation—commonly known as GDPR—and the Payment Service Providers Directive 2—referred to as PSD2. A clear need for a true and persistent digital identity as a solution to the ancillary—and sometimes unforeseen—challenges that have arisen.
### CCG
* [Open API for Interoperable Traceability](https://w3c-ccg.github.io/traceability-interop/openapi/#overview) CCG
> `resolve:dids - Grants permission to resolve DIDsissue:credentials - Grants permission issue Verifiable Credentialsverify:credentials - Grants permission verify Verifiable Credentialsread:credentials - Grants permission to get Verifiable Credentialsupdate:credentials - Grants permission to update the status of Verifiable Credentialsprove:presentations - Grants permission to prove Verifiable Presentationsverify:presentations - Grants permission verify Verifiable Presentationssubmit:presentations - Grants permission to submit Verifiable Presentations`
## DOCK
* [How to Prevent Supply Chain Fraud With Blockchain](https://www.dock.io/post/supply-chain-fraud-blockchain) Dock
> The global [supply chain management market size](https://www.prnewswire.com/news-releases/supply-chain-management-scm-market-size-worth--19-3-billion-globally-by-2028-at-9-02--cagr-verified-market-research-301540702.html) was valued at USD 10.1 Billion in 2020 and is projected to reach USD 19.3 Billion by 2028. Supply chain is the path for any product such as food, clothes, or appliances to go from where it was a produced, to distributors, procurement officers (quality inspections), and the market.
## Finance
* [Bankings identity problem](https://www.globalbankingandfinance.com/bankings-identity-problem/) Global Banking and Finance
> Banks have sought to overcome some of these challenges with the use of biometrics such as facial recognition and fingerprints.  These are now more commonly used to login to, or unlock devices, and increase usability, but still leave the challenge of proving the authenticity of a document wide open to abuse.
* [Why Centralised Decentralised Finance (CeDeFi) and Self-sovereign Identity (SSI) Work Together](https://unizen-io.medium.com/why-centralised-decentralised-finance-cedefi-and-self-sovereign-identity-ssi-work-together-3dccb07f16f9) Unizen
> the combination of Centralised and Decentralised Finance — unites two ways of interacting with assets into one. Centralised Finance (CeFi) represents traditional entities (e.g. banks, brokers, funds), Decentralised Finance (DeFi) covers blockchain financial applications, cryptocurrencies, exchanges, decentralised payment services, etc. By merging the two, high transparency, impactful innovation, and wide adoption can be achieved.
- [New Bank Account Use Case](https://www.youtube.com/watch?v=YRLu4U4hSZ8)
@ -49,24 +55,15 @@ published: false
A decentralized network using a blockchain-based distributed ledger means you can use [Peer DIDs](https://identity.foundation/peer-did-method-spec/) to move most “transactions” and their cryptographic proofing off ledger. This means that for those peer-to-peer interactions, identity blockchains dont need to do any ledger transactions at all.
## Education
* [Super Skills, a mobile application use case for DIDs and VCs](https://medium.com/@ntonani/super-skills-a-mobile-application-use-case-for-dids-and-vcs-d174467ccf46)
* [How to Prevent Fraud using #MARKs](https://dhiway.com/prevent-credential-fraud/) DHIWay
Beyond directly helping children learn in playful ways, this partnership was forged to assist in championing the importance of three learning primitives of tomorrows educational landscape: decentralized identifiers (DIDs), verifiable credentials (VCs), and digital wallets.
Credential fraud has, unfortunately, become commonplace in todays instant electronic age. Especially problematic in [higher education](https://dhiway.com/hashmarks-in-the-education-sector/), credential fraud has spiralled into a multi-billion-dollar industry
## business registry
* [Is the Self-Sovereign digital identity the future digital business registry?](https://blogs.worldbank.org/psd/self-sovereign-digital-identity-future-digital-business-registry) GORAN VRANIC, ANDREJA MARUSIC; WorldBank
This rapid digitalization of the private sector exposed a challenge in the business registration paradigm. To use private digital platforms for e-Logistics or e-Commerce, SMEs have to register and confirm their identity with these platforms, despite already being identified in the government business registry.
## Healthcare
* [ExO Economy Town Hall 11 Medtech & Self Sovereign Identity](https://www.youtube.com/watch?v=_yV1K-sw8tM) Adam B Levine Kaliya Identity Woman Young
* [http://economy.openexo.com](https://economy.openexo.com/) ExO Economy Town Hall #11 Q- Medtech and Self Sovereign Identity - Adam B Levine & Kaliya Identity Woman Young
* [Simplify medical supply orders with SSI: Techruption innovation project](https://www.brightlands.com/en/brightlands-smart-services-campus/brightlands-techruption-SSI-simplifies-medical-supply-orders)
Participants in this co-creation use case were TNO, CZ, Rabobank and Accenture. The developed solution can be applied in other industries as well. For example in public services, which are often offered by a network of organisations that are all required to comply with high administrative standards.
## Fraud
@ -254,9 +251,6 @@ If you want to se how hard this was/would have been to achieve in earlier techno
* [Trusted Timestamping Part 1: Scenarios](https://medium.com/finema/trusted-timestamping-part-1-scenarios-9bf4a7cc2364) Nunnaphat Songmanee, Finema
Evidentiary value is an essential component of important transactions. When a transaction is recorded in a printed document, one way to impart evidentiary value is by including date and time
* [How to Prevent Fraud using #MARKs](https://dhiway.com/prevent-credential-fraud/) DHIWay
Credential fraud has, unfortunately, become commonplace in todays instant electronic age. Especially problematic in [higher education](https://dhiway.com/hashmarks-in-the-education-sector/), credential fraud has spiralled into a multi-billion-dollar industry
* [Survey: How Do You Use Your Identity at Work?](https://findbiometrics.com/survey-how-do-you-use-your-identity-at-work/) FindBiometrics
@ -386,9 +380,10 @@ Yes, verifiable authentic human content is important. I also think cryptography
We Credivera are Having fun at the #NSCExpo
* [When Job Candidates Lie, New Tech From ZippedScript And LearnCard Will Help You Catch Them](https://www.forbes.com/sites/zengernews/2022/09/16/when-job-candidates-lie-new-tech-from-zippedscript-and-learncard-will-help-you-catch-them/?sh=731b54b63ed4) Forbes
“recently launched [LearnCard](http://www.learncard.com/), a digital wallet for education and employment programmable verifiable credentials”
* [Blockchains in HR: Prosoon and Talao go together on SSI and HR credentials](https://medium.com/@talao_io/blockchains-in-hr-prosoon-and-talao-go-together-on-ssi-and-hr-credentials-3b92968011fe) Talao
This partnership will enable the use of Blockchain and Self-Sovereign Identity technologies such as verifiable credentials to enable the support of diplomas and professional certifications in compliance with personal data in a decentralized environment (#web3).
* [HUMBL @HUMBLPay](https://twitter.com/HUMBLPay/status/1574454647384813568) via Twitter ([ANN](https://www.globenewswire.com/en/news-release/2022/04/13/2421969/0/en/HUMBL-Selected-To-Pilot-Digital-Wallet-Program-On-Behalf-of-The-County-of-Santa-Cruz-California.html)

View File

@ -2,7 +2,13 @@
published: false
---
* [Why Centralised Decentralised Finance (CeDeFi) and Self-sovereign Identity (SSI) Work Together](https://unizen-io.medium.com/why-centralised-decentralised-finance-cedefi-and-self-sovereign-identity-ssi-work-together-3dccb07f16f9) Unizen
> the combination of Centralised and Decentralised Finance — unites two ways of interacting with assets into one. Centralised Finance (CeFi) represents traditional entities (e.g. banks, brokers, funds), Decentralised Finance (DeFi) covers blockchain financial applications, cryptocurrencies, exchanges, decentralised payment services, etc. By merging the two, high transparency, impactful innovation, and wide adoption can be achieved.
# Web 3
* [Forensic Investigative Report: Sanctioned Blockchain Addresses](https://www.coinfirm.com/blog/sanctioned-blockchain-addresses/) Coinfirm
* [Forensic Investigative Report: Terrorism Financing Blockchain Addresses](https://www.coinfirm.com/blog/terrorism-financing-blockchain-addresses/) Coinfirm
### 3Box
3box IDX: [A Devkit for Open Identity](https://medium.com/3box/idx-a-devkit-for-open-identity-48edc88e8e85) *(From Kaliya, this is interesting, but they are taking on a huge amount of work without an [IPR](https://en.wikipedia.org/wiki/Intellectual_property#Intellectual_property_rights) container/wrapper).*