personal copy of /RebootingWebOfTrust/self-sovereign-identity

This commit is contained in:
infominer33 2018-12-17 01:35:44 -05:00
parent 124ea58f69
commit af0f420602
8 changed files with 632 additions and 0 deletions

View File

@ -0,0 +1,40 @@
### 7 Myths of Self-Sovereign-Identity
This October, Tim Ruff of Evernym published the [7 Myths of Self-Sovereign Identity](https://medium.com/evernym/7-myths-of-self-sovereign-identity-67aea7416b1), to clear up some common misconceptions about SSI. The 7 Tim highlights are an excellent start to SSI myth busting. Which other myths need busted? What is the best way to succinctly and completely relate the seven listed here?
#### Myth 1: Self-sovereign means self-attested.
Self-Sovereign means having ownership over your own credentials. However, we are still dependent on others to verify specifics about who we are. Self-attested credentials provide your personal opinion, preferences and consent. Proof of specific attributes commonly requires a trusted third party to verify and attest to.
#### Myth 2: SSI attempts to reduce governments power over an identity owner.
Many people are reminded of the Sovereign Citizens movement, that asserts its sovereign independence from presiding governments. Self-sovereign identity, on the other-hand, enables a private, encrypted connection between a government and their citizens. That connection, mutual and revokable by either party, can support mutual authentication, communication, and datasharing; independent from change of address or phone numbers.
#### Myth 3: SSI creates a national or “universal ID” credential.
SSI is not meant to supplant a national ID system. As mentioned previously, governments can use SSI to improve existing identity systems, whether national, regional, or otherwise. SSI does not replace the trust of government or any other organization; rather SSI makes possible stronger, more flexible and verifiable connections between existing organizations, members, governments and constituents. SSI will, however, make possible identification for those who are unable to access any from a local government, including refugees and other displaced people.
#### Myth 4: SSI gives absolute control over identity.
SSI gives its owner control over some aspects of identity, but not all. The digital wallet, DIDs, interaction history, consent receipts, private keys, and self-attested credentials are under complete control of the owner.
Connections, relationships, and third-party issued credentials are not entirely self-sovereign, nor should they be. Like real-world relationships, all parties involved have some degree of control over the continuation of the relationship.
With Sovrin\Indy-style SSI, digital credentials can be held by the SSI owner in a self-sovereign digital wallet, and can still be revoked by their issuers, without the credentials being removed from the wallet.
#### Myth 5: Theres a “main” verifier of credentials.
With real SSI there is no third party in the middle verifying each credential added to a wallet. Identity proofing services can provide a valuable service, but its a lot simpler when government and financial institutions issue verifiable credentials directly to identity owners.
If want to use that credential somewhere other than where it was issued from, it can be instantly verified by any relying party I share it with, without having to check with the issuer.
#### Myth 6: Theres a built-in method of authenticating.
SSI isn't dependent upon any particular means of authentication. It offers a protocol supporting any authentication method that two (or more) parties opt to use. One implementation might use facial or voice biometrics while another uses proof of location, and another simply exchanges digitally signed attestations, which are incredibly strong.
#### Myth 7: User-centric identity is the same as SSI.
User-centric identity gaves the user greater control than before, and thats great! However, it never realized its original intentuser independenceand it actually left large intermediaries with even more power than before. Facebook and Google, the biggest beneficiaries of the move to user-centric identity, would call their services user-centric.
Even the term gives it away: youre still a user and not the owner, and that means the underlying service is siloed or federated, not self-sovereign. Of course with SSI there are services provided by third parties, such as cloud agent hosting and relationship management apps and tools, but they are modular and replaceable.

View File

@ -0,0 +1,159 @@
# LICENSE-CC-BY-SA-4.0.md
UNLESS OTHERWISE NOTED, THE CONTENTS OF THIS REPOSITORY ARE LICENSED UNDER THE CREATIVE COMMONS ATTRIBUTION - SHARE ALIKE 4.0 INTERNATIONAL LICENSE
![https://creativecommons.org/licenses/by-sa/4.0/](https://i.creativecommons.org/l/by-sa/4.0/88x31.png)
## License Summary of CC-BY-SA 4.0 International
*This section is a human-readable summary of (and not a substitute for) the full license included below.*
### You are free to:
* **Share** — copy and redistribute the material in any medium or format
* **Adapt** — remix, transform, and build upon the material for any purpose, even commercially.
The licensor cannot revoke these freedoms as long as you follow the license terms.
### Under the following terms:
* ![CC-BY](https://creativecommons.org/images/deed/by.png) **Attribution** — You must give **appropriate credit**, provide **a link to the license**, and **indicate if changes were made**. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
* ![CC-BY](https://creativecommons.org/images/deed/sa.png) **ShareAlike** — If you remix, transform, or build upon the material, you must distribute your contributions under the **same license** as the original.
**No additional restrictions** — You may not apply legal terms or **technological measures** that legally restrict others from doing anything the license permits.
### Notices:
You do not have to comply with the license for elements of the material in the public domain or where your use is permitted by an applicable **exception or limitation**.
No warranties are given. The license may not give you all of the permissions necessary for your intended use. For example, other rights such as **publicity, privacy, or moral rights** may limit how you use the material.
# Creative Commons Attribution-ShareAlike 4.0 International License
FROM: https://creativecommons.org/licenses/by-sa/4.0/legalcode
Creative Commons Corporation (“Creative Commons”) is not a law firm and does not provide legal services or legal advice. Distribution of Creative Commons public licenses does not create a lawyer-client or other relationship. Creative Commons makes its licenses and related information available on an “as-is” basis. Creative Commons gives no warranties regarding its licenses, any material licensed under their terms and conditions, or any related information. Creative Commons disclaims all liability for damages resulting from their use to the fullest extent possible.
### Using Creative Commons Public Licenses
Creative Commons public licenses provide a standard set of terms and conditions that creators and other rights holders may use to share original works of authorship and other material subject to copyright and certain other rights specified in the public license below. The following considerations are for informational purposes only, are not exhaustive, and do not form part of our licenses.
* __Considerations for licensors:__ Our public licenses are intended for use by those authorized to give the public permission to use material in ways otherwise restricted by copyright and certain other rights. Our licenses are irrevocable. Licensors should read and understand the terms and conditions of the license they choose before applying it. Licensors should also secure all rights necessary before applying our licenses so that the public can reuse the material as expected. Licensors should clearly mark any material not subject to the license. This includes other CC-licensed material, or material used under an exception or limitation to copyright. [More considerations for licensors](http://wiki.creativecommons.org/Considerations_for_licensors_and_licensees#Considerations_for_licensors).
* __Considerations for the public:__ By using one of our public licenses, a licensor grants the public permission to use the licensed material under specified terms and conditions. If the licensors permission is not necessary for any reasonfor example, because of any applicable exception or limitation to copyrightthen that use is not regulated by the license. Our licenses grant only permissions under copyright and certain other rights that a licensor has authority to grant. Use of the licensed material may still be restricted for other reasons, including because others have copyright or other rights in the material. A licensor may make special requests, such as asking that all changes be marked or described. Although not required by our licenses, you are encouraged to respect those requests where reasonable. [More considerations for the public](http://wiki.creativecommons.org/Considerations_for_licensors_and_licensees#Considerations_for_licensees).
### Creative Commons Attribution-ShareAlike 4.0 International Public License
By exercising the Licensed Rights (defined below), You accept and agree to be bound by the terms and conditions of this Creative Commons Attribution-ShareAlike 4.0 International Public License ("Public License"). To the extent this Public License may be interpreted as a contract, You are granted the Licensed Rights in consideration of Your acceptance of these terms and conditions, and the Licensor grants You such rights in consideration of benefits the Licensor receives from making the Licensed Material available under these terms and conditions.
**Section 1 Definitions.**
1. **Adapted Material** means material subject to Copyright and Similar Rights that is derived from or based upon the Licensed Material and in which the Licensed Material is translated, altered, arranged, transformed, or otherwise modified in a manner requiring permission under the Copyright and Similar Rights held by the Licensor. For purposes of this Public License, where the Licensed Material is a musical work, performance, or sound recording, Adapted Material is always produced where the Licensed Material is synched in timed relation with a moving image.
2. **Adapter's License** means the license You apply to Your Copyright and Similar Rights in Your contributions to Adapted Material in accordance with the terms and conditions of this Public License.
3. **BY-SA Compatible License** means a license listed at [ creativecommons.org/compatiblelicenses][4], approved by Creative Commons as essentially the equivalent of this Public License.
4. **Copyright and Similar Rights** means copyright and/or similar rights closely related to copyright including, without limitation, performance, broadcast, sound recording, and Sui Generis Database Rights, without regard to how the rights are labeled or categorized. For purposes of this Public License, the rights specified in Section 2(b)(1)-(2) are not Copyright and Similar Rights.
5. **Effective Technological Measures** means those measures that, in the absence of proper authority, may not be circumvented under laws fulfilling obligations under Article 11 of the WIPO Copyright Treaty adopted on December 20, 1996, and/or similar international agreements.
6. **Exceptions and Limitations** means fair use, fair dealing, and/or any other exception or limitation to Copyright and Similar Rights that applies to Your use of the Licensed Material.
7. **License Elements** means the license attributes listed in the name of a Creative Commons Public License. The License Elements of this Public License are Attribution and ShareAlike.
8. **Licensed Material** means the artistic or literary work, database, or other material to which the Licensor applied this Public License.
9. **Licensed Rights** means the rights granted to You subject to the terms and conditions of this Public License, which are limited to all Copyright and Similar Rights that apply to Your use of the Licensed Material and that the Licensor has authority to license.
10. **Licensor** means the individual(s) or entity(ies) granting rights under this Public License.
11. **Share** means to provide material to the public by any means or process that requires permission under the Licensed Rights, such as reproduction, public display, public performance, distribution, dissemination, communication, or importation, and to make material available to the public including in ways that members of the public may access the material from a place and at a time individually chosen by them.
12. **Sui Generis Database Rights** means rights other than copyright resulting from Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, as amended and/or succeeded, as well as other essentially equivalent rights anywhere in the world.
13. **You** means the individual or entity exercising the Licensed Rights under this Public License. **Your** has a corresponding meaning.
**Section 2 Scope.**
1. **License grant**.
1. Subject to the terms and conditions of this Public License, the Licensor hereby grants You a worldwide, royalty-free, non-sublicensable, non-exclusive, irrevocable license to exercise the Licensed Rights in the Licensed Material to:
1. reproduce and Share the Licensed Material, in whole or in part; and
2. produce, reproduce, and Share Adapted Material.
2. Exceptions and Limitations. For the avoidance of doubt, where Exceptions and Limitations apply to Your use, this Public License does not apply, and You do not need to comply with its terms and conditions.
3. Term. The term of this Public License is specified in Section 6(a).
4. Media and formats; technical modifications allowed. The Licensor authorizes You to exercise the Licensed Rights in all media and formats whether now known or hereafter created, and to make technical modifications necessary to do so. The Licensor waives and/or agrees not to assert any right or authority to forbid You from making technical modifications necessary to exercise the Licensed Rights, including technical modifications necessary to circumvent Effective Technological Measures. For purposes of this Public License, simply making modifications authorized by this Section 2(a)(4) never produces Adapted Material.
5. Downstream recipients.
1. Offer from the Licensor Licensed Material. Every recipient of the Licensed Material automatically receives an offer from the Licensor to exercise the Licensed Rights under the terms and conditions of this Public License.
2. Additional offer from the Licensor Adapted Material. Every recipient of Adapted Material from You automatically receives an offer from the Licensor to exercise the Licensed Rights in the Adapted Material under the conditions of the Adapter's License You apply.
3. No downstream restrictions. You may not offer or impose any additional or different terms or conditions on, or apply any Effective Technological Measures to, the Licensed Material if doing so restricts exercise of the Licensed Rights by any recipient of the Licensed Material.
6. No endorsement. Nothing in this Public License constitutes or may be construed as permission to assert or imply that You are, or that Your use of the Licensed Material is, connected with, or sponsored, endorsed, or granted official status by, the Licensor or others designated to receive attribution as provided in Section 3(a)(1)(A)(i).
2. **Other rights**.
1. Moral rights, such as the right of integrity, are not licensed under this Public License, nor are publicity, privacy, and/or other similar personality rights; however, to the extent possible, the Licensor waives and/or agrees not to assert any such rights held by the Licensor to the limited extent necessary to allow You to exercise the Licensed Rights, but not otherwise.
2. Patent and trademark rights are not licensed under this Public License.
3. To the extent possible, the Licensor waives any right to collect royalties from You for the exercise of the Licensed Rights, whether directly or through a collecting society under any voluntary or waivable statutory or compulsory licensing scheme. In all other cases the Licensor expressly reserves any right to collect such royalties.
**Section 3 License Conditions.**
Your exercise of the Licensed Rights is expressly made subject to the following conditions.
1. **Attribution**.
1. If You Share the Licensed Material (including in modified form), You must:
1. retain the following if it is supplied by the Licensor with the Licensed Material:
1. identification of the creator(s) of the Licensed Material and any others designated to receive attribution, in any reasonable manner requested by the Licensor (including by pseudonym if designated);
2. a copyright notice;
3. a notice that refers to this Public License;
4. a notice that refers to the disclaimer of warranties;
5. a URI or hyperlink to the Licensed Material to the extent reasonably practicable;
2. indicate if You modified the Licensed Material and retain an indication of any previous modifications; and
3. indicate the Licensed Material is licensed under this Public License, and include the text of, or the URI or hyperlink to, this Public License.
2. You may satisfy the conditions in Section 3(a)(1) in any reasonable manner based on the medium, means, and context in which You Share the Licensed Material. For example, it may be reasonable to satisfy the conditions by providing a URI or hyperlink to a resource that includes the required information.
3. If requested by the Licensor, You must remove any of the information required by Section 3(a)(1)(A) to the extent reasonably practicable.
2. **ShareAlike**.
In addition to the conditions in Section 3(a), if You Share Adapted Material You produce, the following conditions also apply.
1. The Adapter's License You apply must be a Creative Commons license with the same License Elements, this version or later, or a BY-SA Compatible License.
2. You must include the text of, or the URI or hyperlink to, the Adapter's License You apply. You may satisfy this condition in any reasonable manner based on the medium, means, and context in which You Share Adapted Material.
3. You may not offer or impose any additional or different terms or conditions on, or apply any Effective Technological Measures to, Adapted Material that restrict exercise of the rights granted under the Adapter's License You apply.
**Section 4 Sui Generis Database Rights.**
Where the Licensed Rights include Sui Generis Database Rights that apply to Your use of the Licensed Material:
1. for the avoidance of doubt, Section 2(a)(1) grants You the right to extract, reuse, reproduce, and Share all or a substantial portion of the contents of the database;
2. if You include all or a substantial portion of the database contents in a database in which You have Sui Generis Database Rights, then the database in which You have Sui Generis Database Rights (but not its individual contents) is Adapted Material, including for purposes of Section 3(b); and
3. You must comply with the conditions in Section 3(a) if You Share all or a substantial portion of the contents of the database.
For the avoidance of doubt, this Section 4 supplements and does not replace Your obligations under this Public License where the Licensed Rights include other Copyright and Similar Rights.
**Section 5 Disclaimer of Warranties and Limitation of Liability.**
1. **Unless otherwise separately undertaken by the Licensor, to the extent possible, the Licensor offers the Licensed Material as-is and as-available, and makes no representations or warranties of any kind concerning the Licensed Material, whether express, implied, statutory, or other. This includes, without limitation, warranties of title, merchantability, fitness for a particular purpose, non-infringement, absence of latent or other defects, accuracy, or the presence or absence of errors, whether or not known or discoverable. Where disclaimers of warranties are not allowed in full or in part, this disclaimer may not apply to You.**
2. **To the extent possible, in no event will the Licensor be liable to You on any legal theory (including, without limitation, negligence) or otherwise for any direct, special, indirect, incidental, consequential, punitive, exemplary, or other losses, costs, expenses, or damages arising out of this Public License or use of the Licensed Material, even if the Licensor has been advised of the possibility of such losses, costs, expenses, or damages. Where a limitation of liability is not allowed in full or in part, this limitation may not apply to You.**
3. The disclaimer of warranties and limitation of liability provided above shall be interpreted in a manner that, to the extent possible, most closely approximates an absolute disclaimer and waiver of all liability.
**Section 6 Term and Termination.**
1. This Public License applies for the term of the Copyright and Similar Rights licensed here. However, if You fail to comply with this Public License, then Your rights under this Public License terminate automatically.
2. Where Your right to use the Licensed Material has terminated under Section 6(a), it reinstates:
1. automatically as of the date the violation is cured, provided it is cured within 30 days of Your discovery of the violation; or
2. upon express reinstatement by the Licensor.
For the avoidance of doubt, this Section 6(b) does not affect any right the Licensor may have to seek remedies for Your violations of this Public License.
3. For the avoidance of doubt, the Licensor may also offer the Licensed Material under separate terms or conditions or stop distributing the Licensed Material at any time; however, doing so will not terminate this Public License.
4. Sections 1, 5, 6, 7, and 8 survive termination of this Public License.
**Section 7 Other Terms and Conditions.**
1. The Licensor shall not be bound by any additional or different terms or conditions communicated by You unless expressly agreed.
2. Any arrangements, understandings, or agreements regarding the Licensed Material not stated herein are separate from and independent of the terms and conditions of this Public License.
**Section 8 Interpretation.**
1. For the avoidance of doubt, this Public License does not, and shall not be interpreted to, reduce, limit, restrict, or impose conditions on any use of the Licensed Material that could lawfully be made without permission under this Public License.
2. To the extent possible, if any provision of this Public License is deemed unenforceable, it shall be automatically reformed to the minimum extent necessary to make it enforceable. If the provision cannot be reformed, it shall be severed from this Public License without affecting the enforceability of the remaining terms and conditions.
3. No term or condition of this Public License will be waived and no failure to comply consented to unless expressly agreed to by the Licensor.
4. Nothing in this Public License constitutes or may be interpreted as a limitation upon, or waiver of, any privileges and immunities that apply to the Licensor or You, including from the legal processes of any jurisdiction or authority.
---
*Creative Commons is not a party to its public licenses. Notwithstanding, Creative Commons may elect to apply one of its public licenses to material it publishes and in those instances will be considered the "Licensor." The text of the Creative Commons public licenses is dedicated to the public domain under the [CC0 Public Domain Dedication](http://creativecommons.org/publicdomain/zero/1.0/legalcode). Except for the limited purpose of indicating that material is shared under a Creative Commons public license or as otherwise permitted by the Creative Commons policies published at [creativecommons.org/policies](http://creativecommons.org/policies), Creative Commons does not authorize the use of the trademark "Creative Commons" or any other trademark or logo of Creative Commons without its prior written consent including, without limitation, in connection with any unauthorized modifications to any of its public licenses or any other arrangements, understandings, or agreements concerning use of licensed material. For the avoidance of doubt, this paragraph does not form part of the public licenses.*
*Creative Commons may be contacted at [creativecommons.org](http://creativecommons.org/).*
*Additional languages available: [Bahasa Indonesia](http://creativecommons.org/licenses/by/4.0/legalcode.id), [Nederlands](http://creativecommons.org/licenses/by/4.0/legalcode.nl), [norsk]//creativecommons.org/licenses/by/4.0/legalcode.no, [suomeksi](//creativecommons.org/licenses/by/4.0/legalcode.fi), [te reo Māori](//creativecommons.org/licenses/by/4.0/legalcode.mi), [українська](//creativecommons.org/licenses/by/4.0/legalcode.uk), [日本語](//creativecommons.org/licenses/by/4.0/legalcode.ja). Please read the [FAQ](//wiki.creativecommons.org/FAQ#officialtranslations) for more information about official translations.*
---

View File

@ -1 +1,25 @@
# self-sovereign-identity
Articles and documents associated with designing and implementing identity technology using self-sovereign identity principles
## Local to this repository
* [The Path to Self-Sovereign Identity](ThePathToSelf-SovereignIdentity.md) - The original article on Self-Sovereign Identity and the 10 Principles of Self-Sovereign Identity as published on 2016-04-25 in github and at [Life With Alacrity](http://www.lifewithalacrity.com/2016/04/the-path-to-self-soverereign-identity.html) by [Christopher Allen](http://www.github.com/christophera)
* [10 Principles of Self-Sovereign Identity](self-sovereign-identity-principles.md) - The Self-Sovereign Identity Principles, in progress of being revised.
* [Core Characteristics of Self Sovereign Identity](characteristics-of-sovereign-identity.md) - from *A Technology-Free Definition of SSI* for review and comparison against *10 Principles of SSI*
* [7 Myths of Self Sovereign Identity](7-myths-of-self-sovereign-identity.md) - from Tim Ruff's [blog post](https://medium.com/evernym/7-myths-of-self-sovereign-identity-67aea7416b1).
## Elsewhere
* [A Technlogy-Free Definition of Self-Sovereign Identity](https://github.com/jandrieu/rebooting-the-web-of-trust-fall2016/raw/master/topics-and-advance-readings/a-technology-free-definition-of-self-sovereign-identity.pdf) - Topic paper for Rebooting Web of Trust III by [Joe Andrieu](http://www.github.com/jandrieu)
* [Identity and Digital Self-Sovereignty](https://medium.com/learning-machine-blog/identity-and-digital-self-sovereignty-1f3faab7d9e3#.3jcgvnbok) - Blog post by [Natalie Smolenski](https://medium.com/@nsmolenski)
* [Self-Sovereign Bill of Rights](self-sovereign-identity-bill-of-rights.md) - lifeID (founded by [Chris Boscolo](https://github.com/cboscolo)) adapted the 10 Principles of Self-Sovereign Identity into a [Bill of Rights](https://medium.com/@lifeID_io/lifeid-self-sovereign-identity-bill-of-rights-d2acafa1de8b) that all self-sovereign identity solution should uphold.
* [SSI: A Roadmap for Adoption](https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-spring2018/blob/master/final-documents/a-roadmap-for-ssi.md) from Rebooting the web of trust, Spring 2018.
> This document proposes the formation of a short-term team to develop consistent messaging for the Self-Sovereign Identity (SSI) market.
* [How to Convince Dad* of the Importance of Self-Sovereign Identity](https://github.com/WebOfTrustInfo/rwot7/blob/master/final-documents/convincing-dad.md)
\* and your sister and your daughter and your best friend and your nephew (SSI Use-Cases)

View File

@ -0,0 +1,144 @@
#Schuttes Critique of the Self-Sovereign Identity Principles
Im taking a quick pass through Christopher Allens 10 principles for Self-Sovereign Identity, with an eye toward highlighting the primary shortcomings that I perceive. Note: I have a very unusual take on this. I understand that. Im trying to be guided primarily by how mechanisms of coherence formation, perception and interaction amongst agents operate in complex adaptive systems.
I assume that the meta-patterns that we can observe in terms of how nature organizes itself are FUNCTIONAL ADAPTATIONS THAT HAVE EMERGED OVER COUNTLESS MILLENNIA OF TRIAL AND ERROR BECAUSE THEY BALANCE TENSIONS OF RESILIENCE (achieved through generation of diversity) AND EFFICIENCY (achieved through curation of diversity through actual interactions with surrounding entities, which cumulatively constitute an environment). This process of GENERATION and CURATION, often referred to as “Evolution” has come up with some pretty decent patterns — after having tried pretty much darn near everything and finding these patterns to have persistently find formation / activation in our present day world. And yes, Im stating that the patterns themselves are a product of evolution. The stuff that worked, continues to make an appearance. The patterns that lead to self-extinguishing dead-ends, are not so common (though they have to potential to be generated anew)
Chris Allens 10 Principles for Self-Sovereign Identity
Schuttes Take:
Naming it “Self-Sovereign Identity” packs in a bunch of false assumptions. The MetaCurrency Project focuses on generating adaptive capacity for individuals and organizations and focuses on a concept of Mutual Sovereignty as a result.
This is not to undermine the importance of the individual — but it is intended to draw attention to the way in which that word: “In-Dividual” or Non-Divisible is misleading, for even individuals are composed of intricate sets of collaborations between various agents. (And yes, this is a “turtles all the way down” situation).
A perceived sense of “a self” is the product that emerges from the interactions of these various agents.
Their coherent operation takes form in the world in ways that enable other actors to treat them as if they were a single actor rather than the complex set of collaborations amongst different processes that they actually are.
Of course, this is a heuristic, and like all heuristics, it may be a useful shortcut, but that doesnt mean it accurately reflects reality.
In truth, our “self” is constantly interacting with agents both externally and internally, and these transform the functioning (and even the perceived boundaries) of the self.
Simple example: Observe the difference in capacity and skillsets when you compare me in a normal state, and me after my bodys cells begin collaborating with the better part of a bottle of tequila. When “collaborating” with strong drink, I may not be as adept at driving as when those cells are being sustained by just water and other nutrients.
##On to the principles!
1. Existence. Users must have an independent existence. Any self-sovereign identity is ultimately based on the ineffable “I” thats at the heart of identity. It can never exist wholly in digital form. This must be the kernel of self that is upheld and supported. A self-sovereign identity simply makes public and accessible some limited aspects of the “I” that already exists.
Schuttes Take:
This is the first false assumption: The belief in an identity as an object. The perception of an “I” is a heuristic that simplifies information processing and decision making, but it is not an underlying reality that we should be anchoring Identity processes to — at least not in total. There is a truth in that an entity has a coherence that is distinct from others, but as Joe Andrieu phrases it “Identity is in the eye of the beholder.” This is true even when the beholder is the self. Natalie Smolenskis paper about the shifting boundaries of self touches on this aspect as well.
2. Control. Users must control their identities. Subject to well-understood and secure algorithms that ensure the continued validity of an identity and its claims, the user is the ultimate authority on their identity. They should always be able to refer to it, update it, or even hide it. They must be able to choose celebrity or privacy as they prefer. This doesnt mean that a user controls all of the claims on their identity: other users may make claims about a user, but they should not be central to the identity itself.
Schuttes Take:
This assumes that
1) “identities” are a static referent,
2) identities are maintained at a system wide scale.
These claims align with past attempts at identity administration architectures, but dont map to the actual functioning of identity in the real world.
I would argue that:
1) claims are all that exist
2) these claims can be thought of as signals that are “published” (sent) by some actors and “received” (sensed) by others. After receipt, the recipient bears the burden of prioritizing and interpreting the signals that they have sensed.
There are complex adaptive system dynamics in play here that lead to a differentiation in the sensitivities of various actors.
3. Access. Users must have access to their own data. A user must always be able to easily retrieve all the claims and other data within his identity. There must be no hidden data and no gatekeepers. This does not mean that a user can necessarily modify all the claims associated with his identity, but it does mean they should be aware of them. It also does not mean that users have equal access to others data, only to their own.
Schuttes Take:
Again, though noble in intent, this does not map to reality. Remember: “Identity is in the eye of the beholder.”
If I see you slap a child, that impression gets “written” on my brain. You dont have access to it.
If I later write it in my notebook, you still might not have access to it.
If it is shared with someone else in private, you wont necessarily have access to it.
These private channels of impression, interpretation and communication are critically important, and yet do not lend themselves to the type of “user centric” identity scheme being proposed here.
4. Transparency. Systems and algorithms must be transparent. The systems used to administer and operate a network of identities must be open, both in how they function and in how they are managed and updated. The algorithms should be free, open-source, well-known, and as independent as possible of any particular architecture; anyone should be able to examine how they work.
Schuttes Take:
Transparency is useful, but it always comes at a cost. Some levels of detail are irrelevant (until they are not). Other levels of detail can actually be obfuscatory (who among you has read the entire tax code?)
Transparency as a principle is really an attempt to indicate that the processes that we rely upon should auditable — i.e. audit-able. In order to audit (assess) a system, we need not just access to the details, but the literacy to interpret those details. Furthermore, we need to have the capability to take action based on what we find.
If we are given details that we cannot understand, or that we have no way of acting upon, they dont do us much good.
A critical part of making something understandable and actionable is the ability to synthesize the details — to convert them from one form that is filled many signals, to another form, one with fewer signals, but of more relevant meaning.
simple example: 10,000 ratings of restaurants in my neighborhood, each on different attributes and all listed as numbers on a wall, might not do me much good. To my eyes, the volume of “signals” would likely be overwhelming (particularly if each was organized in some not-so-easy-to-interpret-at-a-glance structure like JSON and not ordered in any useful way). I would see just a whole bunch of stuff. Too much, most likely. But run that same information through a filter — and distill down those insights to something like an average rating for each restaurant on price, atmosphere, taste and timeliness and then put two restaurants side-by-side with those “synthesized assessments” and we have information that I can act upon.
It will be the same for information about the very processes that we rely upon for making, storing, and interpreting claims about agents using a digital system.
We will rely upon not only transparency, but synthesis and judgments about who to rely upon for when to “dive deeper into the details,” for what level of minutia to ignore altogether, and for who to rely upon for distillation. This process will itself operate in the manner of a complex adaptive system — and will get us to answers that prove useful — though certainly not to truth. Truth, as I, and others, have pointed out elsewhere, is too costly to be maintained in all of its painstaking detail.
5. Persistence. Identities must be long-lived. Preferably, identities should last forever, or at least for as long as the user wishes. Though private keys might need to be rotated and data might need to be changed, the identity remains. In the fast-moving world of the Internet, this goal may not be entirely reasonable, so at the least identities should last until theyve been outdated by newer identity systems. This must not contradict a “right to be forgotten”; a user should be able to dispose of an identity if he wishes and claims should be modified or removed as appropriate over time. To do this requires a firm separation between an identity and its claims: they cant be tied forever.
Schuttes Take:
This persistence principle sounds attractive, but introduces risk. It also builds upon the same flawed framework of “an Identity is an object” and “Identity objects will be managed at system scale rather than by individual observers.” These are fatal flaws that do not map to how signals, agents, interpretation and steering operate in complex adaptive systems.
We can choose not to willingly pull our previous interactions into the present relationship. However, we are incapable of preventing others from attempting to correlate our past with our present — or to prevent them entirely from taking steps to improve the likelihood that our present interaction will be discoverable by those who interact with us in the future.
There are ways in which we can pressure others to reduce the level of such sharing that occurs, but these are primarily through the mechanism of social pressures, not technical limitations of the infrastructure we make use of.
6. Portability. Information and services about identity must be transportable. Identities must not be held by a singular third-party entity, even if its a trusted entity that is expected to work in the best interest of the user. The problem is that entities can disappear — and on the Internet, most eventually do. Regimes may change, users may move to different jurisdictions. Transportable identities ensure that the user remains in control of his identity no matter what, and can also improve an identitys persistence over time.
7. Interoperability. Identities should be as widely usable as possible.Identities are of little value if they only work in limited niches. The goal of a 21st-century digital identity system is to make identity information widely available, crossing international boundaries to create global identities, without losing user control. Thanks to persistence and autonomy these widely available identities can then become continually available.
Schuttes Take (on Portability and Interoperability):
The way that those of us at the metacurrency project might frame this is: our ability to communicate and interoperate should not be encloseable by any third-party.
Along these lines, interoperability is certainly a goal, for it is a requirement of communication that social preferences rather than technological limitations constrain who we interact with. That is not to say that interoperability will come without cost — or without loss of meaning. Any claim is always made in a context. Parts of its meaning are dependent on that context. When a claim is carved off from its context and shared with others (who by necessity do not completely share that same context) there is meaning lost or altered in the process. This is natural, but it is also worth noting and designing for. At the MetaCurrency Project we think about the ways in which context shapes meaning as analogous to Phenotypes (raw code) and Genotypes (code in a particular context). One code is in a particular context it will behave in ways that get shaped by that context. DNA provides a great example of this. More detail is available in the as yet unfinished Ceptr Revelation Document.
8. Consent. Users must agree to the use of their identity. Any identity system is built around sharing that identity and its claims, and an interoperable system increases the amount of sharing that occurs. However, sharing of data must only occur with the consent of the user. Though other users such as an employer, a credit bureau, or a friend might present claims, the user must still offer consent for them to become valid. Note that this consent might not be interactive, but it must still be deliberate and well-understood.
Schuttes Take:
Again, this seems to be an appropriate principle for an “identity system” where “identities are objects” that are “managed at the system level.” None of these feels appropriate to me. See above comments for more detail on that. On the other hand, my expectations about your use should be upheld. If they are not, I, and others like me, will cease to interact with you (or become unwilling to trust our assessments of context and risk). This will trigger a reduction of interactions (i.e. the withdrawal of future consents through alternate mechanisms).
9. Minimalization. Disclosure of claims must be minimized. When data is disclosed, that disclosure should involve the minimum amount of data necessary to accomplish the task at hand. For example, if only a minimum age is called for, then the exact age should not be disclosed, and if only an age is requested, then the more precise date of birth should not be disclosed. This principle can be supported with selective disclosure, range proofs, and other zero-knowledge techniques, but non-correlatibility is still a very hard (perhaps impossible) task; the best we can do is to use minimalization to support privacy as best as possible.
Schuttes Take:
This is a good goal to aim for. To accomplish it, users will likely rely upon others to give them guidance with regard to “how much information is enough information.”
A couple of years ago at IIW, I mapped out a rough protocol for how to query an agent with a one-time pseudonym to discover what they had to offer/what the mechanisms by which a user could gain access. Based on what was returned, a user could then submit appropriately narrow sets of claims, certifications, signatures etc to begin an interaction without:
1) disclosing more than necessary in that one exchange and
2) enabling the party that you are interacting with to build up a profile of you through multiple independent exchanges (counter to your intent).
10. Protection. The rights of users must be protected. When there is a conflict between the needs of the identity network and the rights of individual users, then the network should err on the side of preserving the freedoms and rights of the individuals over the needs of the network. To ensure this, identity authentication must occur through independent algorithms that are censorship-resistant and force-resilient and that are run in a decentralized manner.
Schuttes Take:
I agree! Though I would argue that decentralized is actually the wrong language, and that what we actually want is distributed systems — that can mutate (thus enabling adaptation even at that layer) while still maintaining the possibility of interoperability.

View File

@ -0,0 +1,199 @@
# The Path to Self-Sovereign Identity
Today I head out to a month-long series of events associated with identity: Im starting with the 22st (!) [Internet Identity Workshop](http://www.internetidentityworkshop.com/) next week; then Im speaking at the blockchain conference [Consensus](http://www.coindesk.com/events/consensus-2016/) about identity; next I am part of the team putting together the first [ID2020 Summit](http://id2020summit.org/) on Digital Identity at the United Nations; and finally I'm hosting the second [#RebootingWebOfTrust](http://www.weboftrust.info/) design workshop on decentralized identity.
At all of these events I want to share a vision for how we can enhance the ability of digital identity to enable trust while preserving individual privacy. This vision is what I call “Self-Sovereign Identity”.
Why do we need this vision now? Governments and companies are sharing an unprecedented amount of information, cross-correlating everything from viewing habits to purchases, to where people are located during the day, to where they sleep at night, and with whom they associate. In addition, as the Third World enters the computer age, digital citizenship is providing Third World residents with greater access to human rights and to the global economy. When properly designed and implemented, self-sovereign identity can offer these benefits while also protecting individuals from the ever-increasing control of those in power, who may not have the best interests of the individual at heart.
But what exactly do I mean by “Self-Sovereign Identity”?
## You Cant Spell Identity without an “I”
Identity is a uniquely human concept. It is that ineffable “I” of self-consciousness, something that is understood worldwide by every person living in every culture. As René Descartes said, *Cogito ergo sum***I think, therefore I am**.
However, modern society has muddled this concept of identity. Today, nations and corporations conflate drivers licenses, social security cards, and other state-issued credentials with identity; this is problematic because it suggests a person can lose his very identity if a state revokes his credentials or even if he just crosses state borders. **I think, but I am not**.
Identity in the digital world is even trickier. It suffers from the same problem of centralized control, but its simultaneously very balkanized: identities are piecemeal, differing from one Internet domain to another.
As the digital world becomes increasingly important to the physical world, it also presents a new opportunity; it offers the possibility of redefining modern concepts of identity. It might allow us to place identity back under our control — once more reuniting identity with the ineffable “I”.
In recent years, this redefinition of identity has begun to have a new name: *self-sovereign identity*. However, in order to understand this term, we need to review some history of identity technology:
## The Evolution of Identity
The models for online identity have advanced through four broad stages since the advent of the Internet: centralized identity, federated identity, user-centric identity, and self-sovereign identity.
### Phase One: Centralized Identity *(administrative control by a single authority or hierarchy)*
In the Internets early days, *centralized authorities* became the issuers and authenticators of digital identity. Organizations like IANA (1988) determined the validity of IP addresses and ICANN (1998) arbitrated domain names. Then, beginning in 1995, certificate authorities (CAs) stepped up to help Internet commerce sites prove they were who they said they were.
Some of these organizations took a small step beyond centralization and created *hierarchies*. A root controller could annoint other organizations to each oversee their own heirarchy. However, the root still had the core power — they were just creating new, less powerful centralizations beneath them.
Unfortunately, granting control of digital identity to centralized authorities of the online world suffers from the same problems caused by the state authorities of the physical world: users are locked in to a single authority who can deny their identity or even confirm a false identity. Centralization innately gives power to the centralized entities, not to the users.
As the Internet grew, as power accumulated across hierarchies, a further problem was revealed: identities were increasingly balkanized. They multiplied as web sites did, forcing users to juggle dozens of identities on dozens of different sites — while having control over none of them.
To a large extent, identity on the Internet today is still centralized — or at best, hierarchical. Digital identities are owned by CAs, domain registrars, and individual sites, and then rented to users or revoked at any time. However, for the last two decades theres also been a growing push to return identities to the people, so that they actually could control them.
### Interlude: Foreshadowing the Future
PGP (1991) offered one of the first hints toward what could become self-sovereign identity. It introduced the 'Web of Trust'[^1], which established trust for a digital identity by allowing peers to act as introducers and validators of public keys[^2]. Anyone could be validator in the PGP model. The result was a powerful example of decentralized trust management, but it focused on email addresses, which meant that it still depended on centralized hierarchies. For a variety of reasons, PGP never became broadly adopted.
Other early thoughts appeared in “Establishing Identity without Certification Authority” (1996), a paper by Carl Ellison that examined how digital identity was created[^3]. He considered both authorities such as Certificate Authorities and peer-to-peer systems like PGP as options for defining digital identity. He then settled on a method for verifying online identity by exchanging shared secrets over a secure channel. This allowed users to control their own identity without depending on a managing authority.
Ellison was also at the heart of the SPKI/SDSI project (1999) [^4] - [^5]. Its goal was to build a simpler public infrastructure for identity certificates that could replace the complicated X.509 system. Although centralized authorities were considered as an option, they were not the only option.
It was a beginning, but an even more revolutionary reconception of identity in the 21st century would be required to truly bring self-sovereignty to the forefront.
### Phase Two: Federated Identity *(administrative control by multiple, federated authorities)*
The next major advancement for digital identity occurred at the turn of the century when a variety of commercial organizations moved beyond hierarchy to debalkanize online identity in a new manner.
Microsofts Passport (1999) initiative was one of the first. It imagined _federated identity_, which allowed users to utilize the same identity on multiple sites. However, it put Microsoft at the center of the federation, which made it almost as centralized as traditional authorities.
In response Sun Microsoft organized the Liberty Alliance (2001). They resisted the idea of centralized authority, instead creating a "true" federation, but the result was instead an oligarchy: the power of centralized authority was now divided among several powerful entities.
Federation improved on the problem of balkanization: users could wander from site to site under the system. However, each individual site remained an authority.
### Phase Three: User-Centric Identity *(individual* ***or*** *administrative control across multiple authorities without requiring a federation)*
The Augmented Social Network (2000) laid the groundwork for a new sort of digital identity in their proposal for the creation of a next-generation Internet. In an extensive white paper[^6], they suggested building “persistent online identity” into the very architecture of the Internet. From the viewpoint of self-sovereign identity, their most important advance was “the assumption that every individual ought to have the right to control his or her own online identity”. The ASN group felt that Passport and the Liberty Alliance could not meet these goals because the “business-based initiatives” put too much emphasis on the privatization of information and the modeling of users as consumers.
These ASN ideas would become the foundation of much that followed.
The Identity Commons (2001-Present) began to consolidate the new work on digital identity with a focus on decentralization. Their most important contribution may have been the creation, in association with the Identity Gang, of the Internet Identity Workshop (2005-Present) working group. For the last ten years, the IIW has advanced the idea of decentralized identity in a series of semi-yearly meetings.
The IIW community focused on a new term that countered the server-centric model of centralized authorities: *user-centric identity*. The term suggests that users are placed in the middle of the identity process. Initial discussions of the topic focused on creating a better user experience[^7], which underlined the need to put users front and center in the quest for online identity. However the definition of a user-centric identity soon expanded to include the desire for a user to have more control over his identity and for trust to be decentralized[^8].
The work of the IIW has supported many new methods for creating digital identity, including OpenID (2005), OpenID 2.0 (2006), OpenID Connect (2014), OAuth (2010), and FIDO (2013). As implemented, user-centric methodologies tend to focus on two elements: user consent and interoperability. By adopting them, a user can decide to share an identity from one service to another and thus debalkanize his digital self.
The user-centric identity communities had even more ambitious visions; they intended to give users complete control of their digital identities. Unfortunately, powerful institutions co-opted their efforts and kept them from fully realizing their goals. Much as with the Liberty Alliance, final ownership of user-centric identities today remain with the entities that register them.
OpenID offers an example. A user can theoretically register his own OpenID, which he can then use autonomously. However, this takes some technical know-how, so the casual Internet user is more likely to use an OpenID from one public web site as a login for another. If the user selects a site that is long-lived and trustworthy, he can gain many of the advantages of a self-sovereign identity — but it could be taken away at any time by the registering entity!
Facebook Connect (2008) appeared a few years after OpenID, leveraging lessons learned, and thus was several times more successful largely due to a better user interface[^9]. Unfortunately, Facebook Connect veers even further from the original user-centric ideal of user control. To start with, theres no choice of provider; its Facebook. Worse, Facebook has a history of arbitrarily closing accounts, as was seen in their recent real-name controversy[^10]. As a result, people who access other sites with their “user-centric” Facebook Connect identity may be even more vulnerable than OpenID users to losing that identity in multiple places at one time.
Its central authorities all over again. Worse, its like state-controlled authentication of identity, except with a self-elected “rogue” state.
In other words: being user-centric isnt enough.
### Phase Four: Self-Sovereign Identity ***(individual control across any number of authorities)***
User-centric designs turned centralized identities into interoperable federated identities with centralized control, while also respecting some level of user consent about how to share an identity (and with whom). It was an important step toward true user control of identity, but just a step. To take the next step required user autonomy.
This is the heart of *self-sovereign identity*, a term thats coming into increased use in the 10s. Rather than just advocating that users be at the center of the identity process, self-sovereign identity requires that users be the rulers of their own identity.
One of the first references to identity sovereignty occurred in February 2012, when developer Moxie Marlinspike wrote about “Sovereign Source Authority”[^11]. He said that individuals “have an established Right to an identity”, but that national registration destroys that sovereignty. Some ideas are in the air, so its no surprise that almost simultaneously, in March 2012, Patrick Deegan began work on Open Mustard Seed, an open-source framework that gives users control of their digital identity and their data in decentralized systems[^12]. It was one of several "personal cloud" initiatives that appeared around the same time.
Since then, the idea of self-sovereign identity has proliferated. Marlinspike has blogged how the term has evolved[^13]. As a developer, he shows one way to address self-sovereign identity: as a *mathematical policy*, where cryptography is used to protect a users autonomy and control. However, thats not the only model. Respect Network instead addresses self-sovereign identity as a *legal policy*; they define contractual rules and principles that members of their network agree to follow[^14]. The Windhover Principles For Digital Identity, Trust and Data[^15] and Everynyms Identity System Essentials[^16] offer some additional perspectives on the rapid advent of self-sovereign identity since 2012.
In the last year, self-sovereign identity has also entered the sphere of *international policy*[^17]. This has largely been driven by the refugee crisis that has beset Europe, which has resulted in many people lacking a recognized identity due to their flight from the state that issued their credentials. However, its a long-standing international problem, as foreign workers have often been abused by the countries they work in due to the lack of state-issued credentials.
If self-sovereign identity was becoming relevant a few years ago, in light of current international crises its importance has skyrocketed.
The time to move toward self-sovereign identity is now.
## A Definition of Self-Sovereign Identity
With all that said, what is self-sovereign identity exactly? The truth is that theres no consensus. As much as anything, this article is intended to begin a dialogue on that topic. However, I wish to offer a starting position.
Self-sovereign identity is the next step beyond user-centric identity and that means it begins at the same place: the user must be central to the administration of identity. That requires not just the interoperability of a users identity across multiple locations, with the users consent, but also true user control of that digital identity, creating user autonomy. To accomplish this, a self-sovereign identity must be transportable; it cant be locked down to one site or locale.
A self-sovereign identity must also allow ordinary users to make claims, which could include personally identifying information or facts about personal capability or group membership[^18]. It can even contain information about the user that was asserted by other persons or groups.
In the creation of a self-sovereign identity, we must be careful to protect the individual. A self-sovereign identity must defend against financial and other losses, prevent human rights abuses by the powerful, and support the rights of the individual to be oneself and to freely associate[^19].
However, theres a lot more to self-sovereign identity than just this brief summation. Any self-sovereign identity must also meet a series of guiding principles — and these principles actually provide a better, more comprehensive, definition of what self-sovereign identity is. A proposal for them follows:
## Ten Principles of Self-Sovereign Identity
A number of different people have written about the principles of identity. Kim Cameron wrote one of the earliest “Laws of Identity”[^20], while the aforementioned Respect Network policy[^21] and W3C Verifiable Claims Task Force FAQ[^22] offer additional perspectives on digital identity. This section draws on all of these ideas to create a group of principles specific to self-sovereign identity. As with the definition itself, consider these principles a departure point to provoke a discussion about whats truly important.
These principles attempt to ensure the user control thats at the heart of self-sovereign identity. However, they also recognize that identity can be a double-edged sword — usable for both beneficial and maleficent purposes. Thus, an identity system must balance transparency, fairness, and support of the commons with protection for the individual.
1. **Existence.** *Users must have an independent existence.* Any self-sovereign identity is ultimately based on the ineffable “I” thats at the heart of identity. It can never exist wholly in digital form. This must be the kernel of self that is upheld and supported. A self-sovereign identity simply makes public and accessible some limited aspects of the “I” that already exists.
2. **Control.** *Users must control their identities.* Subject to well-understood and secure algorithms that ensure the continued validity of an identity and its claims, the user is the ultimate authority on their identity. They should always be able to refer to it, update it, or even hide it. They must be able to choose celebrity or privacy as they prefer. This doesnt mean that a user controls all of the claims on their identity: other users may make claims about a user, but they should not be central to the identity itself.
3. **Access.** *Users must have access to their own data.* A user must always be able to easily retrieve all the claims and other data within his identity. There must be no hidden data and no gatekeepers. This does not mean that a user can necessarily modify all the claims associated with his identity, but it does mean they should be aware of them. It also does not mean that users have equal access to others data, only to their own.
4. **Transparency**. *Systems and algorithms must be transparent.* The systems used to administer and operate a network of identities must be open, both in how they function and in how they are managed and updated. The algorithms should be free, open-source, well-known, and as independent as possible of any particular architecture; anyone should be able to examine how they work.
5. **Persistence.** *Identities must be long-lived.* Preferably, identities should last forever, or at least for as long as the user wishes. Though private keys might need to be rotated and data might need to be changed, the identity remains. In the fast-moving world of the Internet, this goal may not be entirely reasonable, so at the least identities should last until theyve been outdated by newer identity systems. This must not contradict a “right to be forgotten”; a user should be able to dispose of an identity if he wishes and claims should be modified or removed as appropriate over time. To do this requires a firm separation between an identity and its claims: they can't be tied forever.
6. **Portability.** *Information and services about identity must be transportable.* Identities must not be held by a singular third-party entity, even if it's a trusted entity that is expected to work in the best interest of the user. The problem is that entities can disappear — and on the Internet, most eventually do. Regimes may change, users may move to different jurisdictions. Transportable identities ensure that the user remains in control of his identity no matter what, and can also improve an identitys persistence over time.
7. **Interoperability.** *Identities should be as widely usable as possible.* Identities are of little value if they only work in limited niches. The goal of a 21st-century digital identity system is to make identity information widely available, crossing international boundaries to create global identities, without losing user control. Thanks to persistence and autonomy these widely available identities can then become continually available.
8. **Consent.** *Users must agree to the use of their identity.* Any identity system is built around sharing that identity and its claims, and an interoperable system increases the amount of sharing that occurs. However, sharing of data must only occur with the consent of the user. Though other users such as an employer, a credit bureau, or a friend might present claims, the user must still offer consent for them to become valid. Note that this consent might not be interactive, but it must still be deliberate and well-understood.
9. **Minimalization.** *Disclosure of claims must be minimized.* When data is disclosed, that disclosure should involve the minimum amount of data necessary to accomplish the task at hand. For example, if only a minimum age is called for, then the exact age should not be disclosed, and if only an age is requested, then the more precise date of birth should not be disclosed. This principle can be supported with selective disclosure, range proofs, and other zero-knowledge techniques, but non-correlatibility is still a very hard (perhaps impossible) task; the best we can do is to use minimalization to support privacy as best as possible.
10. **Protection.** *The rights of users must be protected.* When there is a conflict between the needs of the identity network and the rights of individual users, then the network should err on the side of preserving the freedoms and rights of the individuals over the needs of the network. To ensure this, identity authentication must occur through independent algorithms that are censorship-resistant and force-resilient and that are run in a decentralized manner.
I seek your assistance in taking these principles to the next level. I will be at the IIW conference this week, at other conferences this month, and in particular I will be meeting with other identity technologists on May 21st and 22nd in NYC after the ID 2020 Summit on Digital Identity. These principles will be placed into github and we hope to collaborate with all those interested in refining them through the workshop, or through github pull requests from the broader community. Come join us!
## Conclusion
The idea of digital identity has been evolving for a few decades now, from centralized identities to federated identities to user-centric identities to self-sovereign identities. However, even today exactly what a self-sovereign identity is, and what rules it should recognize, arent well-known.
This article seeks to begin a dialogue on that topic, by offering up a definition and a set of principles as a starting point for this new form of user-controlled and persistent identity of the 21st century.
## Glossary
The following terms are relevant to this article. These are just a subset of the terms generally used to discuss digital identity, and have been minimized to avoid unnecessary complexity.
**Authority.** A trusted entity that is able to verify and authenticate identities. Clasically, this was a centralized (or later, federated) entity. Now, this can also be an open and transparent algorithm run in a decentralized manner.
**Claim.** A statement about an identity. This could be: a fact, such as a person's age; an opinion, such as a rating of their trustworthiness; or something in between, such as an assessment of a skill.
**Credential.** In the identity community this term overlaps with claims. Here it is used instead for the dictionary definition: "entitlement to privileges, or the like, usually in written form"[^23]. In other words, credentials refer to the state-issued plastic and paper IDs that grant people access in the modern world. A credential generally incorporates one or more identifiers and numerous claims about a single entity, all authenticated with some sort of digital signature.
**Identifier.** A name or other label that uniquely identifies an identity. For simplicity's sake, this term has been avoided in this article (except in this glossary), but it's generally important to an understanding of digital identity.
**Identity.** A representation of an entity. It can include claims and identifiers. In this article, the focus is on *digital* identity.
## Thanks To
Thanks to various people who commented on early drafts of this article. Some of their suggestions were used word for word, some were adapted to the text, and everything was carefully considered. The most extensive revisions came from comments by Shannon Appelcline, Dave Crocker, Anil John, and Drummond Reed. Other commentators and contributors include: Doc Searls, Kaliya Young, Devon Loffreto, Greg Slepak, Alex Fowler, Fen Labalme, Justin Netwon, Markus Sabadello, Adam Back, Ryan Shea, Manu Sporney, and Peter Todd. I know much of the commentary didn't make it into this draft, but the discussion on this topic continues…
Image by John Hain licensed CC0 https://pixabay.com/en/identity-mask-disguise-mindset-510866/
The opinions in this article are my own, not my employer's nor necessarily the opinions of those that have offered commentary on it.
[^1]: Jon Callas, Phil Zimmerman. 2015. “The PGP Paradigm”. #RebootingWebOfTrust Design Workshop. https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/blob/master/topics-and-advance-readings/PGP-Paradigm.pdf.
[^2]: Appelcline, Crocker, Farmer, Newton. 2015. “Rebranding the Web of Trust”. #RebootingWebOfTrust Design Workshop. https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/blob/master/final-documents/rebranding-web-of-trust.pdf
[^3]: Ellison, Carl. 1996. “Establishing Identity without Certification Authorities”. 6th USENIX Security Symposium. http://irl.cs.ucla.edu/~yingdi/pub/papers/Ellison-OldFriend-USENIX-Security-1996.pdf.
[^4]: Ellison, C. 1999. “RFC 2692: SPKI Requirements”. IETF. https://tools.ietf.org/html/rfc269
[^5]: Ellison, C., et. al. 1999. “RFC 2693: SPKI Certificate Theory”. IETF. https://tools.ietf.org/html/rfc269
[^6]: Jordon, Ken, Jan Hauser, and Steven Foster. 2003. “The Augmented Social Network: Building Identity and Trust into the Next-Generation Internet”. Networking: A Sustainable Future. http://asn.planetwork.net/asn-archive/AugmentedSocialNetwork.pdf
[^7]: Jøsang, Audun and Simon Pope. 2005. “User Centric Identity Management”. AusCERT Conference 2005. http://folk.uio.no/josang/papers/JP2005-AusCERT.pdf
[^8]: Verifiable Claims Task Force. 2006. “[Editor Draft] Verifiable Claims Working Group Frequently Asked Questions”. W3C Technology and Society Domain. http://w3c.github.io/webpayments-ig/VCTF/charter/faq.htm
[^9]: Gilbertson, Scott. 2011. “OpenID: The Webs Most Successful Failure”. Webmonkey. http://www.webmonkey.com/2011/01/openid-the-webs-most-successful-failure
[^10]: Hassine, Wafa Ben and Eva Galperine. “Changes to Facebooks Real Name Policy Still Dont Fix the Problem”. EFF. https://www.eff.org/deeplinks/2015/12/changes-facebooks-real-names-policy-still-dont-fix-problem
[^11]: Marlinspike, Moxie. 2012. “What is Sovereign Source Authority?” The Moxie Tongue. http://www.moxytongue.com/2012/02/what-is-sovereign-source-authority.html
[^12]: Open Mustard Seed. 2013. “Open Mustard Seed (OMS) Framework). ID3. https://idcubed.org/open-platform/platform/
[^13]: Marlinspike, Moxie. 2016. “Self-Sovereign Identity”. The Moxie Tongue. http://www.moxytongue.com/2016/02/self-sovereign-identity.html
[^14]: Respect Network. 2016. “The Respect Trust Network v2.1”. oixnet.org. http://oixnet.org/wp-content/uploads/2016/02/respect-trust-framework-v2-1.pdf
[^15]: Graydon, Carter. 2014. “Top Bitcoin Companies Propose the Windhover Principles A New Digital Framework for Digital Identity, Trust and Open Data”. CCN. https://www.cryptocoinsnews.com/top-bitcoin-companies-propose-windhover-principles-new-digital-framework-digital-identity-trust-open-data/
[^16]: Smith, Samuel M. and Khovratovich, Dmitry. 2016. “Identity System Essentials”. Evernym. http://www.evernym.com/assets/doc/Identity-System-Essentials.pdf
[^17]: Dahan, Mariana and John Edge. 2015. “The World Citizen: Transforming Statelessness into Global Citizenship”. The World Bank. http://blogs.worldbank.org/ic4d/category/tags/self-sovereign-identity-systems
[^18]: Identity Commons. 2007. “Claim”. IDCommons Wiki. http://wiki.idcommons.net/Claim
[^19]: Christopher Allen. 2015. “The Four Kinds of Privacy”. Life With Alacrity blog. http://www.lifewithalacrity.com/2015/04/the-four-kinds-of-privacy.html
[^20]: Cameron, Kim. 2005. “The Laws of Identity”. https://msdn.microsoft.com/en-us/library/ms996456.aspx
[^21]: Respect Network. 2016. “The Respect Trust Network v2.1”. oixnet.org. http://oixnet.org/wp-content/uploads/2016/02/respect-trust-framework-v2-1.pdf
[^22]: Verifiable Claims Task Force. 2006. “[Editor Draft] Verifiable Claims Working Group Frequently Asked Questions”. W3C Technology and Society Domain. http://w3c.github.io/webpayments-ig/VCTF/charter/faq.html
[^22]: Verifiable Claims Task Force. 2006. “[Editor Draft] Verifiable Claims Working Group Frequently Asked Questions”. W3C Technology and Society Domain. http://w3c.github.io/webpayments-ig/VCTF/charter/faq.html
[^23]: "Definition of Credential". Dictionary.com. http://www.dictionary.com/browse/credential?s=t

View File

@ -0,0 +1,28 @@
# Core Characteristics of Sovereign Identity
From [Joe Andrieu](https://github.com/jandrieu)'s [A TechnologyFree Definition of SelfSovereign Identity](https://github.com/jandrieu/rebooting-the-web-of-trust-fall2016/raw/master/topics-and-advance-readings/a-technology-free-definition-of-self-sovereign-identity.pdf), for comparison with the [Ten Principles of Self Sovereign Identity](https://github.com/WebOfTrustInfo/self-sovereign-identity/blob/master/self-sovereign-identity-principles.md) and continued discussion:
### Control. Acceptance. Zero Cost.
These are the three fundamental characteristics of selfsovereign identity.
#### CONTROL
* **Selfsovereign identities are controlled by the individual:**
* **Selfgeneratable and Independent:** Individuals must be able to create identity information without asking for permission and be able to assert identity information from any authority. The resulting identity must have the same technical reliability as those provided by wellknown, “official” sources. The observer, of course, is always free to decide whether or not a given piece of information is meritorious, but the information must be able to be verified as a nonrepudiatable statement of correlation using exactly the same mechanisms regardless of source. Further, individuals must be able to present selfgenerated identity information without disclosing that the authority in the claim is the subject of the claim.
* **Optin**: The affordance for asserting identity information starts with the individual. While an individual may present claims from known or accepted third party authorities, it is the individual who asserts that the claim applies to them. Selfsovereign identities begin with the will of the individual, with the intentional presentation of identity information.
* **Minimal Disclosure**: Individuals should be able to use services with minimal identity information. Features that depend on enhanced correlation must be understood by the average user. Such features should be permissioned with the highest granularity, so functions independent of correlation work equally well alongside those dependent on it. It is not acceptable to deny services because of a refusal to provide unrelated information.
* **Nonparticipation**: Individuals must be able to choose to not provide identity information for services where it isnt absolutely required. Any spontaneous identifiers necessary for a service to function, such as cookies or session ids, must use the same infrastructure for consent, persistence, transience, and disclosure as if provided by the individual.
* **Optout**: Individuals should be able to optout of identifying records postfacto as a matter of course. People should be able to stop the use of a correlating identity information by request. Some transactions necessarily require long term retention of identity information, such as financial transactions, purchases, and shipments. Actions that create permanent records should be clearly marked and communicated such that the retention is expected and understood by the average person. All other actions which leverage a selfsovereign identity should be decorrelated ondemand and said identifiers should no longer be used to correlate that individual across contexts.
* **Recoverable**: Sovereign identities must be robust enough to be recovered even if hard drives are lost, wallets stolen, or birth certificates lost in a fire. Selfsovereign identities must provide a way for individuals to recover and reassert that existing identify information applies to them even in the face of complete loss of credentials. This may be challenging given current technical proposals, but the point of this paper is to explore the nontechnical requirements of a selfsovereign identity. To fully address the needs of UN Sustainable Development Goal 16.9, identity assurance cant depend on pieces of paper, devices, or other artifacts that can be lost, stolen, destroyed, and falsified.
#### ACCEPTANCE
* **Selfsovereign identities are accepted wherever observers correlate individuals across contexts.**
* **Standard**: There is an open, public standard managed through a formal standards body, free to use by anyone without financial or intellectual encumbrance. Simple The core standard (schema, serialization, and protocols) must be atomically minimal, providing the barest data set, allowing complexity to emerge not from a complicated data model but from a multiplicity of information types, authorities, and observations.
* **Nonrepudiatable**: Individual claims should be cryptographically signed to assure nonrepudiatable statements of correlation. Long term, public and semipublic ledgers should be used to record claims that become statistically impossible to falsify over time. Selfsovereign identities, at a minimum depend on cryptographic assurances, and most likely will be further enabled by nonrepudiatable public ledgers.
* **Reliable**: Access to selfsovereign identities must be at least as reliable as access to the Internet. It should not rely on any individual or group of centralized servers, connections, or access technologies. Substantially Equivalent Above all, selfsovereign identities must meet the needs of legacy identity observers at least as well as current solutions. If the core architecture is inherently less capable than existing approaches there is little hope of systemic adoption.
#### ZERO COST
* **Finally, any proposed standard for selfsovereign identity must be adoptable at absolutely minimal cost.**
* Not only must it be free of licensing encumbrances, it must be implementable with readily available, inexpensive, commodity hardware running common operating systems. If it cant be achieved using todays commodity products, then we must help manufacturers incorporate what we need.
**In order to reach every last person on the planet**—the explicit target of UN Sustainable Development Goal 16.9—**selfsovereign identity must be realizable at massive scale with close to zero marginal cost**. The systems we use to make sense of the resulting identity transactions will provide more than enough consulting, software, and hardware revenue to finance the development of the core enabling technology. Just as the web browser was a zero cost entry into a vast economic and innovation engine of the worldwide web, so too must selfsovereign identity begin with the most costeffective onramp that can be engineered.

View File

@ -0,0 +1,28 @@
# lifeID Self-Sovereign Identity Bill of Rights
lifeID was founded with the vision that every person in the world deserves to own and control their identity. For lifeID and our world-wide community, the future of identity rests on the concept that controlling personally identifiable information (PII)both online and in the real-worldis a foundational right. This right will ensure a future with simple, secure digital identities; a future with password-free online experiences; a future where individuals can establish who they are, or verify facts about their lives, without the intrusion or oversight from government entities or corporations.
Although there are several self-sovereign Identity solutions in development within the larger blockchain community, they are all quite different. They share some common principles of self-sovereign identity, but not all. There is a definitional gap to be filled, establishing what we think are the foundational attributes of a truly self-sovereign identity. It is our goal to inspire discussion and agreement within our community for what comprises a self-sovereign identity to ensure the success, integrity and sustainability of these solutions for people throughout the world.
In light of this, we hold these truths to be self-evident features of any self-sovereign identity solution.
**The Self-Sovereign Identity Bill of Rights**
1. **Individuals must be able to establish their existence as a unified identity online and in the physical world.** A unified identity requires that people not only have an online presence, but that presence must function seamlessly across both online and real-world environments.One unified identity for all spheres of life.
2. **Individuals must have the tools to access and control their identities.** Self-sovereign identity holders must be able to easily retrieve identity attributes and verified claims as well as any metadata that has been generated in the process of transactions. There can be no personally identifiable information (PII) data that is hidden from the identity holder. This includes management, updating or changing identity attributes, and keeping private what they choose.
3. **The platforms and protocols on which self-sovereign identities are built, must be open and transparent.** This refers to how the platforms and protocols are governed, including how they are managed and updated. They should be open-source, well-known, and as independent as possible of any particular architecture; anyone should be able to examine how they work.
4. **Users must have the right to participate in the governance of their identity infrastructure.** The platform, protocols on which self-sovereign identities are built, must be governed by identity holders. By definition, if the platform is governed by a private entity or limited set of participants, the Identity holder is not in control of the future of their identity.
5. **Identities must exist for the life of the identity holder**. While the platform and protocols evolve, each singular identity must remain intact. This must not contradict a "right to be forgotten"; a user should be able to dispose of an identity if he or she wishes and claims should be modified or removed as appropriate over time. To do this requires a firm separation between an identity and its claims: they can't be tied forever.
6. **Identities must be portable**. Identity attributes and verified claims must be controlled personally and be transportable and interoperable as desired. Government entities, companies and other individuals can come and go. So it is essential that identity holders can move their identity data to other blockchains or platforms to ensure that they alone control their identity.
7. **Identities must be interoperable**. identity holders must be able to us their identities in all facets of their lives. So any identity platform or protocol must function across geographical, political and commercial jurisdictions. Identities should be as widely usable as possible. Ultimately, identities are of little value if they only work in niches.
8. **Individuals must consent to the use of their identity.** The point of having an identity is that you can use it to participate in mutually beneficial transactionswhether personal or commercial. This requires that some amount of personal information needs to be shared. However, any sharing of personal data must require the absolute consent of the usereven if third parties have a record of previously verified claims. For every transaction associate with a claim, the identity holder must deliberately consent to its use.
9. **Disclosure of verified claims must be minimized.** For every transaction, only the minimum amount of personally identifiable information should be required and shared. If an identity holder wants to enable an age-related commercial transaction, e.g. buy alcohol, the only verified claim that needs to be share is whether they are over 21. There is not need to share actual age, street address, height, weight, etc.
10. **The rights of identity holders must supersede any other platform or ecosystem entities.** If a conflict arises between the needs of the platform or entities engaging with identity holders, the governance must be designed to err on the side of preserving these rights for identity holder over the needs of the protocols, platform or network. To ensure this, identity authentication must be decentralized, independent, and free of censorship.
Join us to discuss our self-sovereign bill of rights:
Twitter: lifeid\_io
Discord: [https://discord.gg/ZdbQMsR](https://discord.gg/ZdbQMsR)
Newsletter: lifeid.io

View File

@ -0,0 +1,10 @@
1. **Existence.** *Users must have an independent existence.* Any self-sovereign identity is ultimately based on the ineffable “I” thats at the heart of identity. It can never exist wholly in digital form. This must be the kernel of self that is upheld and supported. A self-sovereign identity simply makes public and accessible some limited aspects of the “I” that already exists.
2. **Control.** *Users must control their identities.* Subject to well-understood and secure algorithms that ensure the continued validity of an identity and its claims, the user is the ultimate authority on their identity. They should always be able to refer to it, update it, or even hide it. They must be able to choose celebrity or privacy as they prefer. This doesnt mean that a user controls all of the claims on their identity: other users may make claims about a user, but they should not be central to the identity itself.
3. **Access.** *Users must have access to their own data.* A user must always be able to easily retrieve all the claims and other data within his identity. There must be no hidden data and no gatekeepers. This does not mean that a user can necessarily modify all the claims associated with his identity, but it does mean they should be aware of them. It also does not mean that users have equal access to others data, only to their own.
4. **Transparency**. *Systems and algorithms must be transparent.* The systems used to administer and operate a network of identities must be open, both in how they function and in how they are managed and updated. The algorithms should be free, open-source, well-known, and as independent as possible of any particular architecture; anyone should be able to examine how they work.
5. **Persistence.** *Identities must be long-lived.* Preferably, identities should last forever, or at least for as long as the user wishes. Though private keys might need to be rotated and data might need to be changed, the identity remains. In the fast-moving world of the Internet, this goal may not be entirely reasonable, so at the least identities should last until theyve been outdated by newer identity systems. This must not contradict a “right to be forgotten”; a user should be able to dispose of an identity if he wishes and claims should be modified or removed as appropriate over time. To do this requires a firm separation between an identity and its claims: they can't be tied forever.
6. **Portability.** *Information and services about identity must be transportable.* Identities must not be held by a singular third-party entity, even if it's a trusted entity that is expected to work in the best interest of the user. The problem is that entities can disappear — and on the Internet, most eventually do. Regimes may change, users may move to different jurisdictions. Transportable identities ensure that the user remains in control of his identity no matter what, and can also improve an identitys persistence over time.
7. **Interoperability.** *Identities should be as widely usable as possible.* Identities are of little value if they only work in limited niches. The goal of a 21st-century digital identity system is to make identity information widely available, crossing international boundaries to create global identities, without losing user control. Thanks to persistence and autonomy these widely available identities can then become continually available.
8. **Consent.** *Users must agree to the use of their identity.* Any identity system is built around sharing that identity and its claims, and an interoperable system increases the amount of sharing that occurs. However, sharing of data must only occur with the consent of the user. Though other users such as an employer, a credit bureau, or a friend might present claims, the user must still offer consent for them to become valid. Note that this consent might not be interactive, but it must still be deliberate and well-understood.
9. **Minimalization.** *Disclosure of claims must be minimized.* When data is disclosed, that disclosure should involve the minimum amount of data necessary to accomplish the task at hand. For example, if only a minimum age is called for, then the exact age should not be disclosed, and if only an age is requested, then the more precise date of birth should not be disclosed. This principle can be supported with selective disclosure, range proofs, and other zero-knowledge techniques, but non-correlatibility is still a very hard (perhaps impossible) task; the best we can do is to use minimalization to support privacy as best as possible.
10. **Protection.** *The rights of users must be protected.* When there is a conflict between the needs of the identity network and the rights of individual users, then the network should err on the side of preserving the freedoms and rights of the individuals over the needs of the network. To ensure this, identity authentication must occur through independent algorithms that are censorship-resistant and force-resilient and that are run in a decentralized manner.