Awesome-Mirrors/decentralized-id.github.io
1
0
Fork 0
mirror of https://github.com/Decentralized-ID/decentralized-id.github.io.git synced 2024-10-01 01:05:54 -04:00
Code Issues Packages Projects Releases Wiki Activity

aries and non-ssi + oidc

Browse Source
This commit is contained in:
⧉ infominer 2022-12-03 02:23:23 -05:00
parent 28856e3c8c
commit d88e61056a
30 changed files with 668 additions and 575 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
_posts/identosphere-dump/README.md
View File

@ -23,7 +23,7 @@
- mDL ✓
- WACI-Pex ✓
- Complementary to VC/DID Standards
- JSON-LD
- JSON-LD
- JSON
- KERI ✓
- Cryptography
@ -33,12 +33,12 @@
- UCAN ✓
- GNAP ✓
- OAuth ✓
- Trust Frameworks
- Trust Frameworks
- 800-63-3
- DIACC
- Blockchain Standards
- ISOTC 307
- CEN/EENTLIC
- Blockchain Standards
- ISOTC 307
- CEN/EENTLIC
- ERC 725
- Standards Orgs
- W3C
@ -47,8 +47,8 @@
- ITU-T
- ISO/IEC
- ISO Standards
- mDL 18013-5
- 22030
- mDL 18013-5
- 22030
- Working Group 3 - Travel Documents
- Non SSI Identity Standards
- OpenID

14
_posts/identosphere-dump/assorted.md
View File

@ -55,8 +55,6 @@ Facebook is interesting because it was based on the .edu domain. Small network.
Zero-knowledge proofs and trustless networks may require high-trust environments for adoptions.
* [Distributed Open Identity: Self-Sovereign OpenID: A Status Report](https://identiverse.gallery.video/detail/videos/standards/video/6184823227001/distributed-open-identity:-self-sovereign-openid:-a-status-report?autoStart=true)
> follow up of the Identiverse 2019 session “SSO: Self-sovereign OpenID Connect a ToDo list”. (Decentralized Identity, Mobile, Verified Claims & Credentials, Standards, Preeti Rastogi, Nat Sakimura)
* [State of Identity with IDRamp](https://oneworldidentity.com/podcast/idramp-2/) (Enterprise SSI company)
> As someone who has uniquely spent their full career immersed in identity, Mike Vesey (CEO of IdRamp) shares an insider perspective of how the industry has evolved during his tenure. This episode dives into the impacts of rapid digitalization worldwide, where identity is heading due to digital transformation, and the benefits that come with it.
@ -109,11 +107,6 @@ Kim might no longer update his blog, nudge identity products toward his vision o
Reification. I learned that word from Kim. In the immediate next breath he said from the stage that he was told not everyone knew what reify meant and that he would use a more approachable word: “thingify.” And therein I learned another lesson from Kim about how to present to an audience.
* [Personal Digital Transformation and Holistic Digital Identity](https://www.youtube.com/watch?v%3D9DExNTY3QAk) OpenID Japan ← His last public talk
from the OpenID Summit Tokyo 2020 Keynote […] about Claims, Identity, Self-ness, Who-ness, and OpenID Connect and Decentralized Identity.
* [My heart is heavy over the loss of @Kim_Cameron](https://twitter.com/pamelarosiedee/status/1466776672443666432) Pamela Dingle
He always made sure that everyone was welcome, he brought people in and inspired them and suggested ways for them to be stars. He was kind, in a way that few people ever are.
@ -172,13 +165,6 @@ This release includes major updates to the front-end Switchboard web application
* [GLEIF Press Release](https://www.gleif.org/en/newsroom/press-releases/gleif-advances-digital-trust-and-identity-for-legal-entities-globally)
* [Layering Digital ID on Top of Traditional Data Management](https://hiplatform.org/blog/2020/5/20/layering-digital-id-on-top-of-traditional-data-management) HIP
> While Digital ID could offer benefit to humanitarian agencies and beneficiaries, alike, many questions remain to be answered. The cost effectiveness of ID solutions remains to be established. Given that many of these systems are only operating at pilot-scale, it is difficult to know what the primary drivers of cost are and how they can be mitigated. In addition, the digital ID space is fairly young and while initiatives like ID4D and ID2020 are working to drive meaningful interoperability among providers in the space, it remains to be seen what the most effective factors, in addition to open source software, open APIs, and common data formats, can be used to general meaningful interoperability.
## Trends
* [Digital Caribou looks at the future trends impacting Digital Identity](https://medium.com/caribou-digital/diagnostic-trends-shaping-the-future-of-digital-identification-181724c40068)
> 1. The state of the art in digital identification are trust frameworks that accommodate diverse technologies, systems and stakeholders
> 2. Risks remain even within the most rigorous trust framework:
> 3. Achieving inclusion requires addressing both technical and political dimensions
> 4. Trust frameworks are complicated so getting governance right requires an ecosystems approach
> 5. Building the future of digital identification means reckoning with an analogue past
## Name of SSI
* [SSI Has an Identity Problem](https://trinsic.id/ssi-has-an-identity-problem/) Reilly, Trinsic

10
_posts/identosphere-dump/companies/README.md
View File

@ -71,3 +71,13 @@
If youre already using a secure mechanism to authenticate your users, then setting up OIDC capability isnt necessary. As weve explored, sending credentials using secure DID messaging directly or via a QR code or deep-link is safe, convenient and allows users to obtain their credentials directly.
## Gimly
* [Gimly ID: SSI with OpenID authentication](https://www.loom.com/share/d49e005bb32349d7950022e83d55b944)
About Dick Hardts new thing
Gimly ID is leading self-sovereign identity innovation, with the implementation of SSI with self-issued openID provider (SIOPv2) and full support for openID connect and DIF presentation exchange.
* [SSI with OpenID authentication](https://www.loom.com/share/d49e005bb32349d7950022e83d55b944) Gimly ID

22
_posts/identosphere-dump/educational-resources/explainer.md
View File

@ -296,10 +296,6 @@ whats the purpose of SSI? Its about enabling Digital Trust (which is quic
* [Blockchain, The Missing Piece In Self-Sovereign Digital Identity](https://www.youtube.com/watch?v%3DGBLjJm-jvEo%26list%3DPLzdCVbKVZxgeD4ql4C7C4hBKPFuJhb8QS%26index%3D13) Modex (part of a youtube playlist)
How do we prove we are who we say we are? In an identity context, blockchains permit people to prove things about themselves using decentralized, verifiable credentials without revealing the actual data.
* [The Era of Self-Sovereign Identity](https://www.chakray.com/era-self-sovereign-identity/) Chakaray
VC-AuthN OIDC uses the OpenID connect standards to easily integrate with the supported systems and also provides a way to authenticate using the verifiable credentials, giving the control back to the user. This is similar to the traditional OpenID connect, the only difference is in the token information. Rather than using the users information to construct the token, this uses claims in the verifiable credentials presented by the user.
* [Principal Authority: A New Perspective on Self-Sovereign Identity](https://www.blockchaincommons.com/articles/Principal-Authority/) Blockchain Commons
One of the most important steps going forward will be to continue working with the Digital Identity subcommittee in the Wyoming legislature. However, Id also welcome discussions with other states and nations, to ensure that we have great definitions of digital identity that support self-sovereign identity everywhere.
@ -377,11 +373,7 @@ In this talk, Wayne reviews the results of support with Tezos addresses, use cas
A particularly useful aspect of the Verifiable Credentials standard is that the parties undertake the specific roles of Issuer, Holder or Verifier, but they are not constrained in how many roles, or when, they can employ them. Each party can be a device, a person or an institution, meaning that verifications can take place directly between automated systems, even verifying that each other is genuine before establishing a connection to share data
* [Lets talk about digital identity with Oscar Santolalla, Nat Sakimura and Petteri Stenius](https://www.ubisecure.com/podcast/openid-connect/)
the history of OpenID Connect and how it became so prevalent, with special guests [Nat Sakimura](https://www.linkedin.com/in/natsakimura/), Chairman at the OpenID Foundation, and [Petteri Stenius](https://www.linkedin.com/in/petteri-stenius-6a637/), Principal Scientist at Ubisecure. [...]
“New technology seldomly completely replaces the older technologies. They will form additional layers, and slowly start replacing it.”
* Really Good: [Self Sovereign Identity ≠ Blockchain](https://jolocom.io/blog/dezentrale-identitaten-%25e2%2589%25a0-blockchain-2/) Jolocom
Due to the ID-Wallet project in Germany, some articles and comments have equated Self Sovereign Identity (SSI) with blockchain technology in the last few weeks. The impression is given that SSI only works in conjunction with a blockchain. Spoiler, thats not the case.
@ -794,16 +786,6 @@ We expect Digital Transformation to be a more prevalent talking point around di
This is excellent work, with lots of references, by Dr. Nuttawut Kongsuwan ([Finema](http://finema.co/) & [QTFT](http://qtft.org/)), and Rachata Tosirisuk ([Thailand Internet Exchange](https://th-ix.net/en/), [Finema](https://finema.co/) & [QTFT](https://qtft.org/)).
* [Trust Frameworks](https://medium.com/mattr-global/learn-concepts-trust-frameworks-ad96a4427991)
> Trust frameworks are a foundational component of the web of trust. A trust framework is a common set of best practice standards-based rules that ensure minimum requirements are met for security, privacy, identification management and interoperability through accreditation and governance. These operating rules provide a common framework for ecosystem participants, increasing trust between them.
* [The trust infrastructure of self-sovereign identity ecosystems](https://ssi-ambassador.medium.com/the-trust-infrastructure-of-self-sovereign-identity-ecosystems-551f46ed9e2c)
> The trust infrastructure is concerned with the question of how and why the presented information can be trusted. It defines the rules for all stakeholders and enables legally binding relationships with the combination of governance frameworks, which are built on top of trust frameworks.
includes a section on the core components of identity architecture that includes a graphic [based on a post by Phil Windley](https://www.windley.com/archives/2020/09/the_architecture_of_identity_systems.shtml)
* [The Verifiable Credentials Model](https://trinsic.id/trinsic-basics-the-verifiable-credentials-model/)
> At the core of every self-sovereign identity (SSI) use case is what we call the verifiable credentials model. This simple yet effective model helps conceptualize how verifiable credentials are exchanged between people and organizations.
* [What Is a Blockchain (SSI) Self-Sovereign Identity?](https://www.youtube.com/watch?v%3Duq0MQH4fAgc%26t%3D3s) Blockchain Africa Conference 2022
@ -851,9 +833,9 @@ Part V: Deep Dive: Anchored Decentralized Identifiers
* [The Ukrainian War, PKI, and Censorship](https://www.windley.com/archives/2022/03/the_ukrainian_war_pki_and_censorship.shtml) Phil Windley
PKI has created a global trust framework for the web. But the war in Ukraine has shone a light on its weaknesses. Hierarchies are not good architectures for building robust, trustworthy, and stable digital systems.
* [Blockchain Self-Sovereign Identity: True Control Of Your Identity](https://komodoplatform.com/en/academy/self-sovereign-identity/) Komodo Platform
The adoption of verifiable credentials is another fundamental part of the SSI concept. Verifiable credentials use a digital signature for identity claims by combining public-key hashing cryptography and privacy-protection techniques to convert credentials like ID cards to digital versions.

58
_posts/identosphere-dump/educational-resources/governance.md
View File

@ -87,12 +87,8 @@ a simple mechanism to provide public information concerning an entity by adverti
* [Trust Registry or Machine-Readable Governance?](https://indicio.tech/trust-registry-or-machine-readable-governance/) Indicio
> Machine-readable governance is composed of elements that help to establish trust and enable interoperability: trusted participants, schemas (templates for structuring information in a credential), and rules and flows for presenting credentials and verifying them. Machine-readable governance can be hierarchical. Once a governance system is published, other organizations can adopt and then amend or extend the provided system.
* [Battle of the Trust Frameworks with Tim Bouma & Darrell ODonnell](https://northernblock.io/battle-of-the-trust-frameworks-with-tim-bouma-darrell-odonnell) Northern Block
1. Levels of Assurance (LOA): an introduction to LOAs as they relate to Digital Identity and why theyre an important part of the recipe in achieving digital trust. Tim and Darrell give us some practical examples of LOAs.
2. The Concept of Trust: how do we define trust at a high-level and how do we differentiate between technical and human trust? How can we build trust with credential issuers but also with credential holders?
3. The World of Trust Frameworks: what are trust frameworks and what are different types of frameworks being deployed in both the public and private sectors? How are organizations trying to monetize trust frameworks? Whats going right, and whats going wrong with the way trust frameworks are being implemented?
4. The Importance of Open Source for Trust Creation: why is open source important for achieving digital sovereignty? Is open source the only way to improve transparency, flexibility and accountability?
* [ToIP Releases Additional Tools for Governance and Trust Assurance in Digital Trust Ecosystems](https://trustoverip.org/news/2021/11/12/toip-releases-additional-tools-for-governance-and-trust-assurance-in-digital-trust-ecosystems/)
Following the [September announcement of its first tools for managing risk in digital trust ecosystems](https://trustoverip.org/blog/2021/09/23/trust-over-ip-foundation-issues-its-first-tools-for-managing-risk-in-digital-trust-ecosystems/), today the ToIP Foundation announced three more pairs of tools to assist in the task of generating digital governance and trust assurance schemes
@ -271,60 +267,8 @@ Links from chat: [http://emoglen.law.columbia.edu/LIS/archive/privacy-legis/IST
* [Practical Perspectives on the collapse of zero-sum civilizations and the emergence of computational sovereigns and a pattern approach to digital equity governance: The source of the problems is the source of the solutions](https://iiw.idcommons.net/index.php?title%3D22I/_Practical_Perspectives_on_the_collapse_of_zero-sum_civilizations_and_the_emergence_of_computational_sovereigns_and_a_pattern_approach_to_digital_equity_governance:_The_source_of_the_problems_is_the_source_of_the_solutions.%26action%3Dedit%26redlink%3D1).
* [Good Health Pass Ecosystem Trust Architecture: DIDs and X.509 Trust Registries with Ecosystem Governance Frameworks](https://iiw.idcommons.net/23F/_Good_Health_Pass_Ecosystem_Trust_Architecture:_DIDs_and_X.509_Trust_Registries_with_Ecosystem_Governance_Frameworks) by Drummond Reed, Scott Perry, Darrell ODonnell
Governance, Trust Registry, Ecosystem, Transitive Trust, Architecture
Presentation Deck: [GHP Ecosystem Trust Architecture PDF](https://drive.google.com/file/d/1Hgh5JvrM7aUCmg5q6KIXzvpVIcgfhTjr/view?usp%3Dsharing)
- Proposed Trust Interoperability (Global) for the Good Health Pass (GHP) Ecosystem
- Kaliya Young & Rebecca Distler - Working Group Co-Leads
- Trust in the system - focus for todays discussion.
- Principles - [https://www.goodhealthpass.org/wp-content/uploads/2021/02/Good-Health-Pass-Collaborative-Principles-Paper.pdf](https://www.goodhealthpass.org/wp-content/uploads/2021/02/Good-Health-Pass-Collaborative-Principles-Paper.pdf)
- Blueprint Outline - [https://www.goodhealthpass.org/wp-content/uploads/2021/03/GHPC-Interoperability-Blueprint-Outline-v2.pdf](https://www.goodhealthpass.org/wp-content/uploads/2021/03/GHPC-Interoperability-Blueprint-Outline-v2.pdf)
- Global Problems inhibiting world travel. Many emerging instances of GHP related ecosystems. GHP establishing an umbrella for all GHP-compliant ecosystems.
- Relying on the ToIP Trust stack as an architectural blueprint
- Ecosystem Governance Framework is at the top of a governance and technical stack.
- Some specific Ecosystems need to accommodate x.509 certificate and VC constructs.
- ToIP Stack diagram is undergoing new changes - some new terminology being discussed at IIW.
- Governance and Trust Framework terms are being used as synonyms but we conveyed that Governance Frameworks are over arching of subject Trust Frameworks.
- GHP wll be a General Ecosystem Governance Framework. Overseeing Specific EGFs..
-
- It is likely to have a GHP compliance but only on the lightweight tenets of interoperability.
- We are introducing a trust registry infrastructure that works with all GHP-compliant ecosystems.
- Issuers within an ecosystem will be included in a trust registry.
- Each Ecosystem must publish its governance framework and make its trust registry available
- All issuers need to be recognized by a governance framework and included in a trust registry
- The second principle is that each specific EGF will identify its trust registry with a DID and specify its trust registry service endpoint(s) in its associated DID document
- The third principle is that each VC issued under a specific EGF will identify its issuer with either:
- a DID
- a URI (for X.509 certificates)
- The final principle is that each VC issued under a specific EGF will identify its type with a type URI. That field will be using common semantics.
- With this architecture, all we need is a simple trust registry protocol to answer the question:
- Is this issuer
- authorized to issue this VC type
- under this specific EGF?
- GOOD - is a pass
- BETTER - may be purpose-limited (“trivial” example -
Links from chat:
- Bart Suichies to Everyone : the eidas demo is here: [https://essif.adaptivespace.io/](https://essif.adaptivespace.io/)
* [https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/deliverables](https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/deliverables) not sure if this an open repo
* [https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/deliverables/-/blob/master/api_documentation/train-atv-1.0.0-swagger.yaml](https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/deliverables/-/blob/master/api_documentation/train-atv-1.0.0-swagger.yaml)
* [https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/train_project_summary](https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/train_project_summary)
- Drummond Reed to Everyone : See the anti-coercion section of the original ToIP RFC: [https://github.com/hyperledger/aries-rfcs/blob/master/concepts/0289-toip-stack/README.md](https://github.com/hyperledger/aries-rfcs/blob/master/concepts/0289-toip-stack/README.md)
- Sterre den Breeijen to Everyone : [https://blockchain.tno.nl/blog/verify-the-verifier-anti-coercion-by-design/](https://blockchain.tno.nl/blog/verify-the-verifier-anti-coercion-by-design/) Blog on anti-coercion by my colleague Oskar van Deventer
- Bart Suichies to Everyone : @judith: [https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/train_project_summary](https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/train_project_summary)
- Darrell O'Donnell to Everyone : TRAIN - [https://essif-lab.eu/essif-train-by-fraunhofer-gesellschaft/](https://essif-lab.eu/essif-train-by-fraunhofer-gesellschaft/)
- Drummond Reed to Everyone : Bart, I am totally on board with the human-readable element for GHP. Happy to chat more with you about that. There is a lot of focus on that in the [Consistent User Experience drafting group](https://wiki.trustoverip.org/display/HOME/Consistent%2BUser%2BExperience%2BDrafting%2BGroup)
* [Self-sovereign identity: Legal compliance and the involvement of governments](https://ssi-ambassador.medium.com/self-sovereign-identity-legal-compliance-and-the-involvement-of-governments-467acdd32e88) SSI Ambassador
When it comes to identity management the involvement of the government can be a tricky topic. It needs to be involved to enable access to public services, adapt legislature and guarantee equal access for its citizens. However, it should not be able to control or monitor all aspects and activities of its citizens.

8
_posts/identosphere-dump/educational-resources/resources.md
View File

@ -20,13 +20,19 @@ as we move into decentralized identity management, where individuals manage cred
🔥 This is a community resource for tracking the adoption of verifiable credentials around the world. Please have a look around and join 10+ others who have contributed!
## Course
* [New Badged Open Course: Decentralising Education Using Blockchain Technology](https://www.open.edu/openlearncreate/course/view.php?id%3D7981) Alexander.Mikroyannidis ([from CCG](https://lists.w3.org/Archives/Public/public-credentials/2021Oct/0044.html)
Available on the Open Universitys OpenLearn Create platform and is licensed under CC BY-NC-SA 4.0. Upon completion of the course, learners earn a free statement of participation.
* [Getting Started with Self-Sovereign Identity](https://www.edx.org/course/getting-started-with-self-sovereign-identity) Kaliya & Lucy via Linux Foundation and EdX
Gain a solid foundation on self-sovereign identity (SSI) with a 360 degree overview of its evolutionary journey, key concepts, standards, technological building blocks, use cases, real-world examples and implementation considerations.
* [New Badged Open Course: Decentralising Education Using Blockchain Technology](https://lists.w3.org/Archives/Public/public-credentials/2021Oct/0044.html)
The course is available on the Open Universitys OpenLearn Create platform and is licensed under CC BY-NC-SA 4.0. Upon completion of the course, learners earn a free statement of participation.
* [You can view the course here](https://www.open.edu/openlearncreate/course/view.php?id%3D7981). Your feedback is very welcome.
* [Becoming a Hyperledger Aries Developer](https://www.edx.org/course/becoming-a-hyperledger-aries-developer)
* [Becoming a Hyperledger Aries Developer](https://training.linuxfoundation.org/training/becoming-a-hyperledger-aries-developer-lfs173/) Linux Foundation
> Learn how to develop blockchain-based production-ready identity applications with Hyperledger Aries in this free course.

2
_posts/identosphere-dump/events/calendar.md
View File

@ -229,9 +229,7 @@ Few businesses are evolving CIAM to deliver better security and privacy for cust
showing the newly released Aries wallet that is available on the GlobaliD app. This wallet offers holder functionality for anyone who wishes to have aries credentials using the Indicio mainnet. GlobaliD developer Alexis Falquier and Dev Bharel will show a brief video demonstration of the wallet connecting, receiving credentials and verifying the credential with an agent on Trinsic studio - showing interoperability.
* [Registration - OpenID Foundation Virtual Workshop](https://openid.net/2021/03/01/registration-open-for-openid-foundation-virtual-workshop-april-29-2021/) April 29, 2021
updates on all active OpenID Foundation Working Groups as well the OpenID Certification Program
* [Identiverse 2021](https://identiverse.com/) June 21-23 • Denver, co

111
_posts/identosphere-dump/open-source-projects/hyperledger/aries.md Normal file
View File

@ -0,0 +1,111 @@
# Aries
* [Aries Agent Test Harness Enhancement Project](https://www.idlab.org/en/aries-agent-test-harness-enhancement-project/) IDLab
At this stage of the AATH Enhancement Project, two factors helped define its broad content:
- The gap between AIP 2.0 constituent RFCs and the current implementation of the AATH tests
- Requirements from Interac with respect to AIP 2.0
* [https://github.com/hyperledger/aries-rfcs/blob/master/concepts/0430-machine-readable-governance-frameworks/README.md](https://github.com/hyperledger/aries-rfcs/blob/master/concepts/0430-machine-readable-governance-frameworks/README.md)
* [Setting up Mediator Agent in Ubuntu — (.Net Core service in Linux Box)](https://rangesh.medium.com/setting-up-mediator-agent-in-ubuntu-net-core-service-in-linux-box-b874bb409eed) Rangesh
> In a Self Sovereign Environment supported by Hyperledger Indy / Aries agent framework, Mediator Agent is one of the essential components that acts as postman service between Issuer /Verifier Aries Agent and Mobile Agent.
* [Introducing Hyperledger Aries Framework JavaScript 0.2.0](https://www.hyperledger.org/blog/2022/07/06/introducing-hyperledger-aries-framework-javascript-0-2-0) Hyperledger
The new Hyperledger Aries Framework JavaScript release (0.2.0) contains some incredible steps forward. Especially in our goal to make the framework AIP 2.0 compliant. AIP 2.0 compliance will not only ensure the framework supports the latest standards and protocols, but it will also greatly increase interoperability and make it more useful outside of the Hyperledger Indy ecosystem.
* [Hyperledger Aries Graduates To Active Status; Joins Indy As “Production Ready”](https://www.hyperledger.org/blog/2021/02/26/hyperledger-aries-graduates-to-active-status-joins-indy-as-production-ready-hyperledger-projects-for-decentralized-identity)
“This approval is further evidence that Hyperledger Aries is a breakout success for the Hyperledger community,” said Brian Behlendorf, General Manager for Blockchain, Healthcare and Identity at the Linux Foundation. “Convergence on common libraries for the exchange of credentials will help speed the development of urgently-needed solutions and systems, ranging from education to finance to the fight against the pandemic. Aries is key to that convergence.”
* [Hyperledger Aries Graduates To Active Status](https://www.hyperledger.org/blog/2021/02/26/hyperledger-aries-graduates-to-active-status-joins-indy-as-production-ready-hyperledger-projects-for-decentralized-identity)
The TSC commended the Aries project during the meeting for the projects highly diverse contributors. Achieving a high number of organizations contributing to a project at Hyperledger is often a challenge. Congratulations are due to those participating in and supporting the Aries Project.
* [The Pathway to Becoming a Hyperledger Maintainer](https://www.hyperledger.org/blog/2021/11/03/the-pathway-to-becoming-a-hyperledger-maintainer)
> In this blogpost Im going to share what its like to be a maintainer for the Hyperledger Aries project. Youll learn how you can start contributing and maybe even set yourself on a path to becoming a maintainer.
* [Indicio Wins British Columbia Code With Us Challenge to Upgrade Hyperledger Indy](https://indicio.tech/indicio-wins-british-columbia-code-with-us-challenge-to-upgrade-hyperledger-indy/)
> Most of Hyperledger Indys development occurred prior to the completion of the standard DID Specification by the W3C and, as a result, identifiers written to one network are currently not resolvable on other networks. A new did:indy DID Method will fix that and make it easier for decentralized identity products and services to interoperate across different Indy networks.
* [Hyperledger SSI Ecosystem](https://dev.to/jakubkoci/hyperledger-ssi-ecosystem-4j2p) Jakubkoci
There are three projects under the Hyperledger umbrella related to digital identity. Hyperledger Indy, Aries, and Ursa. [...] describe their purpose and how theyre related to each other.
## Aries \ Indy \ AnonCreds the dialogue continues
* [Learnings from Aries, Indy and Various Verifiable Credential Implementations](https://northernblock.io/learnings-from-aries-indy-and-various-verifiable-credential-implementations/) Northern Block
Standards such as OIDC and mDL are all now in dialogue with W3C, AnonCreds, Aries, etc. Mobile is a predominant technology, just like the way laptops were once upon a time. To reduce consumer friction and drive adoption, convergence of all these different technologies is required inside a mobile environment
* [Hyperledger Aries is the Present and the Future of Internet-Scale Trusted Verifiable Credential Ecosystems](https://indicio.tech/hyperledger-aries-is-the-present-and-the-future-of-internet-scale-trusted-verifiable-credential-ecosystems/) Indicio
While no technology runs perfectly on every device, a signal strength of Aries, AnonCreds, and Indy is that they work on the vast majority of current devices and systems, including $35 smart phones and low powered IOT/embedded devices. They represent the most inclusive way into this technology, which is an important factor in their popularity.
* [Hyperledger Mentorship Spotlight: Hyperledger Aries Integration to Support Fabric as Blockchain Ledger](https://www.hyperledger.org/blog/2021/12/06/hyperledger-mentorship-spotlight-hyperledger-aries-integration-to-support-fabric-as-blockchain-ledger)
The Hyperledger Mentorship Program is a structured hands-on learning opportunity for new developers who may otherwise lack the opportunity to gain exposure to Hyperledger open source development and entry to the technical community.
* [Hyperledger KochiOrgBook Meetup](https://www.youtube.com/watch?v=HU0zXKiFYD0) (modeled after [VONx.io](https://vonx.io/)), in collaboration with Wipro, CUSAT, and KBA.
> “KochiOrgBook is a Verifiable Organization Network for the city of Kochi [India]. It is a technology demonstrator to launch a DID based utility compliant with the ToIP standards to enable trusted digital verification for various associations within the city of Kochi.”
* [EU Grant to Help Building Blockchain Infrastructure](https://sphereon.com/news-and-insights/sphereon-wins-an-eu-essif-lab-grant/). Sphereon
> Well be providing a Presentation Exchange that creates interoperability between W3C DIF-compliant Verifiable Credentials and Hyperledger Aries-based Verifiable Credentials for the European Blockchain Services Infrastructure (EBSI).
* [Talking on Aries Bifold, building a community effort around an open source mobile wallet in React Native](https://iiw.idcommons.net/23I/_Talking_on_Aries_Bifold,_building_a_community_effort_around_an_open_source_mobile_wallet_in_React_Native) by James Ebert
Hyperledger Aries Aries Bifold  Aries-Framework-Javascript React Native
Slides: [https://docs.google.com/presentation/d/1XKrgnUUF7nZI-bOqWMKijKZHWThsIjFkVkfPIVy3gkY/edit?usp=sharing](https://docs.google.com/presentation/d/1XKrgnUUF7nZI-bOqWMKijKZHWThsIjFkVkfPIVy3gkY/edit?usp%3Dsharing)
Repo: [https://github.com/hyperledger/aries-mobile-agent-react-native](https://github.com/hyperledger/aries-mobile-agent-react-native)
User Group Meetings: [https://wiki.hyperledger.org/display/ARIES/Aries+Bifold+User+Group+Meetings](https://wiki.hyperledger.org/display/ARIES/Aries%2BBifold%2BUser%2BGroup%2BMeetings)
Rocketchat: [https://chat.hyperledger.org/channel/aries-bifold](https://chat.hyperledger.org/channel/aries-bifold)
Aries-Framework-Javascript: [https://github.com/hyperledger/aries-framework-javascript](https://github.com/hyperledger/aries-framework-javascript)
rn-indy-sdk: [https://github.com/AbsaOSS/rn-indy-sdk](https://github.com/AbsaOSS/rn-indy-sdk)
Discussion on the following topics:
- Face recognition capabilities and discussion
- Discussion of project goals
- Brief demo of current state
- Questions on Ionic vs React Native
- React Native is more broadly adopted
- Need to start somewhere
- Does Aries Bifold plan to support BBS+? Yes, planning on utilizing Aries Askar and surrounding components to enable these capabilities.
- What is the MVP of Aries Bifold?
- Connections
- Coordinate-mediation protocol support
- Credential Exchange
- Revocation
- Aries Bifold interoperability
- AIP 1.0 and AIP 2.0 support
- Aries Agent Test Harness capabilities
- Componentization of Aries Bifold
- Allows the inclusion of the project in existing apps.
- Helps with separation of concerns.
- Use of React Redux
- Packaging and monorepos.
* [...]
Karim Stekelenburg: [https://github.com/microsoft/react-native-tscodegen](https://github.com/microsoft/react-native-tscodegen)
* [SITA uses blockchain, decentralized identity for pilot license verification](https://www.ledgerinsights.com/sita-blockchain-decentralized-identity-for-pilot-license/) Ledgerinsights
Using the [self-sovereign identity](https://www.ledgerinsights.com/tag/self-sovereign-identity/) solution Hyperledger Aries, almost everything works peer to peer between the license issuer and the pilot and between the pilot and the verifier.
* [Introduction to Hyperledger Sovereign Identity Blockchain Solutions: Indy, Aries & Ursa](https://training.linuxfoundation.org/training/introduction-to-hyperledger-sovereign-identity-blockchain-solutions-indy-aries-and-ursa/) (LFS172)
* [Becoming a Hyperledger Aries Developer](https://www.edx.org/course/becoming-a-hyperledger-aries-developer)
- [Aries Cloud Agent Python](https://github.com/hyperledger/aries-cloudagent-python)
* [Trinsic donates did-key.rs to I&D WG](https://medium.com/decentralized-identity/trinsic-donates-did-key-rs-to-i-d-wg-8a278f37bcd0)
> DID:Key, originally specified in the W3C Credentials Community Group (CCG), is a DID “pseudo-method” that allows static, pre-existing, and/or pre-published public keys to function like traditional DIDs — they can be queried, stored, issued against, and resolved to return valid DID documents.
* [DIDKit v0.1 is Live.](https://sprucesystems.medium.com/didkit-v0-1-is-live-d0ea6638dbc9)
> Most other options are subtly locked to a specific blockchain and its particularities, which a self-sovereign identity (SSI) novice is unlikely to notice until months into a project based on it. A few open-source libraries exist to sidestep this infrastructural lock-in, but these are more like primitives for assembling an SSI toolkit than ready-to-go, developer-friendly libraries. DIDKit, on the other hand, is ready to start processing real-world VCs with non-repudiable signatures right out the box.
* [Indicio.Tech releases Aries Mediator Agent](https://indicio.tech/blog/indicio-tech-advances-decentralized-identity-with-release-of-critical-open-source-technology/)
> The Indicio Mediator Agent is the companys latest contribution to Aries Cloud Agent Python (ACA-Py) and the Aries Toolbox. Following RFC 0211: Mediator Coordination, Indicio built on the work of the open-source community to make mediation interoperable and vendor agnostic. This expands the opportunities for mobile wallet implementations.
> *[...]*
> Indicio.tech is committed to becoming a resource-hub for decentralized identity, providing enterprise-grade open source tools to its clients and to the community. This includes the [Private Networks](https://indicio.tech/private-networks/) build service, the [Indicio TestNet](https://indicio.tech/indicio-testnet/), and a variety of customizable [training programs](https://indicio.tech/training-packages/).
* [Aries Mobile Agent SDK for Google Flutter](https://ayanworks.medium.com/announcing-arnima-fl-open-source-aries-flutter-mobile-agent-sdk-d3483744ffc8)
> Exactly a year ago in Jan 2020, we announced ARNIMA — first ever Aries React Native Mobile Agent SDK that we made open source for the Self-Sovereign Identity ecosystem.
>
> [...] We are very excited to announce [one more small open-source contribution](https://github.com/ayanworks/ARNIMA-flutter-sdk) from AyanWorks to the Aries community.

96
_posts/identosphere-dump/open-source-projects/hyperledger-umbrella.md → _posts/identosphere-dump/open-source-projects/hyperledger/hyperledger-umbrella.md
View File

@ -7,13 +7,7 @@ published: false
### DIDs Fabric and Decentralized Networking
* [DEON](https://www.hyperledger.org/blog/2020/11/05/deon-a-hyperledger-based-decentralized-off-grid-network) is a new Hyperledger project focused in off-line communication networks, independent of internet infrastructure. This could be used to enable networks of devices to communicate peer-to-peer (without the need to phone home over the internet), inter-enterprise consortia networks, and enabling user-centric data sharing in a more secure and private fashion.
### Aries
* [GlobaliD releases new open source applications](https://medium.com/global-id/globalid-shares-ssi-code-at-the-internet-identity-workshop-446debec43e7)
They open source their open-sourced iOS and Android native Aries frameworks and donated them to the Hyperledger Aries project.
They also shared their Dynamic Governance API using GlobaliD Groups.
* [Add support for "did:indy" to Hyperledger Indy Node and Indy VDR](https://digital.gov.bc.ca/marketplace/opportunities/code-with-us/e3dd1605-cc1d-4c30-a9ee-245940bccd0d) </>Code With Us
Accpting Applications until 1/10 4:00 PM PST
@ -24,6 +18,12 @@ The total funding for the challenge is $70,000CDN and is divided into 4 phases.
The current credential verification process relies on transaction processing by a ledger with transaction processing bottlenecks, which may constrain the ideal of non-repudiation.
* [GlobaliD releases new open source applications](https://medium.com/global-id/globalid-shares-ssi-code-at-the-internet-identity-workshop-446debec43e7)
> They open source their open-sourced iOS and Android native Aries frameworks and donated them to the Hyperledger Aries project.
>
> They also shared their Dynamic Governance API using GlobaliD Groups.
* [Tutorials](https://aries.js.org/guides/tutorials) Aries JavaScript Docs
> First were going to create a holder Agent, this will be the Agent that receives the membership credential. During their life, the holder will collect many different verifiable credentials. Memberships, ID-cards, even purchasing records.
* [Why Are Governments Choosing Hyperledger?](https://northernblock.io/governments-are-choosing-aries-indy-ursa/) Northern Block
@ -73,40 +73,13 @@ There was some discussion about the way to present such a profile, especially th
One alternative, to create a DIDcomm-based protocol for public profile was discussed and would be a good alternative at the cost of every client having to be able to speak DIDcomm.
* [https://github.com/hyperledger/aries-rfcs/blob/master/concepts/0430-machine-readable-governance-frameworks/README.md](https://github.com/hyperledger/aries-rfcs/blob/master/concepts/0430-machine-readable-governance-frameworks/README.md)
* [Setting up Mediator Agent in Ubuntu — (.Net Core service in Linux Box)](https://rangesh.medium.com/setting-up-mediator-agent-in-ubuntu-net-core-service-in-linux-box-b874bb409eed) Rangesh
In a Self Sovereign Environment supported by Hyperledger Indy / Aries agent framework, Mediator Agent is one of the essential components that acts as postman service between Issuer /Verifier Aries Agent and Mobile Agent.
* [Become a Node Operator](https://indicio.tech/blog/be-a-part-of-the-most-dynamic-network-community-in-decentralized-identity/) Indicio
> weve seen a rapid rise in demand for robust, stable, and professionally maintained networks to support decentralized identity solutions. Its not a surprise: decentralized identitys moment has arrived. Thats why weve been hard at work creating Hyperledger Indy networks upon which developers all over the world are building, testing, and launching their solutions.
* [Hyperledger Ursa code review](https://www.hyperledger.org/hyperledger-ursa/2022/05/31/hyperledger-ursa-code-review) Hyperledger
Rooted in a “trust but verify” mindset, several Canadian public sector entities and [Interac](https://www.interac.ca/en/) (Canadas interbank network) sponsored a project at the [Digital Identity Laboratory of Canada](https://idlab.org/) (IDLab) to perform a security and cryptography code review of Hyperledger Ursa  (full report is available [here](https://www.hyperledger.org/wp-content/uploads/2022/05/URSA-IDLab-Code-Review.pdf)).
* [Introducing Hyperledger Aries Framework JavaScript 0.2.0](https://www.hyperledger.org/blog/2022/07/06/introducing-hyperledger-aries-framework-javascript-0-2-0) Hyperledger
The new Hyperledger Aries Framework JavaScript release (0.2.0) contains some incredible steps forward. Especially in our goal to make the framework AIP 2.0 compliant. AIP 2.0 compliance will not only ensure the framework supports the latest standards and protocols, but it will also greatly increase interoperability and make it more useful outside of the Hyperledger Indy ecosystem.
* [Hyperledger Aries Graduates To Active Status; Joins Indy As “Production Ready”](https://www.hyperledger.org/blog/2021/02/26/hyperledger-aries-graduates-to-active-status-joins-indy-as-production-ready-hyperledger-projects-for-decentralized-identity)
“This approval is further evidence that Hyperledger Aries is a breakout success for the Hyperledger community,” said Brian Behlendorf, General Manager for Blockchain, Healthcare and Identity at the Linux Foundation. “Convergence on common libraries for the exchange of credentials will help speed the development of urgently-needed solutions and systems, ranging from education to finance to the fight against the pandemic. Aries is key to that convergence.”
* [Hyperledger Aries Graduates To Active Status](https://www.hyperledger.org/blog/2021/02/26/hyperledger-aries-graduates-to-active-status-joins-indy-as-production-ready-hyperledger-projects-for-decentralized-identity)
The TSC commended the Aries project during the meeting for the projects highly diverse contributors. Achieving a high number of organizations contributing to a project at Hyperledger is often a challenge. Congratulations are due to those participating in and supporting the Aries Project.
* [The Pathway to Becoming a Hyperledger Maintainer](https://www.hyperledger.org/blog/2021/11/03/the-pathway-to-becoming-a-hyperledger-maintainer)
> In this blogpost Im going to share what its like to be a maintainer for the Hyperledger Aries project. Youll learn how you can start contributing and maybe even set yourself on a path to becoming a maintainer.
* [Indicio Wins British Columbia Code With Us Challenge to Upgrade Hyperledger Indy](https://indicio.tech/indicio-wins-british-columbia-code-with-us-challenge-to-upgrade-hyperledger-indy/)
> Most of Hyperledger Indys development occurred prior to the completion of the standard DID Specification by the W3C and, as a result, identifiers written to one network are currently not resolvable on other networks. A new did:indy DID Method will fix that and make it easier for decentralized identity products and services to interoperate across different Indy networks.
* [Hyperledger SSI Ecosystem](https://dev.to/jakubkoci/hyperledger-ssi-ecosystem-4j2p) Jakubkoci
There are three projects under the Hyperledger umbrella related to digital identity. Hyperledger Indy, Aries, and Ursa. [...] describe their purpose and how theyre related to each other.
## Aries \ Indy \ AnonCreds the dialogue continues
* [Learnings from Aries, Indy and Various Verifiable Credential Implementations](https://northernblock.io/learnings-from-aries-indy-and-various-verifiable-credential-implementations/) Northern Block
Standards such as OIDC and mDL are all now in dialogue with W3C, AnonCreds, Aries, etc. Mobile is a predominant technology, just like the way laptops were once upon a time. To reduce consumer friction and drive adoption, convergence of all these different technologies is required inside a mobile environment
* [Indicio completes Hyperledger Indy DID Method—A Milestone in the Evolution of DID Interop](https://indicio.tech/indicio-completes-hyperledger-indy-did-method-a-milestone-in-the-evolution-of-decentralized-identity-network-interoperability/)
@ -118,10 +91,6 @@ The Indy DID Method paves the way for Hyperledger Indy credentials to scale glob
Decentralised Identifiers (DIDs): are often stored on ledgers (e.g., [cheqd](https://github.com/cheqd/node-docs/blob/adr-008-resources-updates/architecture/adr-list/adr-002-cheqd-did-method.md), [Hyperledger Indy](https://hyperledger.github.io/indy-did-method/), distributed storage (e.g., [IPFS](https://ipfs.io/) in [Sidetree](https://identity.foundation/sidetree/spec/)), or non-ledger distributed systems (e.g., [KERI](https://keri.one/)). Yet, DIDs can be stored on traditional centralised-storage endpoints (e.g., [did:web](https://w3c-ccg.github.io/did-method-web/), [did:git](https://github-did.com/)).
* [Hyperledger Aries is the Present and the Future of Internet-Scale Trusted Verifiable Credential Ecosystems](https://indicio.tech/hyperledger-aries-is-the-present-and-the-future-of-internet-scale-trusted-verifiable-credential-ecosystems/) Indicio
While no technology runs perfectly on every device, a signal strength of Aries, AnonCreds, and Indy is that they work on the vast majority of current devices and systems, including $35 smart phones and low powered IOT/embedded devices. They represent the most inclusive way into this technology, which is an important factor in their popularity.
* [AnonCreds Indy-Pendence](https://blog.cheqd.io/anoncreds-indy-pendence-4946367469d4) Cheqd
Part 1: Decoupling the reliance on Hyperledger Indy and creating more extensible AnonCreds Objects with cheqd.
@ -187,12 +156,8 @@ Here, we go through how we went about standing up our Indico node. In brief:
- We used security groups at the network interface level to create a firewall.
- We set up monitoring in AWS CloudWatch using a variety of bash scripting in conjunction with Ubuntu and AWS provided utilities.
- We created a regular maintenance schedule.
* [Hyperledger Mentorship Spotlight: Hyperledger Aries Integration to Support Fabric as Blockchain Ledger](https://www.hyperledger.org/blog/2021/12/06/hyperledger-mentorship-spotlight-hyperledger-aries-integration-to-support-fabric-as-blockchain-ledger)
The Hyperledger Mentorship Program is a structured hands-on learning opportunity for new developers who may otherwise lack the opportunity to gain exposure to Hyperledger open source development and entry to the technical community.
* [Hyperledger KochiOrgBook Meetup](https://www.youtube.com/watch?v=HU0zXKiFYD0) (modeled after [VONx.io](https://vonx.io/)), in collaboration with Wipro, CUSAT, and KBA.
> “KochiOrgBook is a Verifiable Organization Network for the city of Kochi [India]. It is a technology demonstrator to launch a DID based utility compliant with the ToIP standards to enable trusted digital verification for various associations within the city of Kochi.”
* [Getting Internet Identity Right 30 Years On](https://podcasts.google.com/feed/aHR0cHM6Ly9yc3MuYXJ0MTkuY29tL2NvaW5kZXNrLXJlcG9ydHM/episode/Z2lkOi8vYXJ0MTktZXBpc29kZS1sb2NhdG9yL1YwL1B2ZTZ1WThCazZjM24zckdUVVdaQ2YyWGJwQnNuWTBra3N0WWlFOFhBNUk?ep=14) Money ReImagined with Brian Behlendorf.
> Michael Casey and Sheila Warren talk to Hyperledger Executive Director Brian Behlendorf about self-sovereign identity, the topic of this week's column. A developer whose three-decade career has seen him deeply involved in efforts to foster a more open internet, Brian grasps, like few others, the nuances of how human beings should live within a rapidly changing digital economy.
@ -200,55 +165,6 @@ The Hyperledger Mentorship Program is a structured hands-on learning opportunity
With the groundwork complete, networks and agent frameworks now need to incorporate the Indy:DID Method. This community adoption will increase the viability of the Indy and Aries project stack and position it to be the globally dominant way to issue and share verifiable credentials in a multi-ledger world.
* [EU Grant to Help Building Blockchain Infrastructure](https://sphereon.com/news-and-insights/sphereon-wins-an-eu-essif-lab-grant/). Sphereon
> Well be providing a Presentation Exchange that creates interoperability between W3C DIF-compliant Verifiable Credentials and Hyperledger Aries-based Verifiable Credentials for the European Blockchain Services Infrastructure (EBSI).
* [Talking on Aries Bifold, building a community effort around an open source mobile wallet in React Native](https://iiw.idcommons.net/23I/_Talking_on_Aries_Bifold,_building_a_community_effort_around_an_open_source_mobile_wallet_in_React_Native) by James Ebert
Hyperledger Aries Aries Bifold  Aries-Framework-Javascript React Native
Slides: [https://docs.google.com/presentation/d/1XKrgnUUF7nZI-bOqWMKijKZHWThsIjFkVkfPIVy3gkY/edit?usp=sharing](https://docs.google.com/presentation/d/1XKrgnUUF7nZI-bOqWMKijKZHWThsIjFkVkfPIVy3gkY/edit?usp%3Dsharing)
Repo: [https://github.com/hyperledger/aries-mobile-agent-react-native](https://github.com/hyperledger/aries-mobile-agent-react-native)
User Group Meetings: [https://wiki.hyperledger.org/display/ARIES/Aries+Bifold+User+Group+Meetings](https://wiki.hyperledger.org/display/ARIES/Aries%2BBifold%2BUser%2BGroup%2BMeetings)
Rocketchat: [https://chat.hyperledger.org/channel/aries-bifold](https://chat.hyperledger.org/channel/aries-bifold)
Aries-Framework-Javascript: [https://github.com/hyperledger/aries-framework-javascript](https://github.com/hyperledger/aries-framework-javascript)
rn-indy-sdk: [https://github.com/AbsaOSS/rn-indy-sdk](https://github.com/AbsaOSS/rn-indy-sdk)
Discussion on the following topics:
- Face recognition capabilities and discussion
- Discussion of project goals
- Brief demo of current state
- Questions on Ionic vs React Native
- React Native is more broadly adopted
- Need to start somewhere
- Does Aries Bifold plan to support BBS+? Yes, planning on utilizing Aries Askar and surrounding components to enable these capabilities.
- What is the MVP of Aries Bifold?
- Connections
- Coordinate-mediation protocol support
- Credential Exchange
- Revocation
- Aries Bifold interoperability
- AIP 1.0 and AIP 2.0 support
- Aries Agent Test Harness capabilities
- Componentization of Aries Bifold
- Allows the inclusion of the project in existing apps.
- Helps with separation of concerns.
- Use of React Redux
- Packaging and monorepos.
* [...]
Karim Stekelenburg: [https://github.com/microsoft/react-native-tscodegen](https://github.com/microsoft/react-native-tscodegen)
* [SITA uses blockchain, decentralized identity for pilot license verification](https://www.ledgerinsights.com/sita-blockchain-decentralized-identity-for-pilot-license/) Ledgerinsights
Using the [self-sovereign identity](https://www.ledgerinsights.com/tag/self-sovereign-identity/) solution Hyperledger Aries, almost everything works peer to peer between the license issuer and the pilot and between the pilot and the verifier.
* [An automatized Identity and Access Management system for IoT combining SSI and smart contracts](https://arxiv.org/pdf/2201.00231.pdf) Montassar Naghmouchi, Hella Kaffel, and Maryline Laurent

64
_posts/identosphere-dump/open-source-projects/pico.md Normal file
View File

@ -0,0 +1,64 @@
* [Announcing Pico Engine 1.0](https://www.windley.com/archives/2021/02/announcing_pico_engine_10.shtml)
> In addition to the work on the engine itself, one of the primary workstreams at present is to complete Bruce Conrad's excellent work to use DIDs and DIDComm as the basis for inter-pico communication, called ACA-Pico (Aries Cloud Agent - Pico). [...] This work is important because it will replace the current subscriptions method of connecting heterarchies of picos with DIDComm. [...] because DIDComm is protocological, this will support protocol-based interactions between picos, including credential exchange.
* [ACA-Pico working group](https://docs.google.com/document/d/12dWUFyL7u6OQkhnPObJOOlV-U2LDoHpF-ZQLj3hXbjA/edit)
* [Picolab/aries-cloudagent-pico](https://github.com/Picolab/aries-cloudagent-pico)
* [Announcing Pico Engine 1.0](https://www.windley.com/archives/2021/02/announcing_pico_engine_10.shtml)
> In addition to the work on the engine itself, one of the primary workstreams at present is to complete Bruce Conrad's excellent work to use DIDs and DIDComm as the basis for inter-pico communication, called ACA-Pico (Aries Cloud Agent - Pico). [...] This work is important because it will replace the current subscriptions method of connecting heterarchies of picos with DIDComm. [...] because DIDComm is protocological, this will support protocol-based interactions between picos, including credential exchange.
* [Introduction to Picos](https://iiw.idcommons.net/4C/_Introduction_to_Picos) by Phil Windley
IoT, digital twins, device shadows, Conflict-free replicated data type (CRDT), CSP over DIDcomm
* [https://picolabs.io](https://picolabs.io) Pico Labs
* [https://github.com/Picolab/](https://github.com/Picolab/) repos
* [https://picolabs.atlassian.net/wiki](https://picolabs.atlassian.net/wiki) documentation
* [http://stackoverflow.com/questions/tagged/krl](http://stackoverflow.com/questions/tagged/krl) programming Q&A
* [Announcing Pico Engine 1.0](https://www.windley.com/archives/2021/02/announcing_pico_engine_10.shtml)
Pico is short for “Persistent Compute Objects.”
Why Picos
- Persistent, personal, computational nodes → More individual autonomy
- Computational node for anything: person, place, organization, smart thing, dumb thing, concept, even a pothole
- Better, more scalable model for IoT → trillion node networks
- Picos support social things and trustworthy spaces
- Better sharing, more natural relationship-based interactions (borrow my truck, Fuse with two owners)
- Scales
- Substitutable hosting model → freedom of choice
- pico mesh
* [...]
What are Picos?
- “Pico” is a neologism for persistent compute objects.
- Persistence is a core feature of how picos work.
- Picos exhibit persistence in three ways:
- Persistent identity—Picos exist, with a single identity, continuously from the moment of their creation until they are destroyed.
- Persistent state—Picos have state that programs running in the pico can see and alter.
- Persistent availability—Picos are always on and ready to process queries and events.
Pico Engine 1.0 released in January
* [Persistence, Programming, and Picos](https://www.windley.com/archives/2021/02/persistence_programming_and_picos.shtml) -
> Picos show that image-based development can be done in a manner consistent with the best practices we use today without losing the important benefits it brings.
> The project name, PICOS, is an abbreviation of “Privacy and Identity Management for Community Services”. The objective of the project is to advance the state of the art in technologies that provide privacy-enhanced identity and trust management features within complex community-supporting services that are built on Next Generation Networks and delivered by multiple communication service providers. The approach taken by the project is to research, develop, build trial and evaluate an open, privacy-respecting, trust-enabling identity management platform that supports the provision of community services by mobile communication service providers.
>
> Learn more about the [motivation](http://www.picos-project.eu/Motivation.181.0.html), the [objectives](http://www.picos-project.eu/Objectives.182.0.html), [tasks](http://www.picos-project.eu/Tasks.183.0.html) and [achievements](http://www.picos-project.eu/Achievements.190.0.html) of PICOS, and get to know the PICOS exemplary [communities](http://www.picos-project.eu/Communities.184.0.html).
* [Announcing Pico Engine 1.0](https://www.windley.com/archives/2021/02/announcing_pico_engine_10.shtml) Windley
I'm excited to announce a new, stable, production-ready pico engine. The latest release of the Pico Engine (1.X) provides a more modular design that better supports future enhancements and allows picos to be less dependent on a specific engine for operation.
* [Building Decentralized Applications with Pico Networks](https://www.windley.com/archives/2021/02/building_decentralized_applications_with_pico_networks.shtml)
* [Ten Reasons to Use Picos for Your Next Decentralized Programming Project](https://www.windley.com/archives/2021/07/ten_reasons_to_use_picos_for_your_next_decentralized_programming_project.shtml)
Summary: Picos are a programming model for building decentralized applications that provide significant benefits in the form of abstractions that reduce programmer effort. Here are ten eleven reasons you should use picos for your next decentralized application. Temperature Sensor Network Built from Picos I didn't start out to write a programming language that naturally supports

36
_posts/identosphere-dump/open-source-projects/tools-code.md
View File

@ -155,13 +155,6 @@ The tbDEX protocol facilitates decentralized networks of exchange between assets
JSON Web Tokens, or JWTs for short, are all over the web. They can be used to track bits of information about a user in a very compact way and can be used in APIs for authorization purposes. This post will cover what JSON Web Tokens are and how to create JWTs in Python using the most popular JWT library: [PyJWT](http://pyjwt.readthedocs.io/). We are also going to see how you can sign and verify JWTs in Python using asymmetric algorithms.
* [2021 FIDO Developer Challenge: Outcomes and Winners](https://fidoalliance.org/2021-fido-developer-challenge-outcomes-and-winners/)
1. Gold Winner [Lockdrop](https://lockdrop.com/)
2. Silver Winner [Shaxware](https://www.shaxware.com/)
3. Bronze Winner SoundAuth ([Trillbit](https://www.trillbit.com/)
This years FIDO Developer Challenge reached a successful conclusion, with a ceremonial event during [Authenticate 2021](https://authenticatecon.com/event/authenticate-2021-conference/) of the ceremony is available now, and were pleased to share more detailed stories of the three finalists as well as the rest of the teams that made it to the final stage.
* [Clear is better than clever](https://dave.cheney.net/2019/07/09/clear-is-better-than-clever) Cheney.net
@ -215,10 +208,6 @@ Note: the code is written following the
You can find full code here:
[https://github.com/ringaile/ver-cred](https://github.com/ringaile/ver-cred)
* [Indicio.Tech releases Aries Mediator Agent](https://indicio.tech/blog/indicio-tech-advances-decentralized-identity-with-release-of-critical-open-source-technology/)
> The Indicio Mediator Agent is the companys latest contribution to Aries Cloud Agent Python (ACA-Py) and the Aries Toolbox. Following RFC 0211: Mediator Coordination, Indicio built on the work of the open-source community to make mediation interoperable and vendor agnostic. This expands the opportunities for mobile wallet implementations.
> *[...]*
> Indicio.tech is committed to becoming a resource-hub for decentralized identity, providing enterprise-grade open source tools to its clients and to the community. This includes the [Private Networks](https://indicio.tech/private-networks/) build service, the [Indicio TestNet](https://indicio.tech/indicio-testnet/), and a variety of customizable [training programs](https://indicio.tech/training-packages/).
* [Spruce Developer Update #5](https://sprucesystems.medium.com/spruce-developer-update-5-86d6f517a220)
@ -236,24 +225,10 @@ This is so exciting to see what Wayne and his team are building.
* [Trinsic donates did-key.rs to I&D WG](https://medium.com/decentralized-identity/trinsic-donates-did-key-rs-to-i-d-wg-8a278f37bcd0)
> DID:Key, originally specified in the W3C Credentials Community Group (CCG), is a DID “pseudo-method” that allows static, pre-existing, and/or pre-published public keys to function like traditional DIDs — they can be queried, stored, issued against, and resolved to return valid DID documents.
* [DIDKit v0.1 is Live.](https://sprucesystems.medium.com/didkit-v0-1-is-live-d0ea6638dbc9)
> Most other options are subtly locked to a specific blockchain and its particularities, which a self-sovereign identity (SSI) novice is unlikely to notice until months into a project based on it. A few open-source libraries exist to sidestep this infrastructural lock-in, but these are more like primitives for assembling an SSI toolkit than ready-to-go, developer-friendly libraries. DIDKit, on the other hand, is ready to start processing real-world VCs with non-repudiable signatures right out the box.
* [Aries Mobile Agent SDK for Google Flutter](https://ayanworks.medium.com/announcing-arnima-fl-open-source-aries-flutter-mobile-agent-sdk-d3483744ffc8)
> Exactly a year ago in Jan 2020, we announced ARNIMA — first ever Aries React Native Mobile Agent SDK that we made open source for the Self-Sovereign Identity ecosystem.
>
> [...] We are very excited to announce [one more small open-source contribution](https://github.com/ayanworks/ARNIMA-flutter-sdk) from AyanWorks to the Aries community.
* [Announcing Pico Engine 1.0](https://www.windley.com/archives/2021/02/announcing_pico_engine_10.shtml)
> In addition to the work on the engine itself, one of the primary workstreams at present is to complete Bruce Conrad's excellent work to use DIDs and DIDComm as the basis for inter-pico communication, called ACA-Pico (Aries Cloud Agent - Pico). [...] This work is important because it will replace the current subscriptions method of connecting heterarchies of picos with DIDComm. [...] because DIDComm is protocological, this will support protocol-based interactions between picos, including credential exchange.
* [ACA-Pico working group](https://docs.google.com/document/d/12dWUFyL7u6OQkhnPObJOOlV-U2LDoHpF-ZQLj3hXbjA/edit)
* [Picolab/aries-cloudagent-pico](https://github.com/Picolab/aries-cloudagent-pico)
* [New Tools to Support Production Deployments](https://trinsic.id/new-tools-to-support-production-deployments/)
@ -406,17 +381,6 @@ Interoperability
With this badge, they qualify to participate in Plugfest #2 which will focus on issuing and displaying LER VCs. Plugfest #2 will take place in November 2022 with plans to meet in person the day before the [Internet Identity Workshop](https://internetidentityworkshop.com/) on November 14 in Mountainview, CA. If vendors are interested in Plugfest #2 and didnt participate in Plugfest #1, there is still an opportunity to do so by fulfilling the same requirements listed above including the video and earning a Plugfest #1 badge.
OpenID Specs Up for Review
* [Public Review Period for Second Proposed RISC Profile Implementers Draft](https://openid.net/2022/07/05/public-review-period-for-second-proposed-risc-profile-implementers-draft/)
This specification defines event types and their contents based on the [SSE Framework](https://openid.net/specs/openid-risc-profile-specification-1_0-02.html%23SSE-FRAMEWORK) that are required to implement Risk Incident Sharing and Coordination.
* [Public Review Period for Proposed Final OpenID Connect Logout](https://openid.net/2022/07/05/public-review-period-for-proposed-final-openid-connect-logout-specifications/)
Unless issues are identified during the review that the working group believes must be addressed by revising the drafts, this review period will be followed by a seven-day voting period during which OpenID Foundation members will vote on whether to approve these drafts as OpenID Final Specifications.
* [Using a Theory of Justice to Build a Better Web3](https://www.windley.com/archives/2022/05/using_a_theory_of_justice_to_build_a_better_web3.shtml) Phil Windley
Summary: Building a better internet won't happen by chance or simply maximizing freedom. We have to build systems that support justice. How can we do that? Philosophy discussions are the black hole of identity. Once you get in, you can't get out. Nevertheless, I find that I'm drawn to them

2
_posts/identosphere-dump/open-standards/authorization/oauth.md
View File

@ -39,8 +39,6 @@ What is the scope - acquiring a token for direct API access, not necessarily pre
* OpenID: [Public Review Period for Proposed Final OpenID Connect Client-Initiated Backchannel Authentication (CIBA) Core Specification](https://openid.net/2021/06/07/public-review-period-for-proposed-final-openid-connect-client-initiated-backchannel-authentication-ciba-core-specification/)
* OpenID: [Public Review Period for Two Proposed SSE Implementers Drafts](https://openid.net/2021/06/07/public-review-period-for-two-proposed-sse-implementers-drafts/)
* [Matt Flynn: Information Security | Identity & Access Mgmt.](http://360tek.blogspot.com/2021/06/bell-labs-colonial-pipeline-and-multi.html)

10
_posts/identosphere-dump/open-standards/blockchain-standards.md Normal file
View File

@ -0,0 +1,10 @@
# Blockchain Standards
- Blockchain Standards
- ISO/TC 307
- CEN/CENTLIC
- ERC 725
- [ISO/TC 307 “Blockchain and distributed ledger technologies”](https://www.iso.org/committee/6266604.html)
- [CEN/CENELEC JTC 19 “Blockchain and Distributed Ledger Technologies”](https://standards.iteh.ai/catalog/tc/cen/d96ab6b7-aac8-49e9-9ac5-b391bbd2abdc/cen-clc-jtc-19)

60
_posts/identosphere-dump/open-standards/bridging-the-gap.md
View File

@ -1,60 +0,0 @@
---
published: false
---
# Bridging the Gap
* [OpenID Connect for W3C Verifiable Credential Objects](https://iiw.idcommons.net/2F/_OpenID_Connect_for_W3C_Verifiable_Credential_Objects) by Oliver Terbu, Torsten Lodderstedt, Kristina Yasuda, Adam Lemmon, Tobias Looker
Slides: [https://www.slideshare.net/TorstenLodderstedt/openid-connect-for-w3c-verifiable-credential-objects](https://www.slideshare.net/TorstenLodderstedt/openid-connect-for-w3c-verifiable-credential-objects)
- Have been incubated in OpenID Foundation and DIFs joint Self-Issued OpenID Provider WG - contact Kristina ([kristina.yasuda@microsoft.com](mailto:kristina.yasuda@microsoft.com) for participation details)
* [Integrating FIDO with Verifiable Credentials (8.30 am start)](https://iiw.idcommons.net/10E/_Integrating_FIDO_with_Verifiable_Credentials_(8.30_am_start)) by David Chadwick
* [The Use of FIDO2 and Verifiable Credentials (David Chadwick)](https://youtube.com/watch?v%3Dl3taGxBdrRU)
W3C Web Authentication (FIDO2) provides a mechanism for strong authentication whilst W3C Verifiable Credentials provide a mechanism for strong identification and authorisation. Together they make an unbeatable pair for identity management.
Prof. David Chadwick presented work on sharing W3C Verifiable Crendentials via FIDO2 key setup with issuers of credentials.  In a nutshell, the holder and issuer use the WebAuthN protocol to strongly authenticate before the issuer protects the credentials with its signature.  Upon providing credentials to a relying party, the issuer (acting in an IDP capacity, so they must be online) will verify the identity of the holder via FIDO2 WebAuthN so that the credentials (or selected claims in the credentials for selective disclosure) can be shared with the relying party.  Ephemeral keys are created to bind the holder with such credentials shared to the relying party/verifier.  The relying party/verifier can use X.509 certs to confirm that the issuer is valid by checking the signature on the derived credential from the holder.
* [SIOP Use-cases - IIW Spring 2021](https://docs.google.com/presentation/d/1a0C4HvVYwwwDqSw3tgPNhy9Iqyufy9oZdnMgl7rQ9Vc/edit%23slide%3Did.p)
- Continuity of a service
- Offline Authentication
- Speed, reduced latency
- Choice, Portability
- Privacy
* [Mapping FHIR JSON resource to W3C Vaccination vocabulary : A semantic data pipeline](https://iiw.idcommons.net/index.php?title%3D12H/_Mapping_FHIR_JSON_resource_to_W3C_Vaccination_vocabulary_:_A_semantic_data_pipeline%26action%3Dedit%26redlink%3D1) by John Walker
* [DID chooser for SIOP](https://iiw.idcommons.net/20A/_DID_chooser_for_SIOP) by tom jones & friends
* [https://docs.google.com/presentation/d/1OaMecHecTUexv1skJZoYzJoHKYH8H03REFpFstLRjPg/edit?ts=607b7e5d#slide=id.gd2c45a9dcd_7_21](https://docs.google.com/presentation/d/1OaMecHecTUexv1skJZoYzJoHKYH8H03REFpFstLRjPg/edit?ts%3D607b7e5d%23slide%3Did.gd2c45a9dcd_7_21)
Goal is to allow folks to pick their DID they want to use for a website.
“Subject choosing which DID to present”.
Use case:
A user goes to an RP, and decides to register for return visits.
RP cant offer folks the Nascar Problem (too many IDP logos on the login screen).
Select a Wallet vs Select a Wallet and Identifier.
What happens when SIOP arrives?
We will need a DID chooser.
Some wallets will hold credentials for multiple identifiers, some will hold only 1.
An RP offers users multiple options for registration (Google, Facebook, Yahoo…. And coming soon… Personal)
RP should disclose their ID and why they are asking the user for what data.
Options we consider:
- [https://w3c-ccg.github.io/credential-handler-api/](https://w3c-ccg.github.io/credential-handler-api/)
- [https://w3c-ccg.github.io/vp-request-spec/#format](https://w3c-ccg.github.io/vp-request-spec/%23format)
- [https://specs.bloom.co/wallet-and-credential-interactions/](https://specs.bloom.co/wallet-and-credential-interactions/)
- [https://github.com/w3c-ccg/universal-wallet-interop-spec/issues/84](https://github.com/w3c-ccg/universal-wallet-interop-spec/issues/84)

2
_posts/identosphere-dump/open-standards/exchange-protocol/didcomm.md
View File

@ -94,8 +94,6 @@ In short, ECDH-1PU is a key derivation process that allows for sender authentici
> The TrustBloc hub-router is a working implementation of the Mediator Coordination and the Pickup protocols built using Hyperledger Aries Framework - Go.
* [DIDComm Messaging through libp2p](https://medium.com/uport/didcomm-messaging-through-libp2p-cffe0f06a062) uPort
> Peers would still use their peer ID for [libp2p](https://libp2p.io/) routing and authentication. Alice and Bob would exchange their [DID](https://www.w3.org/TR/did-core/) out of band and will be able to find their counterpartys peer ID via their [DIDs](https://www.w3.org/TR/did-core/).
* [Announcing Pico Engine 1.0](https://www.windley.com/archives/2021/02/announcing_pico_engine_10.shtml)
> In addition to the work on the engine itself, one of the primary workstreams at present is to complete Bruce Conrad's excellent work to use DIDs and DIDComm as the basis for inter-pico communication, called ACA-Pico (Aries Cloud Agent - Pico). [...] This work is important because it will replace the current subscriptions method of connecting heterarchies of picos with DIDComm. [...] because DIDComm is protocological, this will support protocol-based interactions between picos, including credential exchange.
* [DIDComm Messaging through libp2p](https://medium.com/uport/didcomm-messaging-through-libp2p-cffe0f06a062) Oliver Terbu
> We outlined the next generation decentralized messaging solution built on top of [DIDComm Messaging](https://identity.foundation/didcomm-messaging/spec/), [DIDs](https://www.w3.org/TR/did-core/) and [VCs](https://www.w3.org/TR/vc-data-model/) and a [libp2p](https://libp2p.io/) overlay network. We presented how Alice and Bob establish a connection, exchange messages and demonstrated what connection types are supported.
* [DIF F2FJan21 - DIDComm Demo Session with Ivan Temchenko, Tobias Looker, and Oliver Terbu](https://www.youtube.com/watch?v=SaNvIorKQ9I&feature=youtu.be)

113
_posts/identosphere-dump/open-standards/exchange-protocol/exchange-protocols.md
View File

@ -157,119 +157,6 @@ DIDComm v1, there is AIP v1 and AIP v2 :)
Where does it go?
### OIDC-SOIP
Self-Issued OpenID Connect Provider or  OIDC-SOIP  was created to take advantage of the fact that there are several 100,000 implementations of OpenID Connect on todays web. This method of exchange verifiable credentials leverages that infrastructure with a few small changes to support OpenID enabled sites to be able to accept verifiable credentials. Holders have wallets or agents that they use to interact with a system. The protocols to do this are being worked on jointly by the OpenID Foundation and Decentralized Identity Foundation.
* [OIDC Credential Provider](https://medium.com/mattr-global/introducing-oidc-credential-provider-7845391a9881) Mattr Global. Dec 15, 2000
* [State of identity on the web](https://medium.com/mattr-global/the-state-of-identity-on-the-web-cffc392bc7ea) Mattr Global. March 14, 2021
Current MATTR spec for OpenID Credential Exchange: [OpenID Connect Credential Provider](https://mattrglobal.github.io/oidc-client-bound-assertions-spec/)
* [More Killer Whale Jello Salad…figuring out how credential exchange can harmonize.](https://iiw.idcommons.net/24B/_More_Killer_Whale_Jello_Salad...figuring_out_how_credential_exchange_can_harmonize.) by Kaliya Young et al.
> - Because what we need is interoperable - issuance - issue-> holder || holder -> verifier some conversation about SIOP - has not been the focus of the discussion.
> - Goal to create a bridge between
> - the W3C CCG / DHS SVIP - VCI-HTTP-API (VHA) in combination with CHAPI protocol and the (VC Request) for issuing credentials.
> - Aries protocols run on top of DIDComm
> - If we agree on a credential format we can exchange across those universes - JSON-LD ZKP BBS+ then we need a protocol to do it - can go between.
> - Orie proposed - that we rather then extend VHA - that the we take a streamlined path with DIDComm as envelop layer - present proof - presentation exchange as a payload including the DIF work presentation, Aries and hopefully alternative to expanding VHA - for holder interactions - since it doesnt have a holder interactions leverage existing
> - So can be tested with next SVIP - testing.
> - Presentation Exchange and use of DIDComm and for sake of interop testing pave a narrow path - and expand in future interoperability efforts.
> - Summary: DIDComm, Presentation request, presentation exchange, present proof format using JSON-LD ZKP with BBS+
* [OpenID Connect Presentation at IIW XXXII](https://self-issued.info/?p%3D2167)
- [OpenID Connect](https://openid.net/connect/)
- [Frequently Asked Questions](https://openid.net/connect/faq/)
- [Working Group Mailing List](https://lists.openid.net/mailman/listinfo/openid-specs-ab)
- [OpenID Certification Program](https://openid.net/certification/)
- [Certified OpenID Connect Implementations Featured for Developers](https://openid.net/developers/certified/)
* [OpenID Connect Credential Provider](https://medium.com/mattr-global/introducing-oidc-credential-provider-7845391a9881) Mattr
* [OIDC Credential Provider](https://mattrglobal.github.io/oidc-client-bound-assertions-spec/) is “an extension to OpenID Connect which enables the end-user to request credentials from an OpenID Provider and manage their own credentials in a digital wallet.”
* [CREATE AN OIDC CREDENTIAL ISSUER WITH MATTR AND ASP.NET CORE](https://damienbod.com/2021/05/03/create-an-oidc-credential-issuer-with-mattr-and-asp-net-core/)
> This article shows how to create and issue verifiable credentials using [MATTR](https://mattr.global/) and an [ASP.NET Core](https://docs.microsoft.com/en-us/aspnet/core/introduction-to-aspnet-core). The ASP.NET Core application allows an admin user to create an OIDC credential issuer using the MATTR service. The credentials are displayed in an ASP.NET Core Razor Page web UI as a QR code for the users of the application.
* [Use CodeB SSI as OpenID Connect Identity Provider for WordPress](https://blog.codeb.io/use-codeb-ssi-as-oidc-identity-provider-for-wordpress/) CodeB
The Self-Sovereign Identity System of CodeB does not only support W3C DIDs but comes also with an inbuilt OpenID Connect (OIDC) Identity Provider. [OpenID Connect meets distributed Self-Sovereign Identities.](https://www.codeb.io/openid-connect-meets-distributed-self-sovereign-identities/)
* [Spruce Developer Update #20](https://blog.spruceid.com/spruce-developer-update-20/)
We've set up a [release pipeline](https://github.com/spruceid/ens-oidc/) and had our first witnessed deployment for the ENS Community-Maintained OIDC IdP ([more info here](https://blog.spruceid.com/sign-in-with-ethereum-decentralizing-an-identity-provider-server/)
* [Use-cases: OIDC for Verifiable Credentials - How do you want to use Identity Provider you control?](https://iiw.idcommons.net/12G/_Use-cases:_OIDC_for_Verifiable_Credentials_-_How_do_you_want_to_use_Identity_Provider_you_control%253F) by Oliver Terbu, Torsten Lodderstedt, Kristina Yasuda, Adam Lemmon, Tobias Looker
* [Browser APIs to enable OpenID Session Management and Privacy](https://iiw.idcommons.net/13L/_Browser_APIs_to_enable_OpenID_Session_Management_and_Privacy) by Sam Goto
How does logout in OIDC happen?
- Classification problem - browsers do not know it is a logout now
- Easiest way
- Browser asks for a user consent
- Hard from a permission implementation perspective
- Tim: No issues with this idea
- If user logged into several OPs, user will not look to all the ones they log out from
- Option2
- Browser classifies signing-in event
- On log out does not prompt the user and IdP has no incentives to lie
- RPs get to determine if they want to log the user out or not
- Whether you can swap generic frame with fenced frame, frame can see its own cookies
- May not be able to pass any parameters that you need to pass; no link decoration for framed frame
- Subdomains also considered, but not well thought out
- Logout URL - other option to add, but more work for RP: Resource metadata. Specification - not much adoption. It just feels like a place where RP metadata could be declared which could be useful in this context of the RP defining its metadata (e.g. what IDP it uses
- [draft-jones-oauth-resource-metadata-01 - OAuth 2.0 Protected Resource Metadata (ietf.org)](https://tools.ietf.org/html/draft-jones-oauth-resource-metadata-01)
- On digression: [https://cloudidentity.com/blog/wp-content/uploads/2013/01/3252.image_5F00_04277494.png](https://cloudidentity.com/blog/wp-content/uploads/2013/01/3252.image_5F00_04277494.png)
- Messy real-life situation - sign in to AAD with OIDC and WS-fed; register something at sign-in. From a user, same account, does not matter which protocol is used
- What needs more to be discussed what log out means to the user
- User does not understand when they log out from office, they also log out from Azure
- Also a developer choice
- Relevant one, but not much browsers can do about
- If a bigger picture is browser wants to be in the middle, browser can do something in this area too.
- Ugly part of logout - mechanisms to allow the range of services
- IdP does not need to send back list of all RPs user is logging out from
- Idea not entirely off for IdP to tell a browser from there it wants to log user out from
- Browser have confident of the user intent
- Prompt the user for the intent - never a good idea
- Logout API that community can control a behaviour of
- You call it, browser logs it, and tell where the user left of
- Browser observes the login - passively. Heuristics - what if the browser has not seen it..
- some of this is already starting to show up in chrome canarie
- [https://chromium-review.googlesource.com/c/chromium/src/+/2837551](https://chromium-review.googlesource.com/c/chromium/src/%2B/2837551)
- If domain name ETLD of the issuer is the same as IdP, automatically logs out
* […]
- Looks like we can preserve session management if we figure out logout
- Next would be good to see pseudo code with concrete scenario and sequence diagrams
- Pseudo text: [https://github.com/WICG/WebID/blob/main/cookies.md#logout](https://github.com/WICG/WebID/blob/main/cookies.md%23logout)
- Prototype is being built
- AOB? At IIW?
- Understand what third party cookies actually mean - no cookies at all? Partition cookies going away. The way firefox is doing it?
* [The State of Identity on the Web](https://medium.com/mattr-global/the-state-of-identity-on-the-web-cffc392bc7ea) Mattr
> This article discusses how the success of Open ID Connect shaped the state of identity on the web, how new web standards enable a new model, and describes a bridge between those worlds: [OIDC Credential provider](https://mattrglobal.github.io/oidc-client-bound-assertions-spec/).
> This cycle perpetuates the dominance of a few major IdPs and likewise forces users to keep choosing from the same set of options or risk losing access to all of their online accounts. In addition, many of these IdPs have leveraged their role as central intermediaries to increase surveillance and user behavior tracking, not just across their proprietary services, but across a users entire web experience.
> [...]
> [OIDC Credential Provider](https://mattrglobal.github.io/oidc-client-bound-assertions-spec/) allows you to extend OIDC to allow IdPs to issue reusable VCs about the end-user instead of simple identity tokens with limited functionality. It allows end-users to request credentials from an OpenID Provider and manage their own credentials in a [digital wallet](https://learn.mattr.global/concepts/digital-wallets) under their control.
* [@kimdhamilton](https://twitter.com/kimdhamilton) · [May 25](https://twitter.com/kimdhamilton/status/1397241823190523904)
I've read every decentralized identity protocol so you don't have to. They all just read like "nothing to see here, just f- right off" Oh, except for OIDC Credential Provider. Well done to them!
* [How a combination of Federated identity and Verifiable Credentials can help with Customer onboarding](https://pranavkirtani.medium.com/how-a-combination-of-federated-identity-and-verifiable-credentials-can-help-with-customer-7e6518feb018) Pranav Kirtani
Before we dive into how Federated systems like OIDC and SAML along with Verifiable Credentials (VC) can help improve customer onboarding to your application, let us first understand what are the current methods being used for onboarding.
* [OIDC with SIOPv2 and DIF Presentation Exchange](https://vimeo.com/630104529) Sphereon
* [First Public Review Period for OpenID Connect SIOPV2 and OIDC4VP Specifications Started](https://openid.net/2021/12/17/first-public-review-period-for-openid-connect-siopv2-and-oidc4vp-specifications-started/) OpenID
- Implementers Drafts public review period: Friday, December 17, 2021 to Monday, January 31, 2022 (45 days)
- Implementers Drafts vote announcement: Tuesday, January 18, 2022
- Implementers Drafts voting period: Tuesday, February 1, 2022 to Tuesday, February 8, 2022 *
* [First Implementers Drafts of OpenID Connect SIOPV2 and OIDC4VP Specifications Approved](https://openid.net/2022/02/08/first-implementers-drafts-of-openid-connect-siopv2-and-oidc4vp-specifications-approved/) OpenID
* [Vote for First Implementers Drafts of OIDConnect SIOPV2 and OIDC4VP Specifications](https://openid.net/2022/01/18/notice-of-vote-for-first-implementers-drafts-of-openid-connect-siopv2-and-oidc4vp-specifications/) OpenID
The official voting period will be between Tuesday, February 1, 2022 and Tuesday, February 8, 2022, following the [45-day review](https://openid.net/2021/12/17/first-public-review-period-for-openid-connect-siopv2-and-oidc4vp-specifications-started/) of the specifications.
* [Differences between SAML, OAuth & OIDC (OpenID Connect)](https://www.ubisecure.com/education/differences-between-saml-oauth-openid-connect/)
> SAML 2.0 - Security Assertion Markup Language
>
> OAuth 2.0 - Web Authorization Protocol
> OpenID Connect 1.0 (OIDC) - Simple identity layer on top of OAuth 2.0
### Assorted
- Work within DIF

3
_posts/identosphere-dump/open-standards/exchange-protocol/mdl.md
View File

@ -32,6 +32,8 @@ The ISO mDL specification (ISO-compliant Driving License or IDL)  is purpose dr
- include the ability to update information frequently, and to authenticate information at a high level of confidence.
* [Verifiable Driver's Licenses and ISO-18013-5 (mDL)](https://lists.w3.org/Archives/Public/public-credentials/2021Nov/0105.html) Manu Sporny (Monday, 29 November)
> Spruce, MATTR, and Digital Bazaar have collaborated on creating an interoperability test suite for something we're calling the "Verifiable Driver's License" (temporary name):
* [ISO/IEC 18013-5 vs Self-Sovereign Identity: A proposal for an mDL Verifiable Credential](https://www.procivis.ch/post/iso-iec-18013-5-vs-self-sovereign-identity-a-proposal-for-an-mdl-verifiable-credential) Procivis
> in the context of government identity programs we see it as useful to compare them on the following parameters background, credential data model & trust anchor and transmission protocols.
* [Community Project on mDL and VCs](https://newsletter.identosphere.net/i/73037307/where-the-wc-verifiable-credentials-meets-the-iso-mobile-driving-license)
@ -45,3 +47,4 @@ A global digital ID association has published steps vendors and others need to t
* [An Identity Wallet Bill of Rights - Starting With the Mobile Driver License](https://blog.spruceid.com/an-identity-wallet-bill-of-rights/) Spruce Systems
Spruces continued mission is to let users control their data across the web, whether its web2, web3, or beyond. This also applies to credentials issued by existing entities, such as the Mobile Driver License (mDL) issued by motor vehicle authorities across the world.
- [The selective disclosure industry landscape, including Verifiable Credentials and ISO Mobile Driver Licenses (mDL)](https://datatracker.ietf.org/meeting/114/materials/slides-114-jwp-why-selective-disclosure-00)  [Kristina Yasuda](https://twitter.com/kristinayasuda)

259
_posts/identosphere-dump/open-standards/exchange-protocol/oidc.md Normal file
View File

@ -0,0 +1,259 @@
# OpenID Connect
* [Public Review Period for Proposed Final OpenID Connect Logout](https://openid.net/2022/07/05/public-review-period-for-proposed-final-openid-connect-logout-specifications/)
Unless issues are identified during the review that the working group believes must be addressed by revising the drafts, this review period will be followed by a seven-day voting period during which OpenID Foundation members will vote on whether to approve these drafts as OpenID Final Specifications.
### OIDC-SOIP
Self-Issued OpenID Connect Provider or  OIDC-SOIP  was created to take advantage of the fact that there are several 100,000 implementations of OpenID Connect on todays web. This method of exchange verifiable credentials leverages that infrastructure with a few small changes to support OpenID enabled sites to be able to accept verifiable credentials. Holders have wallets or agents that they use to interact with a system. The protocols to do this are being worked on jointly by the OpenID Foundation and Decentralized Identity Foundation.
* [OIDC Credential Provider](https://medium.com/mattr-global/introducing-oidc-credential-provider-7845391a9881) Mattr Global. Dec 15, 2000
* [State of identity on the web](https://medium.com/mattr-global/the-state-of-identity-on-the-web-cffc392bc7ea) Mattr Global. March 14, 2021
Current MATTR spec for OpenID Credential Exchange: [OpenID Connect Credential Provider](https://mattrglobal.github.io/oidc-client-bound-assertions-spec/)
* [More Killer Whale Jello Salad…figuring out how credential exchange can harmonize.](https://iiw.idcommons.net/24B/_More_Killer_Whale_Jello_Salad...figuring_out_how_credential_exchange_can_harmonize.) by Kaliya Young et al.
> - Because what we need is interoperable - issuance - issue-> holder || holder -> verifier some conversation about SIOP - has not been the focus of the discussion.
> - Goal to create a bridge between
> - the W3C CCG / DHS SVIP - VCI-HTTP-API (VHA) in combination with CHAPI protocol and the (VC Request) for issuing credentials.
> - Aries protocols run on top of DIDComm
> - If we agree on a credential format we can exchange across those universes - JSON-LD ZKP BBS+ then we need a protocol to do it - can go between.
> - Orie proposed - that we rather then extend VHA - that the we take a streamlined path with DIDComm as envelop layer - present proof - presentation exchange as a payload including the DIF work presentation, Aries and hopefully alternative to expanding VHA - for holder interactions - since it doesnt have a holder interactions leverage existing
> - So can be tested with next SVIP - testing.
> - Presentation Exchange and use of DIDComm and for sake of interop testing pave a narrow path - and expand in future interoperability efforts.
> - Summary: DIDComm, Presentation request, presentation exchange, present proof format using JSON-LD ZKP with BBS+
* [OpenID Connect Presentation at IIW XXXII](https://self-issued.info/?p%3D2167)
- [OpenID Connect](https://openid.net/connect/)
- [Frequently Asked Questions](https://openid.net/connect/faq/)
- [Working Group Mailing List](https://lists.openid.net/mailman/listinfo/openid-specs-ab)
- [OpenID Certification Program](https://openid.net/certification/)
- [Certified OpenID Connect Implementations Featured for Developers](https://openid.net/developers/certified/)
* [OpenID Connect Credential Provider](https://medium.com/mattr-global/introducing-oidc-credential-provider-7845391a9881) Mattr
* [OIDC Credential Provider](https://mattrglobal.github.io/oidc-client-bound-assertions-spec/) is “an extension to OpenID Connect which enables the end-user to request credentials from an OpenID Provider and manage their own credentials in a digital wallet.”
* [CREATE AN OIDC CREDENTIAL ISSUER WITH MATTR AND ASP.NET CORE](https://damienbod.com/2021/05/03/create-an-oidc-credential-issuer-with-mattr-and-asp-net-core/)
> This article shows how to create and issue verifiable credentials using [MATTR](https://mattr.global/) and an [ASP.NET Core](https://docs.microsoft.com/en-us/aspnet/core/introduction-to-aspnet-core). The ASP.NET Core application allows an admin user to create an OIDC credential issuer using the MATTR service. The credentials are displayed in an ASP.NET Core Razor Page web UI as a QR code for the users of the application.
* [Use CodeB SSI as OpenID Connect Identity Provider for WordPress](https://blog.codeb.io/use-codeb-ssi-as-oidc-identity-provider-for-wordpress/) CodeB
The Self-Sovereign Identity System of CodeB does not only support W3C DIDs but comes also with an inbuilt OpenID Connect (OIDC) Identity Provider. [OpenID Connect meets distributed Self-Sovereign Identities.](https://www.codeb.io/openid-connect-meets-distributed-self-sovereign-identities/)
* [Spruce Developer Update #20](https://blog.spruceid.com/spruce-developer-update-20/)
We've set up a [release pipeline](https://github.com/spruceid/ens-oidc/) and had our first witnessed deployment for the ENS Community-Maintained OIDC IdP ([more info here](https://blog.spruceid.com/sign-in-with-ethereum-decentralizing-an-identity-provider-server/)
* [Use-cases: OIDC for Verifiable Credentials - How do you want to use Identity Provider you control?](https://iiw.idcommons.net/12G/_Use-cases:_OIDC_for_Verifiable_Credentials_-_How_do_you_want_to_use_Identity_Provider_you_control%253F) by Oliver Terbu, Torsten Lodderstedt, Kristina Yasuda, Adam Lemmon, Tobias Looker
* [Browser APIs to enable OpenID Session Management and Privacy](https://iiw.idcommons.net/13L/_Browser_APIs_to_enable_OpenID_Session_Management_and_Privacy) by Sam Goto
How does logout in OIDC happen?
- Classification problem - browsers do not know it is a logout now
- Easiest way
- Browser asks for a user consent
- Hard from a permission implementation perspective
- Tim: No issues with this idea
- If user logged into several OPs, user will not look to all the ones they log out from
- Option2
- Browser classifies signing-in event
- On log out does not prompt the user and IdP has no incentives to lie
- RPs get to determine if they want to log the user out or not
- Whether you can swap generic frame with fenced frame, frame can see its own cookies
- May not be able to pass any parameters that you need to pass; no link decoration for framed frame
- Subdomains also considered, but not well thought out
- Logout URL - other option to add, but more work for RP: Resource metadata. Specification - not much adoption. It just feels like a place where RP metadata could be declared which could be useful in this context of the RP defining its metadata (e.g. what IDP it uses
- [draft-jones-oauth-resource-metadata-01 - OAuth 2.0 Protected Resource Metadata (ietf.org)](https://tools.ietf.org/html/draft-jones-oauth-resource-metadata-01)
- On digression: [https://cloudidentity.com/blog/wp-content/uploads/2013/01/3252.image_5F00_04277494.png](https://cloudidentity.com/blog/wp-content/uploads/2013/01/3252.image_5F00_04277494.png)
- Messy real-life situation - sign in to AAD with OIDC and WS-fed; register something at sign-in. From a user, same account, does not matter which protocol is used
- What needs more to be discussed what log out means to the user
- User does not understand when they log out from office, they also log out from Azure
- Also a developer choice
- Relevant one, but not much browsers can do about
- If a bigger picture is browser wants to be in the middle, browser can do something in this area too.
- Ugly part of logout - mechanisms to allow the range of services
- IdP does not need to send back list of all RPs user is logging out from
- Idea not entirely off for IdP to tell a browser from there it wants to log user out from
- Browser have confident of the user intent
- Prompt the user for the intent - never a good idea
- Logout API that community can control a behaviour of
- You call it, browser logs it, and tell where the user left of
- Browser observes the login - passively. Heuristics - what if the browser has not seen it..
- some of this is already starting to show up in chrome canarie
- [https://chromium-review.googlesource.com/c/chromium/src/+/2837551](https://chromium-review.googlesource.com/c/chromium/src/%2B/2837551)
- If domain name ETLD of the issuer is the same as IdP, automatically logs out
* […]
- Looks like we can preserve session management if we figure out logout
- Next would be good to see pseudo code with concrete scenario and sequence diagrams
- Pseudo text: [https://github.com/WICG/WebID/blob/main/cookies.md#logout](https://github.com/WICG/WebID/blob/main/cookies.md%23logout)
- Prototype is being built
- AOB? At IIW?
- Understand what third party cookies actually mean - no cookies at all? Partition cookies going away. The way firefox is doing it?
* [The State of Identity on the Web](https://medium.com/mattr-global/the-state-of-identity-on-the-web-cffc392bc7ea) Mattr
> This article discusses how the success of Open ID Connect shaped the state of identity on the web, how new web standards enable a new model, and describes a bridge between those worlds: [OIDC Credential provider](https://mattrglobal.github.io/oidc-client-bound-assertions-spec/).
> This cycle perpetuates the dominance of a few major IdPs and likewise forces users to keep choosing from the same set of options or risk losing access to all of their online accounts. In addition, many of these IdPs have leveraged their role as central intermediaries to increase surveillance and user behavior tracking, not just across their proprietary services, but across a users entire web experience.
> [...]
> [OIDC Credential Provider](https://mattrglobal.github.io/oidc-client-bound-assertions-spec/) allows you to extend OIDC to allow IdPs to issue reusable VCs about the end-user instead of simple identity tokens with limited functionality. It allows end-users to request credentials from an OpenID Provider and manage their own credentials in a [digital wallet](https://learn.mattr.global/concepts/digital-wallets) under their control.
* [@kimdhamilton](https://twitter.com/kimdhamilton) · [May 25](https://twitter.com/kimdhamilton/status/1397241823190523904)
I've read every decentralized identity protocol so you don't have to. They all just read like "nothing to see here, just f- right off" Oh, except for OIDC Credential Provider. Well done to them!
* [How a combination of Federated identity and Verifiable Credentials can help with Customer onboarding](https://pranavkirtani.medium.com/how-a-combination-of-federated-identity-and-verifiable-credentials-can-help-with-customer-7e6518feb018) Pranav Kirtani
Before we dive into how Federated systems like OIDC and SAML along with Verifiable Credentials (VC) can help improve customer onboarding to your application, let us first understand what are the current methods being used for onboarding.
* [OIDC with SIOPv2 and DIF Presentation Exchange](https://vimeo.com/630104529) Sphereon
* [First Public Review Period for OpenID Connect SIOPV2 and OIDC4VP Specifications Started](https://openid.net/2021/12/17/first-public-review-period-for-openid-connect-siopv2-and-oidc4vp-specifications-started/) OpenID
- Implementers Drafts public review period: Friday, December 17, 2021 to Monday, January 31, 2022 (45 days)
- Implementers Drafts vote announcement: Tuesday, January 18, 2022
- Implementers Drafts voting period: Tuesday, February 1, 2022 to Tuesday, February 8, 2022 *
* [First Implementers Drafts of OpenID Connect SIOPV2 and OIDC4VP Specifications Approved](https://openid.net/2022/02/08/first-implementers-drafts-of-openid-connect-siopv2-and-oidc4vp-specifications-approved/) OpenID
* [Vote for First Implementers Drafts of OIDConnect SIOPV2 and OIDC4VP Specifications](https://openid.net/2022/01/18/notice-of-vote-for-first-implementers-drafts-of-openid-connect-siopv2-and-oidc4vp-specifications/) OpenID
The official voting period will be between Tuesday, February 1, 2022 and Tuesday, February 8, 2022, following the [45-day review](https://openid.net/2021/12/17/first-public-review-period-for-openid-connect-siopv2-and-oidc4vp-specifications-started/) of the specifications.
* [Differences between SAML, OAuth & OIDC (OpenID Connect)](https://www.ubisecure.com/education/differences-between-saml-oauth-openid-connect/)
> SAML 2.0 - Security Assertion Markup Language
>
> OAuth 2.0 - Web Authorization Protocol
> OpenID Connect 1.0 (OIDC) - Simple identity layer on top of OAuth 2.0
* [OpenID Presentations at December 2021 OpenID Virtual Workshop](https://self-issued.info/?p%3D2214)
- OpenID Connect Working Group [(PowerPoint)](http://self-issued.info/presentations/OpenID_Connect_Working_Group_9-Dec-21.pptx) [(PDF)](http://self-issued.info/presentations/OpenID_Connect_Working_Group_9-Dec-21.pdf)
- OpenID Enhanced Authentication Profile (EAP) Working Group [(PowerPoint)](http://self-issued.info/presentations/OpenID_EAP_Working_Group_9-Dec-21.pptx) [(PDF)](http://self-issued.info/presentations/OpenID_EAP_Working_Group_9-Dec-21.pdf)
use of IETF Token Binding specifications with OpenID Connect and integration with FIDO relying parties and/or other strong authentication technologies.”
* [DIF and OIDF cooperation](https://medium.com/decentralized-identity/dif-oidf-9753b9bd0093)
> to work together on areas of mutual interest, allowing working groups to align and coordinate through dual-members. The first major collaboration, which has already been underway for weeks, is a process for revising the Self-Issued OpenID Connect (SIOP) chapter of the OpenID Connect (OIDC) specification.
* [OpenID Connect Client-Initiated Backchannel Authentication (CIBA) Core is now a Final Specification](https://openid.net/2021/09/01/openid-connect-client-initiated-backchannel-authentication-ciba-core-is-now-a-final-specification/)
The OpenID Foundation membership has approved the following [MODRNA](https://openid.net/wg/mobile/) specification as an OpenID Final Specification:
* [OpenID Connect Presentation at 2021 European Identity and Cloud (EIC) Conference](https://self-issued.info/?p%3D2187)
I gave the following presentation on the [OpenID Connect Working Group](https://openid.net/wg/connect/) during the [September 13, 2021 OpenID Workshop](https://openid.net/oidf-workshop-at-eic-2021-monday-september-13-2021/) at the [2021 European Identity and Cloud (EIC) conference](https://www.kuppingercole.com/events/eic2021/). As I noted during the talk, this is an exciting time for OpenID Connect; theres more happening now than at any time since the original OpenID Connect specs were created!
- OpenID Connect Working Group [(PowerPoint)](http://self-issued.info/presentations/OpenID_Connect_Working_Group_13-Sep-21.pptx) [(PDF)](http://self-issued.info/presentations/OpenID_Connect_Working_Group_13-Sep-21.pdf)
* [OIDC with SIOPv2 and DIF Presentation Exchange](https://vimeo.com/630104529) Sphereon
* [OpenID Connect Presentation at IIW XXXIII](https://self-issued.info/?p%3D2196) Mike Jones
- Introduction to OpenID Connect [(PowerPoint)](https://self-issued.info/presentations/OpenID_Connect_Introduction_12-Oct-21.pptx) [(PDF)](https://self-issued.info/presentations/OpenID_Connect_Introduction_12-Oct-21.pdf)
The session was well attended. There was a good discussion about the use of passwordless authentication with OpenID Connect.
* [First Implementers Drafts of OpenID Connect SIOPV2 and OIDC4VP Specifications Approved](https://openid.net/2022/02/08/first-implementers-drafts-of-openid-connect-siopv2-and-oidc4vp-specifications-approved/) OpenID
- [Self-Issued OpenID Provider v2](https://openid.net/specs/openid-connect-self-issued-v2-1_0-07.html)
- [OpenID Connect for Verifiable Presentations](https://openid.net/specs/openid-connect-4-verifiable-presentations-1_0-08.html)
* [Nat describes GAIN](https://nat.sakimura.org/2021/09/14/announcing-gain/) as an overlay network on top of the Internet with all its participants identity proofed. One key benefit of the approach proposed in the white paper is that the standards required to enable this network already exist: OpenID Connect and eKYC/IDA.
- [OpenID Connect Client-Initiated Backchannel Authentication Flow Core 1.0](https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html)
A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision.
* [Intro to OpenID Connect at IIW XXXI](https://self-issued.info/presentations/OpenID_Connect_Introduction_20-Oct-20.pdf).
It is a great overview of the key design principles of OpenID and how we got to now with the protocol
* [Identity, Unlocked... SIOP with Kristina Yasuda](https://auth0.com/blog/identity-unlocked-explained-season-2-ep-5/)
> As a discovery mechanism to invoke a Self-Issued OP, the discussion on the podcast covered the usage of a custom schema 'openid://'. Alternative mechanisms to address the limitations of custom schemas are being actively explored in the WG.
The conversation meanders through deeper details, from how the current [SIOP specification draft](https://bitbucket.org/openid/connect/src/master/openid-connect-self-issued-v2-1_0.md) under the OpenID Foundation picks up the mission from a [former attempt under DIF](https://identity.foundation/did-siop/) to encoding approaches for verifiable presentations (embedding in JWTs, [LD proofs](https://w3c-ccg.github.io/ld-proofs/), how to represent attributes
* [The Era of Self-Sovereign Identity](https://www.chakray.com/era-self-sovereign-identity/) Chakaray
VC-AuthN OIDC uses the OpenID connect standards to easily integrate with the supported systems and also provides a way to authenticate using the verifiable credentials, giving the control back to the user. This is similar to the traditional OpenID connect, the only difference is in the token information. Rather than using the users information to construct the token, this uses claims in the verifiable credentials presented by the user.
* [Lets talk about digital identity with Oscar Santolalla, Nat Sakimura and Petteri Stenius](https://www.ubisecure.com/podcast/openid-connect/)
the history of OpenID Connect and how it became so prevalent, with special guests [Nat Sakimura](https://www.linkedin.com/in/natsakimura/), Chairman at the OpenID Foundation, and [Petteri Stenius](https://www.linkedin.com/in/petteri-stenius-6a637/), Principal Scientist at Ubisecure. [...]
“New technology seldomly completely replaces the older technologies. They will form additional layers, and slowly start replacing it.”
* [101 Session: OpenID Connect](https://iiw.idcommons.net/1B/_101_Session:_OpenID_Connect) by Mike Jones
Described at: [https://openid.net/connect/](https://openid.net/connect/)
* [OpenID Connect Claims Aggregation](https://iiw.idcommons.net/5B/_OpenID_Connect_Claims_Aggregation) by Nat Sakimura, Edmund Jay, Kristina Yasuda
[2021-04-21_OpenID Connect Claims Aggregation](https://docs.google.com/presentation/d/1w-rmwZoLiFWczJ4chXuxhY0OsgHQmlIimS2TNlce4UU/edit?usp%3Dsharing)
* [OpenID Connect 4 Identity Assurance](https://iiw.idcommons.net/10J/_OpenID_Connect_4_Identity_Assurance) by Torsten Lodderstedt
> [https://www.slideshare.net/TorstenLodderstedt/openid-connect-4-identity-assurance-at-iiw-32](https://www.slideshare.net/TorstenLodderstedt/openid-connect-4-identity-assurance-at-iiw-32)
>
> Jacob Dilles proposed to allow RPs to use handles for pre-configured eKYC requests. I filled an issue for discussion by the WG ([https://bitbucket.org/openid/ekyc-ida/issues/1245/pre-configured-claims-ekyc-requests](https://bitbucket.org/openid/ekyc-ida/issues/1245/pre-configured-claims-ekyc-requests).
* [OpenID Connect: Session Management vs Privacy](https://iiw.idcommons.net/11M/_OpenID_Connect:_Session_Management_vs_Privacy) by David Waite
To recap:
- Front-channel logout is simple
- …but brittle and doesnt give good security guarantees
- Back-channel logout is robust
- …but difficult to implement/support, can still miss signals
- Session Management is useful for some apps
- …but is broken in many browsers
On their own independent schedules, all browsers have either broken or have plans to break state sharing via cross-site iframes to limit user tracking - arguably making the Session Management approach unusable.
* [The OpenID Connect Logout specifications are now Final Specifications](https://self-issued.info/?p%3D2298)
The OpenID Connect Logout specifications are now Final Specifications
Thanks to all who helped us reach this important milestone! This was originally [announced on the OpenID blog](https://openid.net/2022/09/12/the-openid-connect-logout-specifications-are-now-final-specifications/).
* [OpenID Connect for W3C Verifiable Credential Objects](https://iiw.idcommons.net/2F/_OpenID_Connect_for_W3C_Verifiable_Credential_Objects) by Oliver Terbu, Torsten Lodderstedt, Kristina Yasuda, Adam Lemmon, Tobias Looker
Slides: [https://www.slideshare.net/TorstenLodderstedt/openid-connect-for-w3c-verifiable-credential-objects](https://www.slideshare.net/TorstenLodderstedt/openid-connect-for-w3c-verifiable-credential-objects)
- Have been incubated in OpenID Foundation and DIFs joint Self-Issued OpenID Provider WG - contact Kristina ([kristina.yasuda@microsoft.com](mailto:kristina.yasuda@microsoft.com) for participation details)
* [First Public Review Period for OpenID Connect SIOPV2 and OIDC4VP Specifications Started](https://openid.net/2021/12/17/first-public-review-period-for-openid-connect-siopv2-and-oidc4vp-specifications-started/) OpenID
- Implementers Drafts public review period: Friday, December 17, 2021 to Monday, January 31, 2022 (45 days)
- Implementers Drafts vote announcement: Tuesday, January 18, 2022
- Implementers Drafts voting period: Tuesday, February 1, 2022 to Tuesday, February 8, 2022 *
* [Differences between SAML, OAuth & OIDC (OpenID Connect)](https://www.ubisecure.com/education/differences-between-saml-oauth-openid-connect/)
> SAML 2.0 - Security Assertion Markup Language
>
> OAuth 2.0 - Web Authorization Protocol
> OpenID Connect 1.0 (OIDC) - Simple identity layer on top of OAuth 2.0
* OpenID: [Public Review Period for Proposed Final OpenID Connect Client-Initiated Backchannel Authentication (CIBA) Core Specification](https://openid.net/2021/06/07/public-review-period-for-proposed-final-openid-connect-client-initiated-backchannel-authentication-ciba-core-specification/)
* [Distributed Open Identity: Self-Sovereign OpenID: A Status Report](https://identiverse.gallery.video/detail/videos/standards/video/6184823227001/distributed-open-identity:-self-sovereign-openid:-a-status-report?autoStart=true)
> follow up of the Identiverse 2019 session “SSO: Self-sovereign OpenID Connect a ToDo list”. (Decentralized Identity, Mobile, Verified Claims & Credentials, Standards, Preeti Rastogi, Nat Sakimura)
* [Personal Digital Transformation and Holistic Digital Identity](https://www.youtube.com/watch?v%3D9DExNTY3QAk) OpenID Japan ← His last public talk
from the OpenID Summit Tokyo 2020 Keynote […] about Claims, Identity, Self-ness, Who-ness, and OpenID Connect and Decentralized Identity.
* [SIOP Use-cases - IIW Spring 2021](https://docs.google.com/presentation/d/1a0C4HvVYwwwDqSw3tgPNhy9Iqyufy9oZdnMgl7rQ9Vc/edit%23slide%3Did.p)
- Continuity of a service
- Offline Authentication
- Speed, reduced latency
- Choice, Portability
- Privacy
* [DID chooser for SIOP](https://iiw.idcommons.net/20A/_DID_chooser_for_SIOP) by tom jones & friends
* [https://docs.google.com/presentation/d/1OaMecHecTUexv1skJZoYzJoHKYH8H03REFpFstLRjPg/edit?ts=607b7e5d#slide=id.gd2c45a9dcd_7_21](https://docs.google.com/presentation/d/1OaMecHecTUexv1skJZoYzJoHKYH8H03REFpFstLRjPg/edit?ts%3D607b7e5d%23slide%3Did.gd2c45a9dcd_7_21)
Goal is to allow folks to pick their DID they want to use for a website.
“Subject choosing which DID to present”.
Use case:
A user goes to an RP, and decides to register for return visits.
RP cant offer folks the Nascar Problem (too many IDP logos on the login screen).
Select a Wallet vs Select a Wallet and Identifier.
What happens when SIOP arrives?
We will need a DID chooser.
Some wallets will hold credentials for multiple identifiers, some will hold only 1.
An RP offers users multiple options for registration (Google, Facebook, Yahoo…. And coming soon… Personal)
RP should disclose their ID and why they are asking the user for what data.
Options we consider:
- [https://w3c-ccg.github.io/credential-handler-api/](https://w3c-ccg.github.io/credential-handler-api/)
- [https://w3c-ccg.github.io/vp-request-spec/#format](https://w3c-ccg.github.io/vp-request-spec/%23format)
- [https://specs.bloom.co/wallet-and-credential-interactions/](https://specs.bloom.co/wallet-and-credential-interactions/)
- [https://github.com/w3c-ccg/universal-wallet-interop-spec/issues/84](https://github.com/w3c-ccg/universal-wallet-interop-spec/issues/84)

30
_posts/identosphere-dump/open-standards/id-not-ssi.md
View File

@ -12,10 +12,6 @@ published: false
This [Directory](https://diacc.ca/2020/05/21/directory-products-assess-identification-documents-verify-identity/) is designed to provide an overview of providers solutions which use government issued photo identification cards, combined with biometric facial scans, to establish Digital Identity.
* [101 Session: OpenID Connect](https://iiw.idcommons.net/1B/_101_Session:_OpenID_Connect) by Mike Jones
Described at: [https://openid.net/connect/](https://openid.net/connect/)
Built on standards: OAuth 2.0 and JWT
See the presentation at [https://self-issued.info/?p=2167](https://self-issued.info/?p%3D2167).
@ -26,26 +22,7 @@ See the presentation at [https://self-issued.info/?p=2167](https://self-issued.i
* [101 Session: UMA - User Manged Access](https://iiw.idcommons.net/3B/_101_Session:_UMA_-_User_Managed_Access) by Eve Maler and George Fletcher
* [OpenID Connect Claims Aggregation](https://iiw.idcommons.net/5B/_OpenID_Connect_Claims_Aggregation) by Nat Sakimura, Edmund Jay, Kristina Yasuda
[2021-04-21_OpenID Connect Claims Aggregation](https://docs.google.com/presentation/d/1w-rmwZoLiFWczJ4chXuxhY0OsgHQmlIimS2TNlce4UU/edit?usp%3Dsharing)
* [OpenID Connect 4 Identity Assurance](https://iiw.idcommons.net/10J/_OpenID_Connect_4_Identity_Assurance) by Torsten Lodderstedt
> [https://www.slideshare.net/TorstenLodderstedt/openid-connect-4-identity-assurance-at-iiw-32](https://www.slideshare.net/TorstenLodderstedt/openid-connect-4-identity-assurance-at-iiw-32)
>
> Jacob Dilles proposed to allow RPs to use handles for pre-configured eKYC requests. I filled an issue for discussion by the WG ([https://bitbucket.org/openid/ekyc-ida/issues/1245/pre-configured-claims-ekyc-requests](https://bitbucket.org/openid/ekyc-ida/issues/1245/pre-configured-claims-ekyc-requests).
* [OpenID Connect: Session Management vs Privacy](https://iiw.idcommons.net/11M/_OpenID_Connect:_Session_Management_vs_Privacy) by David Waite
To recap:
- Front-channel logout is simple
- …but brittle and doesnt give good security guarantees
- Back-channel logout is robust
- …but difficult to implement/support, can still miss signals
- Session Management is useful for some apps
- …but is broken in many browsers
On their own independent schedules, all browsers have either broken or have plans to break state sharing via cross-site iframes to limit user tracking - arguably making the Session Management approach unusable.
* [Police in Latin America are turning activists phones against them](https://restofworld.org/2021/latin-america-phone-security/)
@ -219,13 +196,6 @@ Bad News
* [Rohingya seek reparations from Facebook for role in massacre](https://apnews.com/article/technology-business-bangladesh-myanmar-c5af9acec46a3042beed7f5e1bc71b8a) APNews
The platform, Amnesty says, wasnt merely a passive site with insufficient content moderation. Instead, Metas algorithms “proactively amplified and promoted content” on Facebook, which incited violent hatred against the Rohingya beginning as early as 2012.
* [The OpenID Connect Logout specifications are now Final Specifications](https://self-issued.info/?p%3D2298)
The OpenID Connect Logout specifications are now Final Specifications
Thanks to all who helped us reach this important milestone! This was originally [announced on the OpenID blog](https://openid.net/2022/09/12/the-openid-connect-logout-specifications-are-now-final-specifications/).
* [Call it data liberation day: Patients can now access all their health records digitally](https://www.statnews.com/2022/10/06/health-data-information-blocking-records/) Statnews
Under [federal rules](https://www.healthit.gov/buzz-blog/information-blocking/information-blocking-eight-regulatory-reminders-for-october-6th) taking effect Thursday, health care organizations must give patients unfettered access to their full health records in digital format. No more long delays. No more fax machines. No more exorbitant charges for printed pages.

13
_posts/identosphere-dump/open-standards/iso.md Normal file
View File

@ -0,0 +1,13 @@
# ISO
## Contents
- mDL 18013-5
- 22030
- Working Group 3 - Travel Documents
## links
* [Verifiable Driver's Licenses and ISO-18013-5 (mDL)](https://lists.w3.org/Archives/Public/public-credentials/2021Nov/0105.html) Manu Sporny (Monday, 29 November)
> Spruce, MATTR, and Digital Bazaar have collaborated on creating an interoperability test suite for something we're calling the "Verifiable Driver's License" (temporary name):
* [ISO/IEC 18013-5 vs Self-Sovereign Identity: A proposal for an mDL Verifiable Credential](https://www.procivis.ch/post/iso-iec-18013-5-vs-self-sovereign-identity-a-proposal-for-an-mdl-verifiable-credential) Procivis
> in the context of government identity programs we see it as useful to compare them on the following parameters background, credential data model & trust anchor and transmission protocols.

51
_posts/identosphere-dump/open-standards/not-ssi/README.md Normal file
View File

@ -0,0 +1,51 @@
# Non SSI Identity Standards
## Contents
- OpenID
- FIDO
- OAuth
- SCIM
- SAML
- KMIP
- Secure QR Code
## OpenID
* [Registration - OpenID Foundation Virtual Workshop](https://openid.net/2021/03/01/registration-open-for-openid-foundation-virtual-workshop-april-29-2021/) April 29, 2021
updates on all active OpenID Foundation Working Groups as well the OpenID Certification Program
OpenID Specs Up for Review
* [Public Review Period for Second Proposed RISC Profile Implementers Draft](https://openid.net/2022/07/05/public-review-period-for-second-proposed-risc-profile-implementers-draft/)
This specification defines event types and their contents based on the [SSE Framework](https://openid.net/specs/openid-risc-profile-specification-1_0-02.html%23SSE-FRAMEWORK) that are required to implement Risk Incident Sharing and Coordination.
## FIDO
* [2021 FIDO Developer Challenge: Outcomes and Winners](https://fidoalliance.org/2021-fido-developer-challenge-outcomes-and-winners/)
1. Gold Winner [Lockdrop](https://lockdrop.com/)
2. Silver Winner [Shaxware](https://www.shaxware.com/)
3. Bronze Winner SoundAuth ([Trillbit](https://www.trillbit.com/)
This years FIDO Developer Challenge reached a successful conclusion, with a ceremonial event during [Authenticate 2021](https://authenticatecon.com/event/authenticate-2021-conference/) of the ceremony is available now, and were pleased to share more detailed stories of the three finalists as well as the rest of the teams that made it to the final stage.
* [Integrating FIDO with Verifiable Credentials (8.30 am start)](https://iiw.idcommons.net/10E/_Integrating_FIDO_with_Verifiable_Credentials_(8.30_am_start)) by David Chadwick
* [The Use of FIDO2 and Verifiable Credentials (David Chadwick)](https://youtube.com/watch?v%3Dl3taGxBdrRU)
W3C Web Authentication (FIDO2) provides a mechanism for strong authentication whilst W3C Verifiable Credentials provide a mechanism for strong identification and authorisation. Together they make an unbeatable pair for identity management.
Prof. David Chadwick presented work on sharing W3C Verifiable Crendentials via FIDO2 key setup with issuers of credentials.  In a nutshell, the holder and issuer use the WebAuthN protocol to strongly authenticate before the issuer protects the credentials with its signature.  Upon providing credentials to a relying party, the issuer (acting in an IDP capacity, so they must be online) will verify the identity of the holder via FIDO2 WebAuthN so that the credentials (or selected claims in the credentials for selective disclosure) can be shared with the relying party.  Ephemeral keys are created to bind the holder with such credentials shared to the relying party/verifier.  The relying party/verifier can use X.509 certs to confirm that the issuer is valid by checking the signature on the derived credential from the holder.
## OAuth
## SCIM
## SAML
## KMIP
## Secure QR Code

29
_posts/identosphere-dump/open-standards/protocols.md
View File

@ -34,9 +34,6 @@ This issue now has a funding of 3004.5068 USD (3000.0 USD @ $1.0/USD) attached t
- Questions? Checkout [Gitcoin Help](https://gitcoin.co/help) or the [Gitcoin's Discord](https://discord.gg/gitcoin/)
- $5,664,407.63 more funded OSS Work available on the [Gitcoin Issue Explorer](https://gitcoin.co/explorer)
* [Ten Reasons to Use Picos for Your Next Decentralized Programming Project](https://www.windley.com/archives/2021/07/ten_reasons_to_use_picos_for_your_next_decentralized_programming_project.shtml)
Summary: Picos are a programming model for building decentralized applications that provide significant benefits in the form of abstractions that reduce programmer effort. Here are ten eleven reasons you should use picos for your next decentralized application. Temperature Sensor Network Built from Picos I didn't start out to write a programming language that naturally supports
* [Implement Client Credentials with Kong Konnect and Okta](https://developer.okta.com/blog/2021/05/25/client-credentials-kong-konnect)
> The OIDC plugin enables Kong, as the API gateway, to communicate with Okta via the OAuth/OIDC flows.
@ -44,10 +41,6 @@ Summary: Picos are a programming model for building decentralized applications t
* [ION We Have Liftoff!](https://techcommunity.microsoft.com/t5/identity-standards-blog/ion-we-have-liftoff/ba-p/1441555)
> We are excited to share that v1 of [ION](https://identity.foundation/ion/) is complete and has been launched on Bitcoin mainnet. We have deployed an ION node to our production infrastructure and are working together with other companies and organizations to do so as well. ION does not rely on centralized entities, trusted validators, or special protocol tokens ION answers to no one but you, the community. Because ION is an open, permissionless system, anyone can run an ION node, in fact the more nodes in operation, the stronger the network becomes. Development of ION, and the Sidetree standard ION is based on, takes place in the [Decentralized Identity Foundation](https://identity.foundation/) (DIF). Read on to learn how you can integrate ION, DIDs, and Verifiable Credentials in your applications and services.
* [Identity, Unlocked... SIOP with Kristina Yasuda](https://auth0.com/blog/identity-unlocked-explained-season-2-ep-5/)
> As a discovery mechanism to invoke a Self-Issued OP, the discussion on the podcast covered the usage of a custom schema 'openid://'. Alternative mechanisms to address the limitations of custom schemas are being actively explored in the WG.
The conversation meanders through deeper details, from how the current [SIOP specification draft](https://bitbucket.org/openid/connect/src/master/openid-connect-self-issued-v2-1_0.md) under the OpenID Foundation picks up the mission from a [former attempt under DIF](https://identity.foundation/did-siop/) to encoding approaches for verifiable presentations (embedding in JWTs, [LD proofs](https://w3c-ccg.github.io/ld-proofs/), how to represent attributes
* [Sidetree Protocol reaches V1](https://blog.identity.foundation/sidetree-protocol-reaches-v1/) DIF
> This week, the DIF Steering Committee officially approved the first major release of the Sidetree Protocol specification, "v1" so to speak. This protocol has already been implemented, and four of its implementers have been collaborating intensively for over a year on expanding and extending this specification together.
@ -65,30 +58,8 @@ The conversation meanders through deeper details, from how the current [SIOP sp
>
> This tool fulfills a similar purpose as Bind does in the DNS system: resolution of identifiers. However, instead of working with domain names, we work with self-sovereign identifiers that can be created and registered directly by the entities they refer to.
* [Persistence, Programming, and Picos](https://www.windley.com/archives/2021/02/persistence_programming_and_picos.shtml) -
> Picos show that image-based development can be done in a manner consistent with the best practices we use today without losing the important benefits it brings.
> The project name, PICOS, is an abbreviation of “Privacy and Identity Management for Community Services”. The objective of the project is to advance the state of the art in technologies that provide privacy-enhanced identity and trust management features within complex community-supporting services that are built on Next Generation Networks and delivered by multiple communication service providers. The approach taken by the project is to research, develop, build trial and evaluate an open, privacy-respecting, trust-enabling identity management platform that supports the provision of community services by mobile communication service providers.
>
> Learn more about the [motivation](http://www.picos-project.eu/Motivation.181.0.html), the [objectives](http://www.picos-project.eu/Objectives.182.0.html), [tasks](http://www.picos-project.eu/Tasks.183.0.html) and [achievements](http://www.picos-project.eu/Achievements.190.0.html) of PICOS, and get to know the PICOS exemplary [communities](http://www.picos-project.eu/Communities.184.0.html).
* [Announcing Pico Engine 1.0](https://www.windley.com/archives/2021/02/announcing_pico_engine_10.shtml) Windley
I'm excited to announce a new, stable, production-ready pico engine. The latest release of the Pico Engine (1.X) provides a more modular design that better supports future enhancements and allows picos to be less dependent on a specific engine for operation.
* [Building Decentralized Applications with Pico Networks](https://www.windley.com/archives/2021/02/building_decentralized_applications_with_pico_networks.shtml)
## Established Tech
### OpenID
* [Intro to OpenID Connect at IIW XXXI](https://self-issued.info/presentations/OpenID_Connect_Introduction_20-Oct-20.pdf).
It is a great overview of the key design principles of OpenID and how we got to now with the protocol
* [New Badged Open Course: Decentralising Education Using Blockchain Technology](https://www.open.edu/openlearncreate/course/view.php?id%3D7981) Alexander.Mikroyannidis ([from CCG](https://lists.w3.org/Archives/Public/public-credentials/2021Oct/0044.html)
Available on the Open Universitys OpenLearn Create platform and is licensed under CC BY-NC-SA 4.0. Upon completion of the course, learners earn a free statement of participation.
* [Getting Started with Self-Sovereign Identity](https://www.edx.org/course/getting-started-with-self-sovereign-identity) Kaliya & Lucy via Linux Foundation and EdX
Gain a solid foundation on self-sovereign identity (SSI) with a 360 degree overview of its evolutionary journey, key concepts, standards, technological building blocks, use cases, real-world examples and implementation considerations.
* [ION reaches 1.0](https://github.com/decentralized-identity/ion)
> ION makes it possible to anchor tens of thousands of DID/DPKI operations on a target chain (in ION's case, Bitcoin) using a single on-chain transaction. The transactions are encoded with a hash that ION nodes use to fetch, store, and replicate the hash-associated DID operation batches via IPFS.

10
_posts/identosphere-dump/open-standards/standards-organizations.md → _posts/identosphere-dump/open-standards/standards-orgs/standards-organizations.md
View File

@ -2,8 +2,16 @@
published: false
---
# Standards Bodies
# Standards Orgs
## Contents
- W3C
- IETF
- OASIS
- ITU-T
- ISO/IEC
## Links
* [Decentralized Profiles group Nov 25th call](https://blog.ceramic.network/dprofiles-call-3/)
Every 6 weeks the at Ceramic meets

68
_posts/identosphere-dump/open-standards/standards.md
View File

@ -94,6 +94,8 @@ Orange - Application layer standards
> - Issuer resolution
> - ID resolution
> - Credential status resolution
* [Trust Frameworks? Standards Matter](https://medium.com/@trbouma/trust-frameworks-standards-matter-47c946992f44) Tim Bouma
> He points at the NIST documents about it [Developing Trust Frameworks to Support Identity Federations](https://nvlpubs.nist.gov/nistpubs/ir/2018/NIST.IR.8149.pdf) published in 2018. He also points at the Canadian governments definition of standards.
>
@ -221,17 +223,10 @@ The Claims and Credentials Working Group will be overseeing a new work item open
* [Shared Signals: An Open Standard for Webhooks](https://openid.net/2021/08/24/shared-signals-an-open-standard-for-webhooks/) OpenID
The OpenID Foundation formed the “[Shared Signals and Events](https://openid.net/wg/sse/)” (SSE) Working Group as a combination of the previous OpenID RISC working group and an informal industry group that was focused on standardizing [Googles CAEP proposal](https://cloud.google.com/blog/products/identity-security/re-thinking-federated-identity-with-the-continuous-access-evaluation-protocol). These represented two distinct applications of the same underlying mechanism of managing asynchronous streams of events. Therefore the [SSE Framework](https://openid.net/specs/openid-sse-framework-1_0-01.html) is now proposed to be a standard for managing such streams of events for any application, not just CAEP and RISC. In effect, it is a standard for generalized Webhooks.
* [OpenID Connect Client-Initiated Backchannel Authentication (CIBA) Core is now a Final Specification](https://openid.net/2021/09/01/openid-connect-client-initiated-backchannel-authentication-ciba-core-is-now-a-final-specification/)
The OpenID Foundation membership has approved the following [MODRNA](https://openid.net/wg/mobile/) specification as an OpenID Final Specification:
* [Managed Open Projects: A New Way For Open Source and Open Standards To Collaborate](https://www.oasis-open.org/2021/09/08/managed-open-projects/)
I recently pointed out in a [TechCrunch contribution](https://techcrunch.com/2021/06/09/a-revival-at-the-intersection-of-open-source-and-open-standards/) that the open source and open standards communities need to find ways to team up if they are to continue driving innovation and  development of transformative technologies to push our society forward.
* [OpenID Connect Presentation at 2021 European Identity and Cloud (EIC) Conference](https://self-issued.info/?p%3D2187)
I gave the following presentation on the [OpenID Connect Working Group](https://openid.net/wg/connect/) during the [September 13, 2021 OpenID Workshop](https://openid.net/oidf-workshop-at-eic-2021-monday-september-13-2021/) at the [2021 European Identity and Cloud (EIC) conference](https://www.kuppingercole.com/events/eic2021/). As I noted during the talk, this is an exciting time for OpenID Connect; theres more happening now than at any time since the original OpenID Connect specs were created!
- OpenID Connect Working Group [(PowerPoint)](http://self-issued.info/presentations/OpenID_Connect_Working_Group_13-Sep-21.pptx) [(PDF)](http://self-issued.info/presentations/OpenID_Connect_Working_Group_13-Sep-21.pdf)
* [JSON is Robot Barf](https://www.windley.com/archives/2021/09/json_is_robot_barf.shtml) Windley
@ -246,8 +241,6 @@ Since February he has also been the informal chair of the [Hospitality and Trav
* [Global Assured Identity Network White Paper](https://openid.net/2021/09/20/global-assured-identity-network-white-paper/)
* [OIDC with SIOPv2 and DIF Presentation Exchange](https://vimeo.com/630104529) Sphereon
* [Sign in with Ethereum](https://login.xyz/) is being developed by Spruce
Already used throughout web3, this is an effort to standardize the method with best practices and to make it easier for web2 services to adopt it.
@ -267,12 +260,6 @@ Verifiable credentials is a beautiful set of technology that allows people and o
Lohan Spies, Technical Lead, Yoma
* [Gimly ID: SSI with OpenID authentication](https://www.loom.com/share/d49e005bb32349d7950022e83d55b944)
About Dick Hardts new thing
Gimly ID is leading self-sovereign identity innovation, with the implementation of SSI with self-issued openID provider (SIOPv2) and full support for openID connect and DIF presentation exchange.
* [Explore Affinidi Schema Manager](https://ui.schema.affinidi.com/schemas/)
* [Proof-of-possession (pop) AMR method added to OpenID Enhanced Authentication Profile spec](https://self-issued.info/?p%3D2198) Mike Jones
@ -282,12 +269,6 @@ Ive defined an Authentication Method Reference (AMR) value called “pop” t
- [https://openid.net/specs/openid-connect-eap-acr-values-1_0-01.html](https://openid.net/specs/openid-connect-eap-acr-values-1_0-01.html)
- [https://openid.net/specs/openid-connect-eap-acr-values-1_0.html](https://openid.net/specs/openid-connect-eap-acr-values-1_0.html)
* [OpenID Connect Presentation at IIW XXXIII](https://self-issued.info/?p%3D2196) Mike Jones
- Introduction to OpenID Connect [(PowerPoint)](https://self-issued.info/presentations/OpenID_Connect_Introduction_12-Oct-21.pptx) [(PDF)](https://self-issued.info/presentations/OpenID_Connect_Introduction_12-Oct-21.pdf)
The session was well attended. There was a good discussion about the use of passwordless authentication with OpenID Connect.
* [SSI with OpenID authentication](https://www.loom.com/share/d49e005bb32349d7950022e83d55b944) Gimly ID
* [DIDs are not enough - we need an Authoriziation standard too](https://medium.com/energy-web-insights/api-access-security-for-dapps-cfcfa928623c) Energy Web
@ -330,12 +311,6 @@ Recently, the WAO team took the opportunity to update the badge platforms page o
* [First Public Review Period for OpenID Connect SIOPV2 and OIDC4VP Specifications Started](https://openid.net/2021/12/17/first-public-review-period-for-openid-connect-siopv2-and-oidc4vp-specifications-started/) OpenID
- Implementers Drafts public review period: Friday, December 17, 2021 to Monday, January 31, 2022 (45 days)
- Implementers Drafts vote announcement: Tuesday, January 18, 2022
- Implementers Drafts voting period: Tuesday, February 1, 2022 to Tuesday, February 8, 2022 *
* [Report from EBSI4Austria. In 2018, all European member states…](https://medium.com/@markus.sabadello/report-from-ebsi4austria-b79c0ed8ab8d) Markus Sabadello
EBSI4Austria is a CEF funded project with two main objectives. First, EBSI4Austria aims to set up, operate and maintain the Austrians EBSI node. Second, we pilot the diploma use case on the Austrian level supported by two Universities and data providers as well as verifiers.
@ -374,11 +349,6 @@ At a superficial level, a decentralized identifier (DID) is simply a new type of
* [First Implementers Drafts of OpenID Connect SIOPV2 and OIDC4VP Specifications Approved](https://openid.net/2022/02/08/first-implementers-drafts-of-openid-connect-siopv2-and-oidc4vp-specifications-approved/) OpenID
- [Self-Issued OpenID Provider v2](https://openid.net/specs/openid-connect-self-issued-v2-1_0-07.html)
- [OpenID Connect for Verifiable Presentations](https://openid.net/specs/openid-connect-4-verifiable-presentations-1_0-08.html)
* [Cryptography Review of W3C VC Data Model and DID Standards and Implementation Recommendations](https://www.linkedin.com/posts/aniljohn_cryptography-review-of-w3c-vc-and-w3c-did-ugcPost-6892250585652162560-OQ3Y) SRI International
@ -392,7 +362,7 @@ The official voting period will be between Tuesday, February 1, 2022 and Tuesday
Summary: The hype over NFTs and collectibles is blinding us to their true usefulness as trustworthy persistent data objects. How do they sit in the landscape with verifiable credentials and picos? Listening to this Reality 2.0 podcast about NFTs with Doc Searls, Katherine Druckman, and their guest Greg Bledsoe got me thinking about NFTs.
* [Nat describes GAIN](https://nat.sakimura.org/2021/09/14/announcing-gain/) as an overlay network on top of the Internet with all its participants identity proofed. One key benefit of the approach proposed in the white paper is that the standards required to enable this network already exist: OpenID Connect and eKYC/IDA.
- [Nat has a presentation](https://nat.sakimura.org/2021/09/14/announcing-gain/)
- There is a [linked in Group](https://www.linkedin.com/groups/12559000/)
@ -401,12 +371,6 @@ Summary: The hype over NFTs and collectibles is blinding us to their true useful
Different types of DIDs can be registered and anchored using unique rules specific to the set of infrastructure where theyre stored. Since DIDs provide provenance for keys which are controlled by DID owners, the rules and systems that govern each kind of DID method have a significant impact on the trust and maintenance model for these identifiers.
- [OpenID Connect Client-Initiated Backchannel Authentication Flow Core 1.0](https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html)
A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision.
* [VC Spec Enhancement Proposal](https://github.com/SmithSamuelM/Papers/blob/master/whitepapers/VC_Enhancement_Strategy.md) Sam Smith
the VC standard appears to be an adoption vector for Linked Data, not the other way around. My overriding interest is that the concept of a VC as a securely attributable statement is a very powerful and attractive one and therefore should be widely adopted. We should therefore be picking the best technologies that best support broad VC adoption, not the other way around.
* [Open standards should be developed openly](https://blog.weareopen.coop/open-standards-should-be-developed-openly-1f0cf552308d)
@ -428,11 +392,6 @@ This is the Use Case Implementation Workstream of the [COVID Credentials Initia
> ISO 27018 is part of the ISO 27000 family of standards, which define best practices for information security management. ISO 27018 adds new guidelines, enhancements, and security controls to the ISO/IEC 27001 and ISO/IEC 27002 standards, which help cloud service providers better manage the data security risks unique to PII in cloud computing.
* [Differences between SAML, OAuth & OIDC (OpenID Connect)](https://www.ubisecure.com/education/differences-between-saml-oauth-openid-connect/)
> SAML 2.0 - Security Assertion Markup Language
>
> OAuth 2.0 - Web Authorization Protocol
> OpenID Connect 1.0 (OIDC) - Simple identity layer on top of OAuth 2.0
* [What's New in Passwordless Standards, 2021 edition!](https://techcommunity.microsoft.com/t5/identity-standards-blog/what-s-new-in-passwordless-standards-2021-edition/ba-p/2124136) (Microsoft)
> The Web Authentication API (WebAuthn) Level 2 specification is currently a Candidate Recommendation at the W3C. "Level 2" essentially means major version number 2.
>
@ -640,33 +599,14 @@ members from across the community come together to test interoperability between
- [What Would JOSE Do? Why re-form the JOSE working group to meet the need?](https://datatracker.ietf.org/meeting/114/materials/slides-114-jwp-the-need-standards-for-selective-disclosure-and-zero-knowledge-proofs-00)  [Mike Jones](https://twitter.com/selfissued)
- [The selective disclosure industry landscape, including Verifiable Credentials and ISO Mobile Driver Licenses (mDL)](https://datatracker.ietf.org/meeting/114/materials/slides-114-jwp-why-selective-disclosure-00)  [Kristina Yasuda](https://twitter.com/kristinayasuda)
- [A Look Under the Covers: The JSON Web Proofs specifications](https://datatracker.ietf.org/meeting/114/materials/slides-114-jwp-json-web-proofs-initial-drafts-00)  Jeremie Miller
* [Aries Agent Test Harness Enhancement Project](https://www.idlab.org/en/aries-agent-test-harness-enhancement-project/) IDLab
At this stage of the AATH Enhancement Project, two factors helped define its broad content:
- The gap between AIP 2.0 constituent RFCs and the current implementation of the AATH tests
- Requirements from Interac with respect to AIP 2.0
* [Verifiable Credentials Data Model v2.0](https://www.w3.org/TR/2022/WD-vc-data-model-2.0-20220811/)
- The components that constitute a [verifiable credential](https://www.w3.org/TR/2022/WD-vc-data-model-2.0-20220811/%23dfn-verifiable-credentials)
- The components that constitute a [verifiable presentation](https://www.w3.org/TR/2022/WD-vc-data-model-2.0-20220811/%23dfn-verifiable-presentations)
- An ecosystem where [verifiable credentials](https://www.w3.org/TR/2022/WD-vc-data-model-2.0-20220811/%23dfn-verifiable-credentials) and [verifiable presentations](https://www.w3.org/TR/2022/WD-vc-data-model-2.0-20220811/%23dfn-verifiable-presentations) are expected to be useful
- The use cases and requirements that informed this specification.
* [Volleyball, Identiverse, and Open Identity Standards](https://www.linkedin.com/pulse/volleyball-identiverse-open-identity-standards-alex-simons/?trackingId%3DiAokBqe0Qdqrwj5LfAEf3w%253D%253D) Alex Simons
* [Crossword wins NGI Atlantic funds for Verifiable Credentials project](https://www.crosswordcybersecurity.com/post/next-generation-internet-grant-win) Crossword Cybersecurity
European Commissions Next Generation Internet (NGI) initiative to lead a project to test the OpenID Foundations protocols for transferring verifiable credentials. Crosswords partners in this project are Spruce Inc from the USA and Fraunhofer from Germany
* [Trinsic Builds Open Source Trust Registry Sponsored by eSSIF-Lab](https://trinsic.id/trinsic-builds-open-source-trust-registry-sponsored-by-essif-lab/) Trinsic

93
_posts/identosphere-dump/open-standards/trust-frameworks.md Normal file
View File

@ -0,0 +1,93 @@
# Trust Frameworks
## Contents
- 800-63-3
- DIACC
## Links
* [The Ukrainian War, PKI, and Censorship](https://www.windley.com/archives/2022/03/the_ukrainian_war_pki_and_censorship.shtml) Phil Windley
PKI has created a global trust framework for the web. But the war in Ukraine has shone a light on its weaknesses. Hierarchies are not good architectures for building robust, trustworthy, and stable digital systems.
* [Digital Caribou looks at the future trends impacting Digital Identity](https://medium.com/caribou-digital/diagnostic-trends-shaping-the-future-of-digital-identification-181724c40068)
> 1. The state of the art in digital identification are trust frameworks that accommodate diverse technologies, systems and stakeholders
> 2. Risks remain even within the most rigorous trust framework:
> 3. Achieving inclusion requires addressing both technical and political dimensions
> 4. Trust frameworks are complicated so getting governance right requires an ecosystems approach
> 5. Building the future of digital identification means reckoning with an analogue past
* [Trust Frameworks](https://medium.com/mattr-global/learn-concepts-trust-frameworks-ad96a4427991)
> Trust frameworks are a foundational component of the web of trust. A trust framework is a common set of best practice standards-based rules that ensure minimum requirements are met for security, privacy, identification management and interoperability through accreditation and governance. These operating rules provide a common framework for ecosystem participants, increasing trust between them.
* [The trust infrastructure of self-sovereign identity ecosystems](https://ssi-ambassador.medium.com/the-trust-infrastructure-of-self-sovereign-identity-ecosystems-551f46ed9e2c)
> The trust infrastructure is concerned with the question of how and why the presented information can be trusted. It defines the rules for all stakeholders and enables legally binding relationships with the combination of governance frameworks, which are built on top of trust frameworks.
>
> includes a section on the core components of identity architecture that includes a graphic [based on a post by Phil Windley](https://www.windley.com/archives/2020/09/the_architecture_of_identity_systems.shtml)
* [Battle of the Trust Frameworks with Tim Bouma & Darrell ODonnell](https://northernblock.io/battle-of-the-trust-frameworks-with-tim-bouma-darrell-odonnell) Northern Block
1. Levels of Assurance (LOA): an introduction to LOAs as they relate to Digital Identity and why theyre an important part of the recipe in achieving digital trust. Tim and Darrell give us some practical examples of LOAs.
2. The Concept of Trust: how do we define trust at a high-level and how do we differentiate between technical and human trust? How can we build trust with credential issuers but also with credential holders?
3. The World of Trust Frameworks: what are trust frameworks and what are different types of frameworks being deployed in both the public and private sectors? How are organizations trying to monetize trust frameworks? Whats going right, and whats going wrong with the way trust frameworks are being implemented?
4. The Importance of Open Source for Trust Creation: why is open source important for achieving digital sovereignty? Is open source the only way to improve transparency, flexibility and accountability?
* [Good Health Pass Ecosystem Trust Architecture: DIDs and X.509 Trust Registries with Ecosystem Governance Frameworks](https://iiw.idcommons.net/23F/_Good_Health_Pass_Ecosystem_Trust_Architecture:_DIDs_and_X.509_Trust_Registries_with_Ecosystem_Governance_Frameworks) by Drummond Reed, Scott Perry, Darrell ODonnell
Governance, Trust Registry, Ecosystem, Transitive Trust, Architecture
Presentation Deck: [GHP Ecosystem Trust Architecture PDF](https://drive.google.com/file/d/1Hgh5JvrM7aUCmg5q6KIXzvpVIcgfhTjr/view?usp%3Dsharing)
- Proposed Trust Interoperability (Global) for the Good Health Pass (GHP) Ecosystem
- Kaliya Young & Rebecca Distler - Working Group Co-Leads
- Trust in the system - focus for todays discussion.
- Principles - [https://www.goodhealthpass.org/wp-content/uploads/2021/02/Good-Health-Pass-Collaborative-Principles-Paper.pdf](https://www.goodhealthpass.org/wp-content/uploads/2021/02/Good-Health-Pass-Collaborative-Principles-Paper.pdf)
- Blueprint Outline - [https://www.goodhealthpass.org/wp-content/uploads/2021/03/GHPC-Interoperability-Blueprint-Outline-v2.pdf](https://www.goodhealthpass.org/wp-content/uploads/2021/03/GHPC-Interoperability-Blueprint-Outline-v2.pdf)
- Global Problems inhibiting world travel. Many emerging instances of GHP related ecosystems. GHP establishing an umbrella for all GHP-compliant ecosystems.
- Relying on the ToIP Trust stack as an architectural blueprint
- Ecosystem Governance Framework is at the top of a governance and technical stack.
- Some specific Ecosystems need to accommodate x.509 certificate and VC constructs.
- ToIP Stack diagram is undergoing new changes - some new terminology being discussed at IIW.
- Governance and Trust Framework terms are being used as synonyms but we conveyed that Governance Frameworks are over arching of subject Trust Frameworks.
- GHP wll be a General Ecosystem Governance Framework. Overseeing Specific EGFs..
-
- It is likely to have a GHP compliance but only on the lightweight tenets of interoperability.
- We are introducing a trust registry infrastructure that works with all GHP-compliant ecosystems.
- Issuers within an ecosystem will be included in a trust registry.
- Each Ecosystem must publish its governance framework and make its trust registry available
- All issuers need to be recognized by a governance framework and included in a trust registry
- The second principle is that each specific EGF will identify its trust registry with a DID and specify its trust registry service endpoint(s) in its associated DID document
- The third principle is that each VC issued under a specific EGF will identify its issuer with either:
- a DID
- a URI (for X.509 certificates)
- The final principle is that each VC issued under a specific EGF will identify its type with a type URI. That field will be using common semantics.
- With this architecture, all we need is a simple trust registry protocol to answer the question:
- Is this issuer
- authorized to issue this VC type
- under this specific EGF?
- GOOD - is a pass
- BETTER - may be purpose-limited (“trivial” example -
Links from chat:
- Bart Suichies to Everyone : the eidas demo is here: [https://essif.adaptivespace.io/](https://essif.adaptivespace.io/)
* [https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/deliverables](https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/deliverables) not sure if this an open repo
* [https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/deliverables/-/blob/master/api_documentation/train-atv-1.0.0-swagger.yaml](https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/deliverables/-/blob/master/api_documentation/train-atv-1.0.0-swagger.yaml)
* [https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/train_project_summary](https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/train_project_summary)
- Drummond Reed to Everyone : See the anti-coercion section of the original ToIP RFC: [https://github.com/hyperledger/aries-rfcs/blob/master/concepts/0289-toip-stack/README.md](https://github.com/hyperledger/aries-rfcs/blob/master/concepts/0289-toip-stack/README.md)
- Sterre den Breeijen to Everyone : [https://blockchain.tno.nl/blog/verify-the-verifier-anti-coercion-by-design/](https://blockchain.tno.nl/blog/verify-the-verifier-anti-coercion-by-design/) Blog on anti-coercion by my colleague Oskar van Deventer
- Bart Suichies to Everyone : @judith: [https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/train_project_summary](https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/train_project_summary)
- Darrell O'Donnell to Everyone : TRAIN - [https://essif-lab.eu/essif-train-by-fraunhofer-gesellschaft/](https://essif-lab.eu/essif-train-by-fraunhofer-gesellschaft/)
- Drummond Reed to Everyone : Bart, I am totally on board with the human-readable element for GHP. Happy to chat more with you about that. There is a lot of focus on that in the [Consistent User Experience drafting group](https://wiki.trustoverip.org/display/HOME/Consistent%2BUser%2BExperience%2BDrafting%2BGroup)
[Pan-Canadian Trust Framework](https://diacc.ca/wp-content/uploads/2016/08/PCTF-Overview-FINAL.pdf)
* [Towards a Better Digital Identity Trust Framework in Aotearoa](https://digitalidentity.nz/2022/09/21/towards-a-better-digital-identity-trust-framework-in-aotearoa/) Digital Identity NZ
Its a great pleasure to share with you DINZ Reflections Report, a seminal piece of work that DINZs Digital Identity Trust Framework working group has developed over several months.
* [Trust Frameworks? Standards Matter](https://medium.com/@trbouma/trust-frameworks-standards-matter-47c946992f44) Tim Bouma
> He points at the NIST documents about it [Developing Trust Frameworks to Support Identity Federations](https://nvlpubs.nist.gov/nistpubs/ir/2018/NIST.IR.8149.pdf) published in 2018. He also points at the Canadian governments definition of standards.
>
> “a document that provides a set of agreed-upon rules, guidelines or characteristics for activities or their results. Standards establish accepted practices, technical requirements, and terminologies for diverse fields.”  He goes on to highlight a lot of the work being done in Canada and where it all sits relative to being a standard - “In closing, there are lots of trust frameworks being developed today. But to be truly trusted, a trust framework needs to either apply existing standards or become a standard itself.”

13
_posts/identosphere-dump/open-standards/verifiable-credentials.md
View File

@ -5,6 +5,15 @@ published: false
# Verifiable Credentials
* [Verifiable Credentials Data Model v2.0](https://www.w3.org/TR/2022/WD-vc-data-model-2.0-20220811/)
- The components that constitute a [verifiable credential](https://www.w3.org/TR/2022/WD-vc-data-model-2.0-20220811/%23dfn-verifiable-credentials)
- The components that constitute a [verifiable presentation](https://www.w3.org/TR/2022/WD-vc-data-model-2.0-20220811/%23dfn-verifiable-presentations)
- An ecosystem where [verifiable credentials](https://www.w3.org/TR/2022/WD-vc-data-model-2.0-20220811/%23dfn-verifiable-credentials) and [verifiable presentations](https://www.w3.org/TR/2022/WD-vc-data-model-2.0-20220811/%23dfn-verifiable-presentations) are expected to be useful
- The use cases and requirements that informed this specification.
* [Crossword wins NGI Atlantic funds for Verifiable Credentials project](https://www.crosswordcybersecurity.com/post/next-generation-internet-grant-win) Crossword Cybersecurity
European Commissions Next Generation Internet (NGI) initiative to lead a project to test the OpenID Foundations protocols for transferring verifiable credentials. Crosswords partners in this project are Spruce Inc from the USA and Fraunhofer from Germany
* [Binding credentials to publicly accessible repositories](https://lists.w3.org/Archives/Public/public-credentials/2021Jul/0297.html)  Leonard Rosenthol (Friday, 30 July)
These VCs (etc.) will be embedded into the assets (e.g., video, images, documents, etc.) in a tamper-evident manner, so that in addition to the individual VCs “proof”, any attempt to change the CreativeWork relationships, etc. can also be detected. [..] we have no protection against a malicious actor simply copying the VC from one asset and dropping it into another (and then signing the new setup), because there is nothing that binds the credential to the asset in our case.
@ -120,6 +129,10 @@ The pull request[4] involves a few things that are worth noting
* [VC Issuance based on OAuth 2.0](https://lists.w3.org/Archives/Public/public-credentials/2022Apr/0084.html)  Nikos Fotiou (Thursday, 14 April)
We design, implement, and evaluate a solution for achieving continuous authorization of HTTP requests exploiting Verifiable Credentials (VCs) and OAuth 2.0. Specifically, we develop a VC issuer that acts as an OAuth 2.0 authorization server, a VC verifier that transparently protects HTTP-based resources, and a VC wallet implemented as a browser extension capable of injecting the necessary authentication data in HTTP requests without needing user intervention.
* [VC Spec Enhancement Proposal](https://github.com/SmithSamuelM/Papers/blob/master/whitepapers/VC_Enhancement_Strategy.md) Sam Smith
the VC standard appears to be an adoption vector for Linked Data, not the other way around. My overriding interest is that the concept of a VC as a securely attributable statement is a very powerful and attractive one and therefore should be widely adopted. We should therefore be picking the best technologies that best support broad VC adoption, not the other way around.
* [Verifiable Credentials Data Model v1.1 is an official W3C standard!](https://lists.w3.org/Archives/Public/public-credentials/2022Mar/0005.html)  Manu Sporny (Thursday, 3 March)

11
_posts/identosphere-dump/organizations/organization.md
View File

@ -230,13 +230,6 @@ We think that focusing on Facebooks surveillance advertising is a good step i
* [New steward for #GoodID: Berkman Klein Center for Internet and Society at Harvard University](https://omidyarnetwork.medium.com/new-steward-for-goodid-berkman-klein-center-for-internet-and-society-at-harvard-university-a221cdb12949) Omidyar Network
The Center recently launched the [Institute for Rebooting Social Media](https://cyber.harvard.edu/programs/institute-rebooting-social-media) [...] In connection with this Institute and the [Berkman Klein Research Sprints](https://cyber.harvard.edu/story/2020-10/research-sprint-participants-explore-digital-transformation-time-crisis-focus), and through the Centers ongoing work with the over 100 international [Network of Internet and Society Research Centers](http://networkofcenters.net/), the Center will support conversations about digital identity issues that will reach diverse and interdisciplinary communities of research and practice.
* [OpenID Presentations at December 2021 OpenID Virtual Workshop](https://self-issued.info/?p%3D2214)
- OpenID Connect Working Group [(PowerPoint)](http://self-issued.info/presentations/OpenID_Connect_Working_Group_9-Dec-21.pptx) [(PDF)](http://self-issued.info/presentations/OpenID_Connect_Working_Group_9-Dec-21.pdf)
- OpenID Enhanced Authentication Profile (EAP) Working Group [(PowerPoint)](http://self-issued.info/presentations/OpenID_EAP_Working_Group_9-Dec-21.pptx) [(PDF)](http://self-issued.info/presentations/OpenID_EAP_Working_Group_9-Dec-21.pdf)
use of IETF Token Binding specifications with OpenID Connect and integration with FIDO relying parties and/or other strong authentication technologies.”
* [TOIP HELPS SANTA WITH HIS TOUGHEST CHOICES](https://trustoverip.org/news/2021/12/15/toip-helps-santa-with-his-toughest-choices/) Trust over IP
MEGA also joined the Good Elf Pass Initiative whose “interoperability blueprint” supports its crucial role as issuers of these credentials. The ground-breaking “Hypersleigh” blockchain standard will also support rapid delivery and high security for all Meaningful Gifts. #hypersleigh
@ -334,8 +327,8 @@ Informed by standards bodies including [the FIDO Alliance](https://findbiometric
Were not convinced that “constraint” is the right theoretical approach for an emerging technology, especially one that is being deployed in different sectors for different use cases. To underscore this, we want to address a particular constraint implied by ToIPs design concepts that is likely to be fatal to any deployment.
- [DIFS updated code of conduct](https://medium.com/decentralized-identity/difs-updated-code-of-conduct-a0c2d9dce1ad) - Setting a tone for inclusive collaboration.
* [DIF and OIDF cooperation](https://medium.com/decentralized-identity/dif-oidf-9753b9bd0093)
> to work together on areas of mutual interest, allowing working groups to align and coordinate through dual-members. The first major collaboration, which has already been underway for weeks, is a process for revising the Self-Issued OpenID Connect (SIOP) chapter of the OpenID Connect (OIDC) specification.
* [Why we support EFF](https://www.evernym.com/blog/why-we-support-the-electronic-frontier-foundation/) Evernym
> Privacy gets too little emphasis from some participants in the decentralized identity movement. They claim to value confidential interactions, yet advocate that individuals create public decentralized identifiers (DIDs) on the blockchain (ignoring legal warnings about DIDs being PII). They are okay with “phone home” verifications of credentials and revocation and capabilities.
* [7 Essential building blocks of decentralized digital ecosystems](https://medium.com/nevermined-io/what-decentralized-building-blocks-exist-to-build-your-digital-ecosystem-a2173550cc57) Nevermined

2
_posts/identosphere-dump/real-world/covid-coronavirus.md
View File

@ -4,6 +4,8 @@ published: false
* [The value of verifiable credentials in the evolving digital identity landscape](https://verified.me/blog/the-value-of-verifiable-credentials-in-the-evolving-digital-identity-landscape/) Verified Me
> In my recent podcast with [Brad Carr](https://www.iif.com/Staff-and-Authors/uid/46/BradCarr) of the [Institute of International Finance](https://www.iif.com/Publications/ID/4304/FRT-Episode-87-Digital-Identity-with-SecureKey-CEO-Greg-Wolfond), we discussed how digital identity and verified credentials can support a digital-first world, something thats extremely relevant amid the current pandemic.
* [Mapping FHIR JSON resource to W3C Vaccination vocabulary : A semantic data pipeline](https://iiw.idcommons.net/index.php?title%3D12H/_Mapping_FHIR_JSON_resource_to_W3C_Vaccination_vocabulary_:_A_semantic_data_pipeline%26action%3Dedit%26redlink%3D1) by John Walker
# Covid
* [I Want COVID-19 Certificates but I don't want a DID](https://www.youtube.com/watch?v=yqSr0xKcG18) David Chadwick

37
_posts/identosphere-dump/real-world/iot.md
View File

@ -83,45 +83,8 @@ One of the challenges identified by this last paper is the overhead of using SSI
Figure 1. Binary versions of DIDComm and DID Documents are needed to allow transmission in LoRa networks. The payload, in blue, is a DID Document. The overhead, in orange, is the protocol overhead due to the message signature.
* [Introduction to Picos](https://iiw.idcommons.net/4C/_Introduction_to_Picos) by Phil Windley
IoT, digital twins, device shadows, Conflict-free replicated data type (CRDT), CSP over DIDcomm
* [https://picolabs.io](https://picolabs.io) Pico Labs
* [https://github.com/Picolab/](https://github.com/Picolab/) repos
* [https://picolabs.atlassian.net/wiki](https://picolabs.atlassian.net/wiki) documentation
* [http://stackoverflow.com/questions/tagged/krl](http://stackoverflow.com/questions/tagged/krl) programming Q&A
* [Announcing Pico Engine 1.0](https://www.windley.com/archives/2021/02/announcing_pico_engine_10.shtml)
Pico is short for “Persistent Compute Objects.”
Why Picos
- Persistent, personal, computational nodes → More individual autonomy
- Computational node for anything: person, place, organization, smart thing, dumb thing, concept, even a pothole
- Better, more scalable model for IoT → trillion node networks
- Picos support social things and trustworthy spaces
- Better sharing, more natural relationship-based interactions (borrow my truck, Fuse with two owners)
- Scales
- Substitutable hosting model → freedom of choice
- pico mesh
* [...]
What are Picos?
- “Pico” is a neologism for persistent compute objects.
- Persistence is a core feature of how picos work.
- Picos exhibit persistence in three ways:
- Persistent identity—Picos exist, with a single identity, continuously from the moment of their creation until they are destroyed.
- Persistent state—Picos have state that programs running in the pico can see and alter.
- Persistent availability—Picos are always on and ready to process queries and events.
Pico Engine 1.0 released in January
* [Rugged Identity: resilience for Identity of Things to bad latency, signal, power, physical integrity. Mars, war zones, bad neighbors, Great Firewalls.](https://iiw.idcommons.net/11C/_Rugged_Identity:_resilience_for_Identity_of_Things_to_bad_latency,_signal,_power,_physical_integrity.) by Phil Wolff

2
_posts/identosphere-dump/web3-and-decentralized-identity/defi.md
View File

@ -5,7 +5,7 @@ published: false
# Decentralized Finance
* [Decentralized identifiers for DeFi? Definitively.](https://hackernoon.com/decentralized-identifiers-for-defi-definitively-25j33qa) Hackernoon
> DIDs from a DeFi user VCs can be placed, anchored, indexed, and associated on the LTO chain. LTO Network solution is GDPR compliant and goes hand in hand with [ISO/TC307 - BLOCKCHAIN AND DISTRIBUTED LEDGER TECHNOLOGIES](https://www.iso.org/committee/6266604.html?ref%3Dhackernoon.com) . LTO Network approach uses Chainlink oracles for reaching the cross-chain operability and the Dutch company Sphereon for wallet integration.
> DIDs from a DeFi user VCs can be placed, anchored, indexed, and associated on the LTO chain. LTO Network solution is GDPR compliant and goes hand in hand with [ISO/TC307 - BLOCKCHAIN AND DISTRIBUTED LEDGER TECHNOLOGIES](https://www.iso.org/committee/6266604.html) . LTO Network approach uses Chainlink oracles for reaching the cross-chain operability and the Dutch company Sphereon for wallet integration.
* [Decentralized Finance & Self-sovereign Identity: A tale of decentralization, a new paradigm of trust](https://gataca.io/insights/decentralized-finance-self-sovereign-identity-a-tale-of-decentralization-a-new-paradigm-of-trust)
> We are aware that DeFis growth is explosive and inevitable yet its growth needs to be sustainable and responsible. This can be done with SSI.
* [KeyFi: AI-Powered DeFi Aggregator](https://selfkey.org/keyfi-ai-powered-defi-aggregator-platform-backed-by-selfkey-credentials-%F0%9F%93%A2/))