decentralized-id.github.io/identosphere-dump/open-standards/standards.md
2022-12-12 06:09:55 -05:00

29 KiB
Raw Blame History

published
false

Standards

If you are a developer and want to write a DApp [...] you probably are using API-Keys in your front-end. If this is the case, then you should consider the security risk the publication of the API-Key in your front end represents and ask yourself if it would make sense to switch to a user authentication scheme.

In general

  • FYI: What makes a standard world class? Michael Herman (Trusted Digital Web) (Saturday, 14 August)

    • A world class standard should have well-defined objectives that respond to real needs in a timely manner.
    • Its technical content should be complete and accurate.
    • It should be easy to understand (or as easy as the subject matter allows!) and easy to implement.
    • Its requirements should be expressed clearly and unambiguously.
    • It should be validated.
    • It should be well-maintained.

    Reference: A Guide To Writing World Class Standards

  • Trust Frameworks? Standards Matter Tim Bouma

    He points at the NIST documents about it Developing Trust Frameworks to Support Identity Federations published in 2018. He also points at the Canadian governments definition of standards.

    “a document that provides a set of agreed-upon rules, guidelines or characteristics for activities or their results. Standards establish accepted practices, technical requirements, and terminologies for diverse fields.”  He goes on to highlight a lot of the work being done in Canada and where it all sits relative to being a standard - “In closing, there are lots of trust frameworks being developed today. But to be truly trusted, a trust framework needs to either apply existing standards or become a standard itself.”

  • Open standards should be developed openly WeAreOpen

    Open standards should be developed openly because not enough people work to ensure that equity is central to innovation and development. We believe that openness is an attitude, and one which bears fruit over time from which everyone can benefit.

  • Global Standards Mapping Initiative ContinuumLoop

This past November, the GBBC released The Global Standards Mapping Initiative 2.0, updating the standards published in 2020. The GBBC is a strong proponent of standardization and intends to serve as a baseline for establishing frameworks and standards that will allow for adoption and innovation.

Heres my premise we dont have standards nor interoperability at least not as people really need. We have been through a process that is powerful and good but what we have is what I call “premature standardization.” Its a great start but nowhere near where things will be.

  • Trinsic Basics: What Are SSI Standards?

    There are two kinds of standards that Trinsic implements to enable interoperability and avoid vendor lock-in: data model standards and protocol standards.

  • Manifesto: Rules for standards-makers

    I've used all kinds of formats and protocols in a long career as a software developer, even created a few. My new manifesto summarizes what I've learned about what works and what doesn't.

Formal Objection

  • Re: historical background regarding success of responses to formal objections Liam R. E. Quin (Monday, 13 September)

    In the 17 years i worked at W3C, the formal objections were

    (1) "we [the objector] wanted to be on record as saying this but go ahead and publish" (the most common);
    (2) we [the objector] have a product, or are about to ship a product, and the feature(s) in  this spec would cause problems in the short-term for our product, and that's more important to us than the Web (no-one will ever admit to this but it's not uncommon)
    (3) we object to this spec, we prefer another approach, so here's a bunch of fake objections to slow things down because we can't share our actual business strategy
    (4) we believe there's a technical problem with this spec, but we didn't notice it over the past four years despite a last call  review (this one is actually rare but does happen)\

New

The version 2.1 of theClient to Authenticator Protocol (CTAP) specification is a Release Draft at the FIDO Alliance. This means the spec is in a public review period before final publication. We think you might want to hear about what we think is especially fun about WebAuthn L2 and CTAP 2.1.

Big Pic

Verifier Universal Interface

WebAuthn

KMIP

  • OASIS releases KMIP 2.1

    The Key Management Interoperability Protocol (KMIP) is a single, comprehensive protocol for communication between clients that request any of a wide range of encryption keys and servers that store and manage those keys. By replacing redundant, incompatible key management protocols, KMIP provides better data security while at the same time reducing expenditures on multiple products.

OMG

  • OMG ISSUES RFI FOR DISPOSABLE SELF-SOVEREIGN IDENTITY STANDARD

    This RFI aims to gain a better understanding of the self-sovereign identity space. In particular, the Blockchain PSIG is exploring the potential for standards setting in the area of contextually constrained or disposable self-sovereign identity arrangements, building on top of existing W3C standards for self-sovereign identity [DID] and verifiable credentials [VC]. The aim of this RFI is to determine whether new standards for this specific aspect of self-sovereign identity are necessary, desirable and timely, and are not already being developed elsewhere. (The RFI) A public presentation on the Disposable Self-sovereign Identity RFI will be held on February 3, 2021 at 11:00 AM ET. The Object Management Group® (OMG®) is an international, open membership, not-for-profit technology standards consortium, founded in 1989. OMG standards are driven by vendors, end-users, academic institutions and government agencies. OMG Task Forces develop enterprise integration standards for a wide range of technologies and an even wider range of industries.

Agents

Schema.org

Schema.org was founded on the idea of making it easier and simpler for the ordinary, everyday sites that make up the web to use machine-readable data, and for that data to enable an ecosystem of applications used by millions of people. While it's hard to predict exactly what the next decade will bring, if we can all keep these founding concerns in mind as we improve, refine and curate our growing collection of schemas, we'll be doing our part to continue improving the web.

Identiverse

Oasis

I recently pointed out in a TechCrunch contribution that the open source and open standards communities need to find ways to team up if they are to continue driving innovation and  development of transformative technologies to push our society forward.

JSON

JSON has its place. But I think we're overusing it in places where a good notation would serve us better.

ISO 27001

WAYF has now been certified according to the standard for information security ISO 27001. This is the result of the audit that DNV conducted at WAYF on 23 September 2021. Language Danish Read more about WAYF certified according to ISO 27001

  • What Is ISO 27001:2013? A Guide for Businesses

    ISO 27001 is also the cornerstone of a growing international consensus about data security best practices. Australia based its federal Digital Security Policy on ISO 27001. Likewise, ISO 27001 can provide guidance on how to meet the standards of other data privacy laws, such as the GDPR, which often direct companies to it as an example of universal best practices. So if you abide by ISO 27001s recommendations, youre on the right track for legal compliance, not to mention improved data security.

OpenBadges

we want to explain what we talk about when we talk about Open Recognition. It builds on this previous post, and aims to move from the abstract to practicalities.

KBW helps people understand the badge landscape. The community is there to provide solidarity for badge champions and newbies. We do not assume prior knowledge of Open Badges or Verifiable Credentials. We recognise and celebrate those who can share their experience. Anyone interested in badges or integrating Open Recognition are welcome to join.

  • Keep Badges Weird… at the Badge Summit

    We have a new suite of badges to encourage participation, create value for others, and reflect on that experience. Participants will be able to both earn AND award badges, so theyll have a chance to prove that theyve understood the theory surrounding CoPs and badges as well as put those theories into practice.

  • Discover Open Badges 3.0! Keep Badges Weird
    1. Check out the (accepted) Open Badges 3.0 proposal
    2. Watch a video from the ePIC conference giving an overview of what Open Badges 3.0 will enable (or view the slide deck
    3. Discuss what this means for you, your organisation, or your community in this thread
  • Reflecting on the Evolving Badges and Credentials Ecosystem

    Recently, the WAO team took the opportunity to update the badge platforms page on Badge Wiki, a knowledgebase for the Open Badge community. As the ecosystem continues to evolve were seeing some early platforms fall by the wayside and new platforms emerge.

  • What is Open Recognition, anyway? Going beyond credentialing and the formal/informal divide

    Badges as credentials includes approaches that are well understood and largely replace or augment existing certification practices. Badges for recognition, however, include approaches that remain somewhat confusing to many people.

Blockcerts

XSL SDI

The SDI technology constitutes a very important example of decentralized counter-power to the web giants. The SDI maintains to keep the practicality of a unique identifier while guaranteeing the security of the data and the user's sovereignty over it

CCI

This is the Use Case Implementation Workstream of the COVID Credentials Initiative (CCI). This workstream identifies privacy-preserving verifiable credentials (VCs) that are most useful to the COVID-19 response and provides a forum and platform for those who are implementing COVID VCs to present their projects/solutions.

VON\ION

  • @csuwildcat shares

    As of Friday, we believe v1 of ION is functionally code complete, and the Sidetree Working Group at DIF (@DecentralizedID) should have a v1 spec candidate ready for the underlying protocol by Jan 21st. Public v1 launch of the ION network on Bitcoin mainnet is just weeks away.

Oberon protocol

Presentation slides: https://docs.google.com/p>resentation/d/1UO25DzVmq25ya2S4_tV5UKTSP6NtBggln9vP1TEXSzE/edit

Goal of the Oberon protocol when building an API:

  • Super effective: no separate session token to required for accessing the API; very fast to issue and verify tokens; 128 bytes required per message
  • Privacy preserving
  • No new crypto, uses BLS signature keys and Pointecheval saunders Construction

Timestamping

Read more about timestamping and its concepts at Trusted Timestamping Part 1: Scenarios and Trusted Timestamping Part 2: Process and Safeguards.

Family of standards related to timestamping

GAIN

OASIS

An alternative to passwords that includes QR Codes is described, and typical use cases are described. This document also provides an overview and context for using QR Codes for security purposes.

JWP

ONDC

JWT

BBS Creds

C2PA

Just wanted to update folks here that the C2PA has released version 1.0 of their specification at https://c2pa.org/specifications/specifications/1.0/index.html.  As previously mentioned, it includes native support for VCs for use in identification of actors (be they human, organizations, etc.).  Thanks to everyone here for their input on our work and helping us to deliver.