decentralized-id.github.io/identosphere-dump/real-world/use-cases.md
2023-05-31 22:36:44 +05:30

38 KiB
Raw Blame History

published
false
  • Self-Sovereign Identity: More Use Cases: Heather Dahl and Ken Ebert of Indicio Discuss Decentralized ID Management

    In a video interview with Information Security Media Group, Dahl and Ebert discuss:

    • The evolution of Indicio.tech from the Sovrin Foundation;
    • Key initiatives in implementing and testing decentralized identity;
    • How a decentralized workforce is accelerating the need for identity management.

Verifiable Credentials

Supply Chain

  • Trusted Supply Chain: end-to-end compliance in multi-tier supply chain Evan Network

    In the real estate industry, TRUST&TRACE can be used by companies to obtain required compliance information from a network of participating companies. In this way, all property data is collected step by step: from building construction and leasing to sale and demolition.

  • SAP Completes Pharmaceutical Industry Pilot to Improve Supply Chain Authenticity

    today announced the completion of an industry-wide pilot utilizing self-sovereign identity (SSI) credentials to establish trust in the pharmaceutical supply chain for indirect trade relationships.

  • The missing link: digitizing supply chains with portable data Mavnet

    The traceability vocabulary bridges the gap between existing record-keeping systems and the verifiable exchange of supply chain information across organizations envisioned by proponents of these data portability technologies.

  • The Phygital Future of the Supply Chain Next Level Supply Chain Podcast with GS1

    The digital and physical world are merging more than ever before. As the supply chain becomes more phygital, innovative ways of sharing data like using verifiable credentials are helping to build more trust with data along the supply chain. Join us as we chat with Senior VP of Innovation & Partnerships at GS1 US, Melanie Nuce, as we explore whats around the corner and how standards play

  • How to Prevent Supply Chain Fraud With Blockchain Dock

    The global supply chain management market size was valued at USD 10.1 Billion in 2020 and is projected to reach USD 19.3 Billion by 2028. Supply chain is the path for any product such as food, clothes, or appliances to go from where it was a produced, to distributors, procurement officers (quality inspections), and the market.

  • SAP Pharma Solution Supports Supply Chain Compliance

    SAP has chosen an open, interoperable technology to validate all stakeholders in the pharma supply chain in order to provide customers with the best solution for compliance under the U.S. Drug Supply Chain Security Act (DSCSA) requirements. The DSCSA also limits stakeholders interactions to ATPs.

Personal Data

Banking

While US-based entities are adhering to an enhanced regulatory framework, these mandates are particularly applicable in Europe, where there is necessary compliance with enacted standards (such as the General Data Protection Regulation—commonly known as GDPR—and the Payment Service Providers Directive 2—referred to as PSD2. A clear need for a true and persistent digital identity as a solution to the ancillary—and sometimes unforeseen—challenges that have arisen.

  • Bankings identity problem Global Banking and Finance

    Banks have sought to overcome some of these challenges with the use of biometrics such as facial recognition and fingerprints.  These are now more commonly used to login to, or unlock devices, and increase usability, but still leave the challenge of proving the authenticity of a document wide open to abuse.

Indicio

Credential fraud has, unfortunately, become commonplace in todays instant electronic age. Especially problematic in higher education, credential fraud has spiralled into a multi-billion-dollar industry

business registry

This rapid digitalization of the private sector exposed a challenge in the business registration paradigm. To use private digital platforms for e-Logistics or e-Commerce, SMEs have to register and confirm their identity with these platforms, despite already being identified in the government business registry.

Fraud

At the root of the problem is the fact that uniquely identifying a person is hard to do and that people can create fake IDs for themselves quite easily.

Security

  • photo attacks based on the presentation of facial evidence of an image of a face printed or displayed via a devices screen.
  • video of user replay attack usually consisting of placing the screen of the attackers device in front of the camera.
  • 3D mask attacks where 3D masks are crafted to reproduce the real traits of a human face and even include eyes holes to fool the liveliness detection based on eye gaze, blinking and motion.
  • deepfake attacks make use of leveraging software capable to create a synthetic video or image realistically representing someone else. Attackers are suspected to have access to a wide dataset containing images or a video of their target.

Hiring \ Resume

Today, even in this digital world that has expanded over the past two years, the job market still relies on self-reported attributes, records, resumes, and/or LinkedIn profiles, that individuals share with employers or recruiters as the source for applicants and employee data.

Africa

In 2018, I was trying to open a bank account in my home town of Mutare, Zimbabwe, having just come back from the 1st world, I was under the impression it would take me at most 30 mins to an hour. I immediately realised I couldnt provide most of the requirements such as my Proof of Residence and many more. It turns out it took weeks and months for some to finish the entire process.

Much like cell phone technology and the internet, the true power of SSDI will only be unleashed when it is embedded across all sectors of society, from education and medical care to telecommunications and retail. And that will require all role players government bodies, regulators, service providers, public and private agencies to take up the SSDI baton and become part of the change.

Smart Home

loyalty rewards

  • @XPID · Nov 2

    Check out the latest version of our beta prototype in the Appstore for #verifiablecredentials for #LoyaltyPrograms. https://apps.apple.com/us/app/id1458328593 When #sovereign #decentralized #identity becomes a reality, your #Loyalty and #loyaltyrewards #Wallet will be on XPID. #SSI

Passwordless

Identos

Identos is adding W3C (World Wide Web Consortium) verifiable credentials as a product feature for its digital ID solutions by the end of the year, announcing its position in the race to incorporate international standards for how digital credentials from health records to degree certificates are stored and verified.

Meeco

Enabling Australian FinTechs a direct avenue to discuss how they partner and collaborate to access the eftpos payments network through the Committee resulted in recommendations that covered a number of central themes, including consultation and engagement, regulation, and technology and solutionsBen Tabell, eftpos Chief Information Officer and Committee Chair

Gaming

Crucible's CEO (Ryan Gill) and CTO (Toby Tremayne) for a discussion on what self-sovereign identity (SSI) and verifiable credentials mean for gaming and the greater online entertainment sector.

Credit unions

Credit unions and their members face the threat of fraud on all sides. And credit unions employ lots of tools to fight it. But ultimately, the problem comes down to the member and credit union authenticating each other. The problem is that doing this securely annoys people.

The 2021 cohort of Tech Pioneers includes many future headline-makers at the forefront of their industries. These companies show great potential to not only shake up their industries but offer real solutions to global problems.

In our last post we briefly presented Veramo and how it evolved from the challenges faced with uPorts libraries. In this next series of articles we will give Veramo a proper introduction and answer some of the basics: why it exists and what it does, followed by articles describing the architecture in more detail, and how to build applications using Veramo.

Auth0

How to issue Verifiable Credentials from Auth0 user data using MATTR's Auth0 Marketplace Integration

Memberpass

You can probably use the good news. Its never been easy to run a credit union, especially when you get whacked from all sides. Regulations change, members always seem to want access to another shiny new technology gadget, and financial fraud continues to be a threat. On top of that, weve all had to grapple with the pervasive life-changing effects of the coronavirus pandemic for the past year.

E-Commerce

There is momentum here, and a need to start building out much of what was discussed.

Doc introduced the session with the slide deck here, wearing his hat as a founding member of Customer Commons, the .org working on the Intention Byway discussed at earlier IIW sessions and described in this blog, posed later.

His case is that the incumbent e-commece system hasnt progressed past its dependence on the cookie, and perhaps never will; and that there is a need to stand up an alternate model, built on asynchronous pub-sub messaging and compute nodes that run apps that dont have to come from the stores of Apple and Google.

First examples of target areas (where communities are already active) are food distribution in Michigan and real estate in Boston. Hadrian Zbarcea led the discussion of both, using slides from the deck above.

Career Creds

  • Self sovereign career identity Diginomica with Meg Bear

    The Velocity piece is a way for me as an individual to own my credentials, to say, these are the things that I know. And these are the things I've done. And if I can own that, I have a lot more interest in it. And I can use it in a lot more interesting ways. In the past, that might have just been something that I built as reputation within a company, I can now make that a more dynamic and portable reputation I can take with me anywhere.

Velocity Network

Having a look at the Velocity Whitepaper it does mention they are keeping an eye on the work developing in W3C and DIF.

DHS

DOMI

its hard to keep track since some call, some… email, and still others send you a message on WhatsApp.” Going through all of these disparate messages is its own fulltime job!

Thats why Domi locates all communication about a property in one place, making it easy for tenants and property managers to stay in touch.

Trade

  • Vincent Annunziato, talks about his work with The Silicon Valley Innovation Program. He is the Director of Transformation & Innovation Division of the Customs and Border Patrol Office of Trade, talks about shaping blockchain technologies to make imports safer and more secure. CBP's current projects include tracking steel, oil, and natural gas imports from Canada.

  • What Is Self-Sovereign Identity Verification and How Is It Changing Background Screening?

    A prime example is self-sovereign identity verification, one of the game-changing background screening trends of 2021. When combined with screening activities, self-sovereign identity solutions offer opportunities to obtain more accurate candidate background data and deliver it to employers faster.

  • The Equifax Incident, And How SSI Could Have Prevented It Europechain

    On March 8, 2017, Cisco staff found and reported a critical flaw in Apache Struts, an open-source framework that enables the creation of web-based Java applications. The vulnerability in question was identified as CVE-2017-5638. In short, Struts parser tool, Jakarta, could be manipulated to enable a malicious actor to upload files remotely to a server, and potentially run code on that compromised server.

  • A Holochain DocuSign Challenge

  • Use Case: American Electric Power

    What kind of strategy will take you to being a next-generation utility company? For AEP Ohio, a large electric utility company based in Columbus, this challenge began with a comprehensive review of their entire ecosystem and which identified their key pain points for innovation.

  • 5 Promising Use Cases for Verifiable Credentials - Hackernoon

    verifiable credentials promise to appear in our daily lives in the not-too-distant future.

In fact, several industries are already digging in. Here are some of the most visible and promising use cases.

  1. You could use VCs to prove that you should have certain levels of access to certain systems. Checking this could happen automatically, but while ensuring that you're "live" and not some bot.
  2. Logs could be kept of which VCs were used when to receive the authority to do something.
  3. ZCAPs could be used to provide fine-grained access to very specific resources, even behind the firewall, within an organizations systems. DIDs could power much of this... but shouldn't promise any of it. The closest we could probably get to what you're asking, Adrian, is to align the Zero Trust Architecture principles to how DIDs and VCs can help -- primarily around: identity verification (VCs), login authentication (DIDs), least-privilege access (ZCAPs, Confidential Storage), and HTTP API access authorization (ZCAPs).
  • More from Adrian

    The most important message from the SolarWinds hack and much of the ransomware havoc is that our systems are not set up for individual accountability or independent audit.

The VC and ZCAPs perspective is inadequate. As an SSI community we need to address the separation of concerns between authentication, authorization, and audit as equally important and needing a harmonized best-practice perspective. Standardized EDVs are table stakes but not terribly relevant to the protocols that link authentication, authorization, and audit. Confidential Storage should be adopting the protocols that connect authentication, authorization, and audit rather than introducing protocols narrowly scoped to the narrow and obvious role of encryption at rest. I've put together a few slides in an attempt to clarify the relationship between non-repudiable accountability and audits (and EDVs). https://docs.google.com/presentation/d/1ksKal62ZiApX09Nejm4RSqHzHJbgwpu_l2Ho64_ePKU/edit#slide=id.p

  1. Resource Owner (RO) their user agent (mobile wallet), and cloud agent (AS)
  2. Service Provider (SP), by definition has data in the clear
  3. Requesting Party (RQ) and their user agent (mobile wallet)
  4. Requesting Client (RC), by definition has data in the clear

In the payment card world, there are clear guidelines on personal liability. $50 if you use credit and up to $500 for debit depending on when you report the issue. Based on that, different people choose to use different “systems.”

However, no such guidelines exist for the use of identity information (e.g. attributes.)

Cognito's CEO Alain Meier joins the State of Identity host Cameron DAmbrosi to dive into why industries beyond financial services are now in the market for identity verification. They also unpack the impact of synthetic identity fraud across verticals, and how platforms find the balance when building their onboarding processes.

and people asking questions about whether SSI could slove this use case - Yes.

If there was a trust framework for police departments and a DID registry for them - the police departments could issue VCs to their officers.

If you want to se how hard this was/would have been to achieve in earlier technology stacks take a look at conceptual outlines from this NSTIC (National Strategies for Trusted Identities in Cyberspace) developing a trust framework for law enforcement federations done by the Georgia Technology Reserach Institute and the results/learnings.

Evidentiary value is an essential component of important transactions. When a transaction is recorded in a printed document, one way to impart evidentiary value is by including date and time

The COVID-19 pandemic rapidly shifted the way we work, coinciding with digital transformation trends that depend on strong identity assurance. Hybrid workplaces are more common, as is completely remote work

Dignified Identities for Cash assistance project. The first phase was implemented by KRCS to meet the needs of the vulnerable populations without official IDs

LONDON, United Kingdom  In the largest update of protocol coverage in Coinfirms history, the firm has added support for 840,361 new tokens to the AML Platform, offering total digital asset coverage of 17 blockchains. Now, the companys industry-recognized blockchain agnostic AML Platform supports ~846 thousand cryptocurrencies and tokens.

AERGO is proud to announce the launch of the AERGO Venture Fund: a fund dedicated to dApp development! “Start Together, Scale Together” is a fundamental ethos of the AERGO hybrid blockchain ecosystem.

I had a stab at why Cardspace failed, in “Identities Evolve: Why Federated Identity is Easier Said than Done

Why does digital identity turn out to be such a hard problem? People are social animals with deep seated intuitions and conventions around identity, but exercising our identities online has been hugely problematic.

IGNOU (Indira Gandhi National Open University) had their convocation today and they issued more than 60000 degrees and certificates as Self-Sovereign Identity document (Cryptographically verifiable Credential) on National Blockchain Project and CRUBN's SSI blockchain.

We propose a practical architecture by elaborating the service concept, SSI, and DLT to implement SSIaaS platforms and SSI services. Besides, we present an architecture for constructing and customizing SSI services with a set of architectural patterns and provide corresponding evaluations. Furthermore, we demonstrate the feasibility of our proposed architecture in practice with Selfid, an SSIaaS platform based on our proposed architecture.

Ontario (a province in Canada) just had an election last week and Darrell thinks: Digital ID Can Increase Voter Participation

Im not an expert on the election process, and this is just my opinion. Ive been lazy in past elections, and Id be lying if I said Ive voted in every one. As a citizen, I believe ease and accessibility have a lot to do with it.

Solution: Election Integrity & Expanded Voter Access w/ blockchain voting & Self Sovereign Identity https://tiktok.com/t/ZTdvvX1uy/

while SSI principles incorporate similar notions to the provisions and principles in the GDPR, closer analysis shows that they might have different meanings.

1/ Can QUIC use DIDComm as a Handshake protocol instead TLS1.3? The spec provides enough abstraction for the session handling, and most crypto operations are the same. The main difference is the trust architecture and model: certificate chain vs DID Documents.

Great report!

Digital badges or PDF credentials lack proof of being authentic and current, and can be easily reproduced or falsified, impacting both the individual and the reputation of the training provider.

The non-transferability of verifiable credential is one of their super powers. This post examines how that super power can be used to reduce fraud and increase safety in a hired car platform.

  • Identity is the sum of a lot of individual parts that, when pieced together, paint a comprehensive and multi-layered picture of who someone truly is
  • Zaisans my.D platform leverages blockchain technology to provide a comprehensive digital identity management solution
  • My.D enables a cost-effective and efficient management solution for an individuals digital credentials

Discussed the approach and the implementation challenges of drone pilot credentialing for air safety using verifiable credentials at the July 21, 2022 Ecosystem Foundry Working Group of the Trust Over IP Foundation.

we need to figure out how to give more power to “better” actors within a given community or context, and disempower or keep out the detractors and direct opponents. All without putting a centralized authority in place.

Energy Systems

New features include credential revocation and expiration, full support for role-authorised issuance, credential issuance based on email verification and asset administration as well as better alignment with the W3Cs Verifiable Credential Standards.

Trying to ban or sideline bots is not a solution. The solution is to distinguish bots from humans so that humans can do human stuff and bots can do bot stuff.

OpenEarth Foundation partnered with the Mines Digital Trust initiative to allow BC companies to also share their greenhouse gas (GHG) emissions credentials to the OpenClimate platform so that they can be integrated into BCs subnational climate inventory and showcased to interested purchasers and civic society

This article explains how verifiable credentials can be used to benefit event organizers and visitors alike based on a practical usage of the Lissi team.

The Content Authenticity Initiative one of Ories favoriate Use-cases for VCS

Yes, verifiable authentic human content is important. I also think cryptography can provide better transparency for synthetic content. It's one of my favorite applications of W3C Verifiable Credentials.

We Credivera are Having fun at the #NSCExpo

This partnership will enable the use of Blockchain and Self-Sovereign Identity technologies such as verifiable credentials to enable the support of diplomas and professional certifications in compliance with personal data in a decentralized environment (#web3).

using verifiable credentials in their wallet.

#HUMBL x GF2GO - San Diego, CA - Pilot Program: New search engine, mobile wallet, verifiable credentials and delivery technologies.

Tweet of the week (emphasis ours)

Self sovereign online identity is going to be a CRITICAL tool for everyone on the internet.  Without it, we will lose trust of any content on the internet due to AI advancement in the next 12-24 months.

This one of the most urgent issues in our society today.

Most Refugees and IDPs did not have the time to properly prepare by gathering all their important documents such as passports, identity cards, drivers licenses, and land titles or rental agreements. Fleeing your home may save your life, but fleeing without identity documents can lead to a very long wait sometimes a decade or more before your life is stable again.

“Verifying applicant career records can take days, weeks, if not months, to complete," said Dror Gurevich, founder and CEO of the Velocity Network Foundation. "Hiring methods are severely outdated to the point that one in three Americans have admitted to lying on their resumes, which slows the hiring process immensely.