38 KiB
published |
---|
false |
- Self-Sovereign Identity: More Use Cases: Heather Dahl and Ken Ebert of Indicio Discuss Decentralized ID Management
In a video interview with Information Security Media Group, Dahl and Ebert discuss:
- The evolution of Indicio.tech from the Sovrin Foundation;
- Key initiatives in implementing and testing decentralized identity;
- How a decentralized workforce is accelerating the need for identity management.
Verifiable Credentials
- How Exactly Are Verifiable Credentials Making the World Better? Stepan Gershuni
6 stories of how verifiable credentials can improve the lives of every day people:
Ajay is an Uber driver in San Francisco. He wants to try various temporary jobs while he’s studying but joining Lyft, Postmates and other platforms requires going through a long and tedious background verification and car certification process over and over again.
- Reimagining Customer Loyalty Programs With Verifiable Credentials: A Pravici Case Study Evernym
Pravici, an Evernym customer and startup based out of Chandler, Arizona, is looking to flip the equation. Their solution, Tokenized Loyalty Points (TLP), uses verifiable credential technology to give individual consumers control over their data, while empowering them to direct how their favorite brands can use this data for loyalty and other campaigns.
- 26 Suggested Use Cases of Verifiable Credentials (With Some Real-World Examples)
we hope that business leaders, entrepreneurs, and developers will use this article as a guide to create some breakthrough solutions that will benefit the society at large.
Supply Chain
- Trusted Supply Chain: end-to-end compliance in multi-tier supply chain Evan Network
In the real estate industry, TRUST&TRACE can be used by companies to obtain required compliance information from a network of participating companies. In this way, all property data is collected step by step: from building construction and leasing to sale and demolition.
- SAP Completes Pharmaceutical Industry Pilot to Improve Supply Chain Authenticity
today announced the completion of an industry-wide pilot utilizing self-sovereign identity (SSI) credentials to establish trust in the pharmaceutical supply chain for indirect trade relationships.
- The missing link: digitizing supply chains with portable data Mavnet
The traceability vocabulary bridges the gap between existing record-keeping systems and the verifiable exchange of supply chain information across organizations envisioned by proponents of these data portability technologies.
- The Phygital Future of the Supply Chain Next Level Supply Chain Podcast with GS1
The digital and physical world are merging more than ever before. As the supply chain becomes more ‘phygital,’ innovative ways of sharing data – like using verifiable credentials – are helping to build more trust with data along the supply chain. Join us as we chat with Senior VP of Innovation & Partnerships at GS1 US, Melanie Nuce, as we explore what’s around the corner and how standards play
- How to Prevent Supply Chain Fraud With Blockchain Dock
The global supply chain management market size was valued at USD 10.1 Billion in 2020 and is projected to reach USD 19.3 Billion by 2028. Supply chain is the path for any product such as food, clothes, or appliances to go from where it was a produced, to distributors, procurement officers (quality inspections), and the market.
- SAP Pharma Solution Supports Supply Chain Compliance
SAP has chosen an open, interoperable technology to validate all stakeholders in the pharma supply chain in order to provide customers with the best solution for compliance under the U.S. Drug Supply Chain Security Act (DSCSA) requirements. The DSCSA also limits stakeholders’ interactions to ATPs.
Personal Data
- Why Location Data Brokers Put All Communities At Risk Zach Edwards M2BA
New work that may leverage decentralized ID from the supply chain side of things…but not sure (lots of links inside on data brokers harm)
- Julian Wilson: Self-Sovereign Data meets Open Banking Masters of Privacy
Julian Wilson began his career at Apple in the late 80s [...] joined Ecospend in 2019 to build a self-sovereign data service on top of an Open Banking platform. He describes his role as putting an Internet lens onto product design.
Banking
- Impacts from a new reality drive the need for an enhanced digital identity framework Bank Automation News
While US-based entities are adhering to an enhanced regulatory framework, these mandates are particularly applicable in Europe, where there is necessary compliance with enacted standards (such as the General Data Protection Regulation—commonly known as GDPR—and the Payment Service Providers Directive 2—referred to as PSD2. A clear need for a true and persistent digital identity as a solution to the ancillary—and sometimes unforeseen—challenges that have arisen.
- Banking’s identity problem Global Banking and Finance
Banks have sought to overcome some of these challenges with the use of biometrics such as facial recognition and fingerprints. These are now more commonly used to login to, or unlock devices, and increase usability, but still leave the challenge of proving the authenticity of a document wide open to abuse.
Indicio
-
Identity Blockchains and Energy Consumption Indicio A decentralized network using a blockchain-based distributed ledger means you can use Peer DIDs to move most “transactions” and their cryptographic proofing off ledger. This means that for those peer-to-peer interactions, identity blockchains don’t need to do any ledger transactions at all.
Credential fraud has, unfortunately, become commonplace in today’s instant electronic age. Especially problematic in higher education, credential fraud has spiralled into a multi-billion-dollar industry
business registry
- Is the Self-Sovereign digital identity the future digital business registry? GORAN VRANIC, ANDREJA MARUSIC; WorldBank
This rapid digitalization of the private sector exposed a challenge in the business registration paradigm. To use private digital platforms for e-Logistics or e-Commerce, SMEs have to register and confirm their identity with these platforms, despite already being identified in the government business registry.
Fraud
At the root of the problem is the fact that uniquely identifying a person is hard to do and that people can create fake IDs for themselves quite easily.
Security
- photo attacks based on the presentation of facial evidence of an image of a face printed or displayed via a device’s screen.
- video of user replay attack usually consisting of placing the screen of the attacker’s device in front of the camera.
- 3D mask attacks where 3D masks are crafted to reproduce the real traits of a human face and even include eyes holes to fool the liveliness detection based on eye gaze, blinking and motion.
- deepfake attacks make use of leveraging software capable to create a synthetic video or image realistically representing someone else. Attackers are suspected to have access to a wide dataset containing images or a video of their target.
Hiring \ Resume
- Trusted Career Credentials Dr Gordon Jones
Today, even in this digital world that has expanded over the past two years, the job market still relies on self-reported attributes, records, resumes, and/or LinkedIn profiles, that individuals share with employers or recruiters as the source for applicants and employee data.
Africa
In 2018, I was trying to open a bank account in my home town of Mutare, Zimbabwe, having just come back from the 1st world, I was under the impression it would take me at most 30 mins to an hour. I immediately realised I couldn’t provide most of the requirements such as my ‘Proof of Residence’ and many more. It turns out it took weeks and months for some to finish the entire process.
Much like cell phone technology and the internet, the true power of SSDI will only be unleashed when it is embedded across all sectors of society, from education and medical care to telecommunications and retail. And that will require all role players – government bodies, regulators, service providers, public and private agencies – to take up the SSDI baton and become part of the change.
Smart Home
- SSI for smart locks h\t Animo
loyalty rewards
- @XPID · Nov 2
Check out the latest version of our beta prototype in the Appstore for #verifiablecredentials for #LoyaltyPrograms. https://apps.apple.com/us/app/id1458328593 When #sovereign #decentralized #identity becomes a reality, your #Loyalty and #loyaltyrewards #Wallet will be on XPID. #SSI
Passwordless
Identos
- Groundwork laid for mass digital identity take up as use cases grow Biometric update
Identos is adding W3C (World Wide Web Consortium) verifiable credentials as a product feature for its digital ID solutions by the end of the year, announcing its position in the race to incorporate international standards for how digital credentials – from health records to degree certificates – are stored and verified.
Meeco
Enabling Australian FinTechs a direct avenue to discuss how they partner and collaborate to access the eftpos payments network through the Committee resulted in recommendations that covered a number of central themes, including consultation and engagement, regulation, and technology and solutionsBen Tabell, eftpos Chief Information Officer and Committee Chair
Gaming
- Self-Sovereign Identity for Online Gaming, VR, & AR – Crucible Evernym (via identity-economy.de)
Crucible's CEO (Ryan Gill) and CTO (Toby Tremayne) for a discussion on what self-sovereign identity (SSI) and verifiable credentials mean for gaming and the greater online entertainment sector.
Credit unions
Credit unions and their members face the threat of fraud on all sides. And credit unions employ lots of tools to fight it. But ultimately, the problem comes down to the member and credit union authenticating each other. The problem is that doing this securely annoys people.
The 2021 cohort of Tech Pioneers includes many future headline-makers at the forefront of their industries. These companies show great potential to not only shake up their industries but offer real solutions to global problems.
In our last post we briefly presented Veramo and how it evolved from the challenges faced with uPort’s libraries. In this next series of articles we will give Veramo a proper introduction and answer some of the basics: why it exists and what it does, followed by articles describing the architecture in more detail, and how to build applications using Veramo.
Auth0
How to issue Verifiable Credentials from Auth0 user data using MATTR's Auth0 Marketplace Integration
Memberpass
You can probably use the good news. It’s never been easy to run a credit union, especially when you get whacked from all sides. Regulations change, members always seem to want access to another shiny new technology gadget, and financial fraud continues to be a threat. On top of that, we’ve all had to grapple with the pervasive life-changing effects of the coronavirus pandemic for the past year.
E-Commerce
- Self-Sovereign E-Commerce by Doc Searls
There is momentum here, and a need to start building out much of what was discussed.
Doc introduced the session with the slide deck here, wearing his hat as a founding member of Customer Commons, the .org working on the Intention Byway discussed at earlier IIW sessions and described in this blog, posed later.
His case is that the incumbent e-commece system hasn’t progressed past its dependence on the cookie, and perhaps never will; and that there is a need to stand up an alternate model, built on asynchronous pub-sub messaging and compute nodes that run apps that don’t have to come from the stores of Apple and Google.
First examples of target areas (where communities are already active) are food distribution in Michigan and real estate in Boston. Hadrian Zbarcea led the discussion of both, using slides from the deck above.
Career Creds
- Self sovereign career identity Diginomica with Meg Bear
The Velocity piece is a way for me as an individual to own my credentials, to say, these are the things that I know. And these are the things I've done. And if I can own that, I have a lot more interest in it. And I can use it in a lot more interesting ways. In the past, that might have just been something that I built as reputation within a company, I can now make that a more dynamic and portable reputation I can take with me anywhere.
Velocity Network
Having a look at the Velocity Whitepaper it does mention they are keeping an eye on the work developing in W3C and DIF.
DHS
DOMI
it’s hard to keep track since some call, some… email, and still others send you a message on WhatsApp.” Going through all of these disparate messages is its own fulltime job!
That’s why Domi locates all communication about a property in one place, making it easy for tenants and property managers to stay in touch.
- Blockchain and the Decentralised Workforce WorkforceFuturist
Trade
-
Vincent Annunziato, talks about his work with The Silicon Valley Innovation Program. He is the Director of Transformation & Innovation Division of the Customs and Border Patrol Office of Trade, talks about shaping blockchain technologies to make imports safer and more secure. CBP's current projects include tracking steel, oil, and natural gas imports from Canada.
-
What Is Self-Sovereign Identity Verification and How Is It Changing Background Screening?
A prime example is self-sovereign identity verification, one of the game-changing background screening trends of 2021. When combined with screening activities, self-sovereign identity solutions offer opportunities to obtain more accurate candidate background data and deliver it to employers faster.
-
The Equifax Incident, And How SSI Could Have Prevented It Europechain
On March 8, 2017, Cisco staff found and reported a critical flaw in Apache Struts, an open-source framework that enables the creation of web-based Java applications. The vulnerability in question was identified as CVE-2017-5638. In short, Strut’s parser tool, Jakarta, could be manipulated to enable a malicious actor to upload files remotely to a server, and potentially run code on that compromised server.
-
Use Case: American Electric Power
What kind of strategy will take you to being a next-generation utility company? For AEP Ohio, a large electric utility company based in Columbus, this challenge began with a comprehensive review of their entire ecosystem and which identified their key pain points for innovation.
-
5 Promising Use Cases for Verifiable Credentials - Hackernoon
verifiable credentials promise to appear in our daily lives in the not-too-distant future.
In fact, several industries are already digging in. Here are some of the most visible and promising use cases.
-
Are we doing enough to align our work with Zero Trust Architecture? Adrian Gropper on Public DID-WG mailing list
https://www.nytimes.com/2021/01/02/us/politics/russian-hacking-government.html What would be a good way for our SSI communities to advance zero trust architecture through more effective accountability and audit?
-
Could DIDs and VCs help with systems architected with Zero Trust in mind? Yeah, probably:
- You could use VCs to prove that you should have certain levels of access to certain systems. Checking this could happen automatically, but while ensuring that you're "live" and not some bot.
- Logs could be kept of which VCs were used when to receive the authority to do something.
- ZCAPs could be used to provide fine-grained access to very specific resources, even behind the firewall, within an organizations systems. DIDs could power much of this... but shouldn't promise any of it. The closest we could probably get to what you're asking, Adrian, is to align the Zero Trust Architecture principles to how DIDs and VCs can help -- primarily around: identity verification (VCs), login authentication (DIDs), least-privilege access (ZCAPs, Confidential Storage), and HTTP API access authorization (ZCAPs).
- More from Adrian
The most important message from the SolarWinds hack and much of the ransomware havoc is that our systems are not set up for individual accountability or independent audit.
The VC and ZCAPs perspective is inadequate. As an SSI community we need to address the separation of concerns between authentication, authorization, and audit as equally important and needing a harmonized best-practice perspective. Standardized EDVs are table stakes but not terribly relevant to the protocols that link authentication, authorization, and audit. Confidential Storage should be adopting the protocols that connect authentication, authorization, and audit rather than introducing protocols narrowly scoped to the narrow and obvious role of encryption at rest. I've put together a few slides in an attempt to clarify the relationship between non-repudiable accountability and audits (and EDVs). https://docs.google.com/presentation/d/1ksKal62ZiApX09Nejm4RSqHzHJbgwpu_l2Ho64_ePKU/edit#slide=id.p
- Adrian follows up with some explanation of the slides
Considering risk mitigation, based on SSI principles, there are four separate actors:
- Resource Owner (RO) their user agent (mobile wallet), and cloud agent (AS)
- Service Provider (SP), by definition has data in the clear
- Requesting Party (RQ) and their user agent (mobile wallet)
- Requesting Client (RC), by definition has data in the clear
-
Digital Identity Isn’t Only For People David Birch, Forbes
fintechs and regtechs looking for opportunities in the digital identity space should cast their ideas net pretty wide. Digital identities are not only for people and the future desperately needs digital identities for pretty much everything to underpin recognition, relationships and reputation (the 3Rs of the online economy).
-
Why self-sovereign identity will get adopted (and it’s not the reason you probably want) Tuesday Night
In the payment card world, there are clear guidelines on personal liability. $50 if you use credit and up to $500 for debit depending on when you report the issue. Based on that, different people choose to use different “systems.”
However, no such guidelines exist for the use of identity information (e.g. attributes.)
- ID Verification Threats On the Horizon Liminal Podcasts
Cognito's CEO Alain Meier joins the State of Identity host Cameron D’Ambrosi to dive into why industries beyond financial services are now in the market for identity verification. They also unpack the impact of synthetic identity fraud across verticals, and how platforms find the balance when building their onboarding processes.
and people asking questions about whether SSI could slove this use case - Yes.
If there was a trust framework for police departments and a DID registry for them - the police departments could issue VCs to their officers.
If you want to se how hard this was/would have been to achieve in earlier technology stacks take a look at conceptual outlines from this NSTIC (National Strategies for Trusted Identities in Cyberspace) developing a trust framework for law enforcement federations done by the Georgia Technology Reserach Institute and the results/learnings.
- Trusted Timestamping Part 1: Scenarios Nunnaphat Songmanee, Finema
Evidentiary value is an essential component of important transactions. When a transaction is recorded in a printed document, one way to impart evidentiary value is by including date and time
- Survey: How Do You Use Your Identity at Work? FindBiometrics
The COVID-19 pandemic rapidly shifted the way we work, coinciding with digital transformation trends that depend on strong identity assurance. Hybrid workplaces are more common, as is completely remote work
Dignified Identities for Cash assistance project. The first phase was implemented by KRCS to meet the needs of the vulnerable populations without official IDs
LONDON, United Kingdom – In the largest update of protocol coverage in Coinfirm’s history, the firm has added support for 840,361 new tokens to the AML Platform, offering total digital asset coverage of 17 blockchains. Now, the company’s industry-recognized blockchain agnostic AML Platform supports ~846 thousand cryptocurrencies and tokens.
AERGO is proud to announce the launch of the AERGO Venture Fund: a fund dedicated to dApp development! “Start Together, Scale Together” is a fundamental ethos of the AERGO hybrid blockchain ecosystem.
I had a stab at why Cardspace failed, in “Identities Evolve: Why Federated Identity is Easier Said than Done
Why does digital identity turn out to be such a hard problem? People are social animals with deep seated intuitions and conventions around identity, but exercising our identities online has been hugely problematic.
IGNOU (Indira Gandhi National Open University) had their convocation today and they issued more than 60000 degrees and certificates as Self-Sovereign Identity document (Cryptographically verifiable Credential) on National Blockchain Project and CRUBN's SSI blockchain.
- Self-Sovereign Identity as a Service: Architecture in Practice Yepeng Ding, Hiroyuki Sato, University of Tokyo
We propose a practical architecture by elaborating the service concept, SSI, and DLT to implement SSIaaS platforms and SSI services. Besides, we present an architecture for constructing and customizing SSI services with a set of architectural patterns and provide corresponding evaluations. Furthermore, we demonstrate the feasibility of our proposed architecture in practice with Selfid, an SSIaaS platform based on our proposed architecture.
Ontario (a province in Canada) just had an election last week and Darrell thinks: Digital ID Can Increase Voter Participation
I’m not an expert on the election process, and this is just my opinion. I’ve been lazy in past elections, and I’d be lying if I said I’ve voted in every one. As a citizen, I believe ease and accessibility have a lot to do with it.
Solution: Election Integrity & Expanded Voter Access w/ blockchain voting & Self Sovereign Identity https://tiktok.com/t/ZTdvvX1uy/
while SSI principles incorporate similar notions to the provisions and principles in the GDPR, closer analysis shows that they might have different meanings.
1/ Can QUIC use DIDComm as a Handshake protocol instead TLS1.3? The spec provides enough abstraction for the session handling, and most crypto operations are the same. The main difference is the trust architecture and model: certificate chain vs DID Documents.
-
SSI Essentials: 35 use cases of decentralized identities that will make your life easier
-
The Importance of Verifiable Credentials to Training Providers Credivera
Great report!
Digital badges or PDF credentials lack proof of being authentic and current, and can be easily reproduced or falsified, impacting both the individual and the reputation of the training provider.
- Transferable Accounts Putting Passengers at Risk Phil Windley
The non-transferability of verifiable credential is one of their super powers. This post examines how that super power can be used to reduce fraud and increase safety in a hired car platform.
- Identity is the sum of a lot of individual parts that, when pieced together, paint a comprehensive and multi-layered picture of who someone truly is
- Zaisan’s my.D platform leverages blockchain technology to provide a comprehensive digital identity management solution
- My.D enables a cost-effective and efficient management solution for an individual’s digital credentials
Discussed the approach and the implementation challenges of drone pilot credentialing for air safety using verifiable credentials at the July 21, 2022 Ecosystem Foundry Working Group of the Trust Over IP Foundation.
-
How Blockchain Technology and Self-Sovereign Identity Enables the New Normal of Remote Learning, Training and Working Md Sabbir Hossain
-
An autonomous reputation system reb00ted
we need to figure out how to give more power to “better” actors within a given community or context, and disempower or keep out the detractors and direct opponents. All without putting a centralized authority in place.
- It’s time for digital self-sovereign identity GCN
the implementation of granular security measures to protect that data creates trusted networks between governments and the citizens they serve. Everyone wins.
Energy Systems
New features include credential revocation and expiration, full support for role-authorised issuance, credential issuance based on email verification and asset administration as well as better alignment with the W3C’s Verifiable Credential Standards.
- War Against the Robots – Pick your Side with SelfKey & Metaproof Platform SelfKey Foundation
Trying to ban or sideline bots is not a solution. The solution is to distinguish bots from humans so that humans can do human stuff and bots can do bot stuff.
- OpenEarth partners with BCGov to develop a digital trust marketplace for climate accounting OpenEarth Foundation
OpenEarth Foundation partnered with the Mines Digital Trust initiative to allow BC companies to also share their greenhouse gas (GHG) emissions credentials to the OpenClimate platform so that they can be integrated into BC’s subnational climate inventory and showcased to interested purchasers and civic society
This article explains how verifiable credentials can be used to benefit event organizers and visitors alike based on a practical usage of the Lissi team.
- Orie Steele @OR13b via Twitter
The Content Authenticity Initiative one of Orie’s favoriate Use-cases for VCS
Yes, verifiable authentic human content is important. I also think cryptography can provide better transparency for synthetic content. It's one of my favorite applications of W3C Verifiable Credentials.
-
Credivera @crediveratech via Twitter
We Credivera are Having fun at the #NSCExpo
This partnership will enable the use of Blockchain and Self-Sovereign Identity technologies such as verifiable credentials to enable the support of diplomas and professional certifications in compliance with personal data in a decentralized environment (#web3).
- HUMBL @HUMBLPay via Twitter (ANN
using verifiable credentials in their wallet.
#HUMBL x GF2GO - San Diego, CA - Pilot Program: New search engine, mobile wallet, verifiable credentials and delivery technologies.
- EricTang.eth Twitter
Tweet of the week (emphasis ours)
Self sovereign online identity is going to be a CRITICAL tool for everyone on the internet. Without it, we will lose trust of any content on the internet due to AI advancement in the next 12-24 months.
This one of the most urgent issues in our society today.
Most Refugees and IDPs did not have the time to properly prepare by gathering all their important documents such as passports, identity cards, driver’s licenses, and land titles or rental agreements. Fleeing your home may save your life, but fleeing without identity documents can lead to a very long wait – sometimes a decade or more – before your life is stable again.
-
Creating trust in assertions, claims and the authenticity of the original content LICCIUM
-
Coming soon — a resume-validating blockchain network for job seeker Computer World
“Verifying applicant career records can take days, weeks, if not months, to complete," said Dror Gurevich, founder and CEO of the Velocity Network Foundation. "Hiring methods are severely outdated to the point that one in three Americans have admitted to lying on their resumes, which slows the hiring process immensely.