decentralized-id.github.io/unsorted/educational-resources/explainer.md
⧉ infominer ce2ecefd8c rename
2023-06-06 09:23:21 +05:30

111 KiB
Raw Blame History

published
false

Explainer

our latest series examining the evolution of digital identity, and how self-sovereign identity, specifically, can advance a consent-based economy.

  • The Architecture of Identity Systems by Phil Windley

    I recently read a paper from Sam Smith, Key Event Receipt Infrastructure, that provided inspiration for a way to think about and classify identity systems. In particular his terminology was helpful to me. This blog post uses terminology and ideas from Sam's paper to classify and analyze three different identity system architectures. I hope it provides a useful model for thinking about identity online.

  • The SSO Practitioners Introduction to Decentralized Identity Written for IAM professionals familiar with federations.

    In most self-sovereign and decentralized identity systems the trust model is fundamentally unidirectional, where a verifier will trust the issuer, but the issuer may have no knowledge of the verifier.

  • Relationships and Identity, We build digital identity systems to create and manage relationships—not identities.
  • The Architecture of Identity Systems

    We can broadly classify identity systems into one of three types based on their architectures and primary root of trust:

    • Administrative
    • Algorithmic
    • Autonomic
  • Authentic Digital Relationships,

    Self-sovereign identity, supported by a heterarchical identity metasystem, creates a firm foundation for rich digital relationships that allow people to be digitally embodied so they can act online as autonomous agents.

  • Do we really need (or want) the State to provide us with digital identification?

    Just as the State still manages our “analog” identities, the online giants have vast power to manage the online data and identity of their users. Internet users are now both consumer and product: by using free online services, users feed companies with data, which those companies in turn process and monetize.

  • How Decentralized Identifiers Will Shape the Future of Identity HackerNoon

    Hackers value personal information the most. 96% of hacking groups primary motive is intelligence gathering. Researchers at privacy website PrivacyAffairs.com found that you can obtain a person's full identity for the low price of $1,275.

  • Self Sovereign Identity — explained Micha Roon

    It would be great indeed if digital interactions became even more trustworthy without the need to present our data on a silver platter to large Internet corporations

  • Self-Sovereign vs Administrative Identity Doc Searls 2012

    The problem Im trying to surface here is that we need full respect for self-sovereign identities, and identifiers, before we can solve the problem of highly fractured and incompatible administrative identifiers — a problem that has only become worse with the growth of the Web, where by design we are always the submissive and dependent party: calves to administrative cows.

  • @lissi_id and the three-sided credentials market

    When a user holds his:her own credentials locally on the phone, it creates a three-sided market, which puts the holder of the credential in the position of a carrier between issuer and verifiers.

Why portable security is the sleeper — but killer — feature for SSI

whats cool about DIDs (besides their self-service creation) is that their metadata is cryptographically verifiable. That means that anyone in the world can tell whether the metadata is legit, in the blink of an eye, just by asking software to check some math. And it also means that you can build a transport-independent, tamper-proof, encrypted communication channel with whoever controls a DID.

  • Identity Credential and Personal Data Ownership Perspectives Research from OIX

    Many global organisations are using their citizens identity and their other personally identifiable information (PII) to help combat the global Covid-19 crisis  […] reignited the debate around protecting public safety vs protecting privacy:  how to combat the contagious threat whilst preserving citizens digital identity, security and anonymity?

  • The Mental Models of Identity Enabled by SSI Adrian Doerk The Models: Space Time • Presentation • Attribute • Relationship • Capability
  • Adrian Doerk writes

    The post details 5 components necessary for the advance of SSI: Business, Technology, User Experience, Compliance, and Governance.

  • Why is SSI becoming a necessity and what potential it holds?

    Problem 1: CENTRAL AUTHORITY CONTROLS ALL DATA
    Problem 2: NUMEROUS SIGNUPS WITH SAME DATA
    Problem 3: INCONVENIENCE OF ONLINE FORMS

  • The Implications of Bring Your Own Identity Identity Defined Security Alliance

    My short stint as “Mark Jannell" taught me a lot of about trust and ease of use in a bring your own identity model. Trust, as always in security, is essential to this new class of relationships and must be established and then protected from abuse. Ease of use, it turns out, is a key factor in protecting that trust and promoting the adoption of good identity patterns. Im sure that I could have learned these lessons in some other way, but Ill never forget my half year answering to a pseudonym.

  • Blockchain is the Least Interesting Thing About Self-sovereign Identity Riley Huges

    as useful as blockchain is for SSI, its nowhere near as interesting as:

    • The impact on the internet
    • The benefits of technical standards
    • The economic opportunity for early innovators
  • Decentralized identity discussed: An INATBA roundtable round-up

We pointed to this before it happened. It was great. Here is a round up from Jolocom. It is highly recommended.

The paper Decentralised Identity: Whats at Stake?. Answering the papers core question of whats at stake, it gives three essential scenarios:

  1. Ideal full convergence of SSI technology with interoperability by default.
  2. Functional partial convergence resulting in detached ecosystems.
  3. Dysfunctional no convergence and isolated, locked-in ecosystems.
  • Who Controls Your Digital Identity? SAP

    SSI will have to be integrated with large existing business processes and therefore enterprise systems such as ERPs, HCMs, or SCMs to name a few. If this integration results in SSI being as easy to use as clicking a button or selecting a menu item, it will lead to rapid uptake and acceptance.

  • The 5Ps of a Self-Sovereign Identity

    A self-sovereign identity can be defined by the 5Ps as it is personal (it is about you), portable (meaning you can take your identity and data from one platform to another), private (you control your identity and data), persistent (it does not change without your consent) and protected (they cannot steal your identity).

  • Benefits of SSI and Blockchain in Digital Identity

    The needs and experiences of citizens are established with how digital identity networks should preserve the freedoms and rights of users over the needs of the network. Transparency is explicitly mentioned as part of SSI, and it places a high emphasis on the importance of the publics trust.

    As we look to the future of digital identity, SSI principles with blockchain have already proven to be successful by bringing together stakeholders to create a mutually beneficial network.

  • Digital identities steps on the path to an ID ecosystem Bankenverband

    This article is very very good in articulating the big picture of how SSI systems relative to older system and emerging fragmetned systems.

An answer to these challenges is an ecosystem in which digital identity data can be exchanged in a way that is secure, reliable, scalable and convenient. This will have a positive impact on the economic future of Germany and Europe while at the same time enhancing the private sphere of the individual.

  • Getting Started with Self Sovereign Identity SSI

    The blog is my getting started with Self Sovereign identity. I plan to explore developing solutions using Self Sovereign Identities, the different services and evaluate some of the user cases in the next couple of blogs.

  • Introduction to Self-Sovereign Identity Jakubkoci

    In this article, I will do my best to explain self-sovereign identity from the end-user perspective, without any technicalities.

  • Self Sovereign Identity Systems - The Passion Pad

    We should have the right to manage our identity, free of any country or the place where we live. By giving this right to the government or any central authority, we give them much more power. Separating data rights from the actual data is important. User should have the right to decide who should have the access to his/her data.

  • The Principles of User Sovereignty and

  • Why Distributed Ledger Technology (DLT) for Identity?

    So why DLT? First, we can get the good parts of paper credentials—private transactions between holders and verifiers and no callback to the issuer. Second, the issuer gets a trusted, open and transparent way to publish the cryptographic material needed for those private holder-verifier transactions. Third, there is no need to have a “Trusted Third Party” participating in the interactions.

    And did I mention, no private data goes on the DLT!!!

  • Community Credentials Resonate

    Verifiable Credentials are a new web standard for proving things digitally, thanks to some clever cryptography.  We are building Community Credentials to be the Know Your Co-operator equivalent of KYC (Know Your Customer for business) for co-op social trust, all without reliance on centralised providers (or blockchains).

  • Digital Identity and Blockchain Its Place in Newer Identity Models

    In the first part of this series, we introduced the idea that traditional PKI-based digital identity solutions can potentially benefit from blockchain technology. [...] For this next part of the series, well touch on the relatively new idea of self-sovereign identity, or SSI.

  • Distributed, Decentralized, Self-Sovereign Identity Condatis

    With DID already being implemented, this new and exciting technology is due to shake up the digital identity space. We expect decentralized identity to continue making headway, with more and more sectors and businesses adopting the technology.

  • Self-Sovereign ID (SSI), The Unhackable Digital ID: What It Is and How It Works

    • The Siloed Model • The organization owns the member information, not the member.
    • The Federated Model • The identity providers (IDP) owns the member data, not the member.
    • The Best Model: SSI • The members own their own data!
  • Legitimacy and Decentralized Systems Windley

    Why are some decentralized systems accepted and widely used while others wither? Why do some “hard forks” succeed while others fail? It all comes down to legitimacy.

  • Gravity Glossary

    Our Gravity Glossary offers basic definitions to help you untangle the confusing technical jargon behind decentralized identity and blockchain.

  • 101 Session: Self Sovereign & Decentralized Identity by Karyl Fowler and Juan Caballero

Links:

Identifiers, DID, ion

  • Decentralization of did:ion if anchoring transactions are batched by an operator: its possible to choose the operator or to incur the cost of anchoring the transactions. Furthermore, the operator doesnt gain access to the private key.
  • ION delivers: massive scale, cost efficiency (despite running on the bitcoin network - best case if bitcoin a transaction costs 100 USD one action costs 1 cent), decentralized & flexible, decentralized registries
  • ION has a type system so that DIDs can be used, e.g. for software packages, vehicles, … This makes it possible to make the centralized data repositories that we rely on today, npm registries etc., to be fully decentralized. This is a Sidetree feature that is currently only used by ION.
  • DIF is currently working on personal data stores. Expected impact on private messaging, social media, gig services, ..
  • ION is live and in production today
  • Ion-tools is a selection of tools to interact with the ION network: https://github.com/decentralized-identity/ion-tools
  • Resilience of ION: Its pointed out that not only Bitcoin needs to survive attacks but also the IPFS network as both are required for ION to work properly. With Bitcoin it looks unlikely that its currently possible to reverse transactions on the network. However, with IPFS data can be unpinned and potentially disappear from the network.

My Research Question and Goals

As today a revocation method based on accumulators is not implemented on a large scale identity system. The overall question is:

“How can current accumulator schemes support revocation of verifiable credentials for large scale production systems regarding performance, usability and privacy?”

Ning Hu, CTO of Ontology, spoke at a panel titled “The State of Decentralized Identity Solutions” in association with The Block, [...] accompanied by experts in the field of digital identity, Daniel Buchner, Senior PM of Decentralized Identity at Microsoft, and Tobias Fox, Co-founder of Serto. The discussion delved into how digital identity applies to everything from financial services to upskilling workforces, and how blockchain infrastructure can be utilized to lay the trust framework for decentralized identity solutions.

Dr. Andre Kudra of esatus.com discusses SSI, or Self-Sovereign Identity. It's a hot and fast-moving topic with a growing base of hackers, companies, nonprofits, and whole states, provinces and countries. Aaron Newcomb and Doc Searls probe Andre for lots of great intelligence about how SSI puts individuals in full charge of how they present minimized ID credentials safely, and inside a whole new framework. They also talk with Andre about his involvement with the demoscene and retro computing, which are especially huge in Europe. It's a great discussion on this episode of FLOSS Weekly.

OmniOne comes from the willingness to help transition from a service-centric identity to the self-sovereign identity paradigm, empowering anyone to control their identity in a highly secure manner while providing mutual benefits to the participants of its ecosystem.

"A silent war is ongoing between users and companies over the control of data."

1 Privacy or convenience is a question

2 SSI is the answer to this question

In chaotic systems such as those that the discipline of physics seeks to describe, there is also the concept of the “self-organizing principle,” which dictates a tendency for chaotic systems to organize themselves. While this might be a tendency in physics, organization usually needs a nudge in the right direction in the identity world. Proper attention to requirements and a good change control process are a crucial part of the equation.

your digital identity represents you as a unique real-life person in a secure digital format. In fact, we likely have many different virtual identities across a spectrum of platforms and services.

An issuer makes claims or assertions about a user. These claims are bundled together into verifiable credentials and given to the user, who stores them in their digital wallet. From there, they can decide which verifiers they want to present these credentials to.

Identification: Who are you?

Authentication: Is it you again?

Authorization: What rights do I want to grant you?

  • Beyond basics: Expert Q&A about SSI with Dr. Milly Perry and Martin Schäffner

    In May, Dr. Milly Perry, blockchain expert and former research director at the Open University of Israel, had invited Martin Schäffner, the initiator of the SSI Working Group at the European Blockchain Association, to speak at a webinar of the Israeli Chamber of Information Technology (You can find the recording here). His introduction to Self-Sovereign Identity (SSI) was met with great interest and sparked many questions from the audience. But why only take questions from the audience? We asked both experts, which questions they would like to know their peers thoughts about. Here is their exchange about Verifiable Credentials, biometrics, pitfalls and barriers, NFTs, the role of governments and the thing that could make SSI obsolete.

  • What Is Zero Trust? Ping
  1. The network is always assumed to be hostile.
  2. External and internal threats exist on the network at all times.
  3. Network locality is not sufficient for deciding trust in a network.
  4. Every device, user and network flow is authenticated and authorized.
  5. Policies must be dynamic and calculated from as many sources of data as possible.

The customer becomes the integration point. The customer is the API. Rather than having one huge, expensive, and probably illegal data hub, every customer becomes a data hub in their own right. They provide the data needed, just-in-time, under their control.

The EBC team had an insightful conversation with Ivan Basart, CTO at Validated ID, on how Self-Sovereign Identity technology is the ultimate solution to identity problems on the web.

DID does not require analog objects to become digitized, and it does not need expensive sensors or hi-tech tags to work correctly. Instead, it offers an affordable, reliable and versatile way to take offline items out of the digital blindspot.

In this May 2019 blog post, the benefits (The good) of SSI are illustrated with a range of examples, comparing SSI-based business transactions to their current non-SSI-based equivalents and thus more cumbersome.

In addition, examples are given of the disadvantages (The bad); how SSI technology can be misused by unscrupulous organizations and how a combination of technology, knowledge and legislation could mitigate this risk.

Finally, we give examples of the harmful side (The ugly); how SSI technology can be used by criminals and what countermeasures are possible.

The reason why we have seen less uptake in SSI solutions is because the people behind these solutions fail to recognise the design principles that will be most important to its success. Instead, we see people focusing on technological nirvanas like blockchain or an over-emphasis on governance.

What are the common/known strategies for bootstrapping a VDR-based decentralized credential/object platform? …asked naively on purpose. Strategies for placing the first/initial DIDs in the VDR?  …presumably purposed to be the initial Issuer(s) of verifiable

If the internet decentralized information and crypto decentralized money and payments, then verifiable credentials will decentralize identity. In this episode, we chat with Dev Bharel, the software architect leading the charge around verifiable credentials at GlobaliD.

This article explores the current state of our online identities, wherein our personal identity is siloed and held by third parties on various servers - and is therefore more vulnerable to cyberattacks. Corporations such as Google offer the ability to use your account with them to access other sites, but this comes with problems of its own:

This blog presents a plethora of benefits of SSI technology to citizens, consumers, business, organisations and government. It also sketches potential abuse of the technology. None of these benefits and threats have already emerged, as SSI technology, its associated business models and its governance frameworks are still developing.

For the opening episode of Identikit Sequent X, Michelle Dennedy welcomes Kaliya Young, also known as The Identity Woman, to Smarter Markets for our latest series examining the evolution of digital identity, and how self-sovereign identity, specifically, can advance a consent-based economy.

it gives complete control and ownership of data to the individual entities as they can decide what data to share and with whom.

Beyond this encompassing vision, lets drill down into the specifics to understand what you can and cant do with SSI.

In order to better understand the benefits and drawbacks of such a verification system, we have to look at the future and work backward to make the right decisions today.

Based on the emergence and critical features of valuable integration of Blockchain and Digital Identity Management, many critical approaches or use-cases could be raised to enhance the decentralisation feature with user identity control. Based on the validation mentioned above, TRST01, through its QR enabled Blockchain technology, has the ability and typical architecture for live integrations and implementations.

Verifiable credentials, DIDs, and blockchain are evidence of what's to come: Web3, a more secure, widespread, machine-to-machine internet.

The evolution of the Principles of SSI came about through the need to differentiate what is true SSI versus marketing forces twisting the concept. This market driven motivator can bring cultish overtones to the process.

Digital trust is often centralised, with select, well-known entities providing an anchor of trust that is propagated to everyone else; you are using this mechanism as you read this paragraph, having accessed a https: URL to find this article on your trusted platform, Medium.

Fluid multi-pseudonymity perfectly describes the way we live our lives and the reality that identity systems must realize if we are to live authentically in the digital sphere.

Enabled by recent advances in the realm of cryptography, mobile devices and decentralized identity standards we can now put citizens firmly in control of their digital identities while ensuring the level of trust needed to unlock the full potential of a digital society.

Authentication and authorization are both processes that fall under the category of identity and access management (IAM), but they serve different purposes.

whats the purpose of SSI? Its about enabling Digital Trust (which is quickly becoming an integral part of digital transformation for organizations).

How do we prove we are who we say we are? In an identity context, blockchains permit people to prove things about themselves using decentralized, verifiable credentials without revealing the actual data.

One of the most important steps going forward will be to continue working with the Digital Identity subcommittee in the Wyoming legislature. However, Id also welcome discussions with other states and nations, to ensure that we have great definitions of digital identity that support self-sovereign identity everywhere.

Identity finds its way into everything—even toothbrushes. Careful planning can overcome privacy concerns to yield real benefits to businesses and customers alike.

Heres an easy-to-understand analogy to help your non-technical friends and customers understand public keys and private keys, and how they relate to cryptography and digital signatures.

SSI supports credential leveling, including:

  • Authentication Assurance Levels (AAL) 1, 2 & 3
  • Biometrics to protect your data
  • Affirmation/Metadata

SSI credentials can be used:

  • In person or online
  • For government, financial, or high trust applications (document verification markets)
  • For asset ownership, decentralized finance (DeFi), and crypto markets

In a nutshell, Self-Sovereign Identity allows individuals to manage their own identities by moving physical credentials to digital devices. An individual will receive a credential from an issuer which will be stored in their digital wallet.

Greg is a serial entrepreneur who is probably best known for founding and taking public Dispatch Management Services Corp, the worlds largest on demand dispatch network for urgent deliveries. In a highly interesting career so far, Greg was also Chief Risk Officer at Ripple Labs and a senior analyst for the Board of Governors of the Federal Reserve in Washington. In his latest venture Global ID, Greg is acting on his long-held belief that peoples identity should be truly portable and owned by individuals themselves rather than corporations or governments.

I based my findings after implementing and testing solutions and wallets with the following SSI solution providers:

On October 4, 2021, Facebook, along with WhatsApp and Instagram, disappeared from the internet.

Their DNS names stopped resolving, and their infrastructure IPs were offline. They were completely disconnected from the internet. At the same time, it was reported that 1.5 billion people allegedly had their personal data stolen from Facebook and posted for sale.

lessons I took away from asking tech identity experts Andrew Baker (Head of EC2 Engineering at AWS), our mystery guest and Marius Mare, to why we need self-sovereign identity and why it has such profound implications.

despite the technological revolution we are living through, identity management is still as objectionable as ever, which is allowing criminals and companies (particularly the social media giants) to know more about you than can ever be justifiable.

In this discussion I ask Andrew Baker, AWS's Head of EC2 Engineering and a surprise guest, to share their views on whether Self Sovereign Identity management could be the solution and how likely it is

Identification is key to our success. It determines the jobs we get, the money we make, how we can manage our health, and more. The fact of the matter is that 3.4 billion people have access to legally recognized identification but still have difficulty using that identification online.

Token-based identity systems move us from talking about who, to thinking about what, so that people can operationalize their digital lives. Token-based identity systems support complex online interactions that are flexible, ad hoc, and cross-domain.

This session features a presentation by Wayne Chang who introduces Self-Sovereign Identity and Storage.

In this talk, Wayne reviews the results of support with Tezos addresses, use cases that have been deployed, Tezos DID methods and Tezos profiles. Wayne also gives an overview of the Trail of Bits audit.

A particularly useful aspect of the Verifiable Credentials standard is that the parties undertake the specific roles of Issuer, Holder or Verifier, but they are not constrained in how many roles, or when, they can employ them. Each party can be a device, a person or an institution, meaning that verifications can take place directly between automated systems, even verifying that each other is genuine before establishing a connection to share data

Due to the ID-Wallet project in Germany, some articles and comments have equated Self Sovereign Identity (SSI) with blockchain technology in the last few weeks. The impression is given that SSI only works in conjunction with a blockchain. Spoiler, thats not the case.

Self-sovereign identity is the marriage of real identity with the digital world that will ultimately make peoples lives better.² Its still in its infancy, and there is a long road ahead to truly make digital identity as legitimate and nuanced as a real-world identity.

Apart from addressing the pitfalls in conventional identity management systems, SSI allows better functionalities for all users. With a wide range of benefits and the self-sovereign identity blockchain applications, it is important to take a step towards adopting SSI solutions.

This problem was first explored by MIT researchers Shafi Goldwasser, Silvio Micali and Charles Rackoff in the 1980s as a way of combatting information leakage. The goal is to reduce the amount of extra information the verifier, Victor, can learn about the prover, Peggy.

Listen to this episode for an entertaining deep dive into the topic of badges and credentials, as Donald Taylor sits down with Dr. Doug Belshaw to discuss the importance, various fields of application

The public keys of the user and the third-party organization for verifying the digital signature are recorded in a distributed ledger, and the user of the identity information verifies the provided information using them. In this way, users can control their own identity information without relying on a specific central administrator.

In 2021, the average cost of a data breach reached an all-time high of $4.24 million, even though businesses are already spending millions more to combat financial crime and meet their regulatory and compliance responsibilities.

By moving identity to effectively require just a digital device and some sort of connection to the internet, the barriers to these interactions are more easily bridged. Both access to a digital device and availability of an internet connection are increasing, even in new or emerging economies.

Kaliya talking with a colleague from way back Bill Johnston.

On this episode of the Cohere podcast, Kaliya joins Bill to discuss the history of online identity, what events led us to the consolidation of identity into a few centralized platforms, and what steps we need to take to recover and protect our online identities.

Through deceptive marketing practices the first-movers in the Digital ID market have done-away with the sovereignty. As a result a burgeoning new industry is experiencing a Self-Sovereign Identity Crisis.

Solving the identity paradox: the tradeoff between privacy, security, & user experience

As weve moved more and more online, digital platforms and processes have failed to keep up. We cant trust them to collect, store or share our personal information safely. In fact, consumers information is frequently abused and misused without our knowledge or consent.

Which use cases does SSI have?

What is the disruptive potential of SSIs?

Which risks does the adoption of SSI pose?

What are the challenges and opportunities of SSI?

Where do the limitations of SSI lie?

How can SSI be incorporated into existing infrastructure?

Which steps need to be taken for the proliferation of SSI?

SSI has the power to change the world for the better by flipping the power dynamic surrounding digital identities and trust from large corporations and governments back to the individual. This technology empowers individuals and communities to take back control of both their personal data as well as of their digital assets and identities, and decide exactly how and when this information is to be used and shared. This session explores how SSI-based ecosystems are built and how this transition benefits both individuals and the wider global community.

the digital representation of the identification process we know from the physical world. Things like showing our drivers license to prove we are allowed to drive, or sending a bank statement to a real estate agent to prove our income and account balance.

Participants will walk away with an essential understanding of how SSI works, the pain points it solves for, the risks it mitigates, the use cases currently in deployment, and the opportunities that are created by being able to build Trusted Data Ecosystems (TDEs).

All of us have multiple identities at any point. We are sons, daughters, brothers, sisters, parents, partners, friends, colleagues, and more to different people.

Decentralized identity is an emerging concept becoming more popular for online consumers by eliminating the need to pass personal identifiable information (PII) to an ever-increasing number of companies. However, in practice, decentralized identity has only existed for a handful of years, and its potential is still being discovered. So how did we get here?

Self-sovereign identity (SSI) is a movement that claims digital identity should be just as legitimate and nuanced as a persons human identity, while being accessible to all, privacy-preserving, and not reliant on a single government or corporation.

  • Identity management is an iterative process with three core elements initial identification, authentication (re-identifying the individual) and verification (ensuring the individual is who they claim to be)
  • Enterprises employ a vast array of technologies to execute these processes which are growing in scope and complexity
  • Understanding why identity management is necessary to enterprises and how this creates opportunities for vendors

the metasystem guarantees the fidelity of the credential exchange. Credential fidelity comprises four important attributes. Credential exchange on the identity metasystem:

  1. Reveals the identifier of the issuer
  2. Ensures the credential was issued to the party presenting it
  3. Ensures the credential has not been tampered with
  4. Reveals whether or not the credential has been revoked

Connections, relationships, and third-party issued credentials are not entirely self-sovereign, nor should they be. #JolocomAdvent #AdventCalendar

Indicio's CEO, Heather Dahl, and CTO, Ken Ebert, identity wallets, verified credentials, the role of the Sovrin Foundation, and new momentum around interoperability across decentralized identity.

Web 3 has brought a new way to engage with websites, and dare I say, it is almost magical. No cookies, no username, no password, no sharing personal information. I can browse freely and pseudo-anonymously without having to worry about the cookies and terms I was forced to accept.

We are freeing ourselves from the management of “data hash” which leads to a centralization or complexification of verification procedures. This makes our solution new compared to traditional blockchain applications on the market.

Authority Does Not Require Centralized Power

As mentioned in my previous article, the trouble with centralization is that data is stored in a database. Once breached, a database can yield a treasure chest of information to be sold on the dark web.

Verifiable credentials and verifiable credential management technology offer a direct and secure channel between an organization and its stakeholders. Learn how they bring control over digital identity and build trust with organizations from health credentials to college degrees.

As S. Shakthi and I noted in a recent research paper, digital identity systems are widely seen as datafiers by virtue of their core property of reducing the person to machine-readable data. A datafier is a system that performs the crucial operation of converting the physical into digital. A different, contrasting view is also emerging in research: digital identity systems are increasingly seen as platforms, i.e. “technological building blocks” on which different types of complements can be constructed.

Turning identifying features into verified credentials

How exactly does this work? Lets look at the three roles of user, issuer and verifier. Firstly, users can have any number of attributes such as their credit rating, national identity document or driving licence certified by the entity responsible for each attribute.

Since we are experiencing massive boosts in our digital economy in the form of investment and innovation, being able to secure and "own" our PII is crucial. In an unprecedented time of hackable honey pots, we need to be able to protect our online and offline identities.

In case you missed it, learn about a new type of identification... Decentralized IDs (DID)

We talk use cases, benefits, DIDs vs NFTs, and what should and shouldnt go on a blockchain.

FANTASTIC NEW TALK!!!!

WE have a wikipedia article!

The SSI identity system gives you the ability to authenticate your own identity, using credentials you have been issued or information you can verify directly, which is stored in a digital wallet.

This self-sovereign capability of associating the artist, the collector and the art work itself with an identity — creates value for everyone. We did also share that the opportunity of secondary sale income / commission that could be attributed back to him as the original artists is also possible (albeit very complicated).

Back to the Schelling Point - communication requires a common language and understanding. As governments, banks, hospitals, etc. navigate how best to homogenize authenticating user identities in multiple contexts, solutions will depend on user adoption. Maximizing adoption requires avoiding a Schelling point by creating a shared, accessible, and evolving Decentralized Identity Lexicon.

In this video, we explain how third parties get to see a lot of personal information about you that they don't really need. Whether it is your local supermarket or your new job, you're often sharing a lot of data when all they really need is a very simple yes or no answer.

With this presentation we start the Self-Sovereign Identity journey for all Swiss people.

We look forward to exploring further relevant topics with you in the near future!

Authenticity allows parties to a conversation to know to whom they are talking. Confidentiality ensures that the content of the conversation is protected from others. These three create a tradespace because you can't achieve all three at the same time.

Verifiable Credentials, its infrastructure (European Blockchain Services Infrastructure, EBSI), and the vast opportunities that it currently provides, through a users journey (“Evas trip”).

Consumers will benefit in instances such as loan processing (with accompanying credit check verification) or when establishing a new bank account or a new internet contract (with identity and residency manual verification).

Service providers may benefit, as they will be able to minimize fraudulent account creation and simultaneously protect both parties from phishing attacks.

On the @IAlsoPodcast, partner Charlyn Ho discusses w/hosts @nicolekyle and @SophieWHolm #digitalidentity, how #blockchain empowers users to take control of their data, #privacy under #Web2 vs. #Web3, and more. Tune in 🎧: https://apple.co/3IvGVjr. #womenintech #ialsowantmoney

Web 3.0 presents a promise to address the above issues with Identity. The term Web 3.0 refers to a decentralized internet that uses crypto tokens. Decentralization is at the heart of Web 3.0 which has the potential to democratize technology and put the users in control of their data.

Any feedback would be greatly appreciated. Thank you

Self-sovereign identity Definition <-its quite good

Self-sovereign identity (SSI) is rooted in the belief that individuals have the right to an identity independent of reliance on a third-party identity provider, such as the state or any other central authority. Its implementation requires the development of technical standards, as well as socio-political adaptations rooted in legal amendments in order to be successful.

When it comes to authentication, passwords were once the safest and most used methods of authentication

Decentralized digital identities are only possible due to cryptography. One of the cornerstones is asymmetric encryption. A key pair is generated using a cryptographic process. The pair consists of a public and a private key. As the names suggest, the private key must remain private and the public key can be shared.

In this short article, we investigate three different approaches to how SSI concepts map on the blockchain infrastructure.

  • [...]

The third approach is, in a way, derived from the previous one, and is the one pursued by uPort/Serto: the blockchain has one single registry that tracks down just the revocation of credentials,

The Zero Trust model is the belief that no one should be trusted from inside or outside your network, until their identity has been verified. Zero trust refers to the alignment of maturing identity practices, an established understanding of user behaviors, and the application of least-privilege access security policy decisions to trust boundOaries

Multi-factor authentication takes it step further by requiring users to provide proof from two or more authentication factors (categories) before access is granted.

The article goes through some of the challenges we face when using or implementing identity, authentication and authorization solutions using self sovereign identity. I based my findings after implementing and testing solutions and wallets with the following SSI solution providers: Trinsic MATTR.global Evernym Azure Active Directory Verifiable Credentials Different Wallets like Lissi SSI

When organizations employ authentication factors and protocols in a well-thought-out manner, users can still have excellent experiences while security administrators and auditors know operations are being executed securely. As we have seen, there are a number of ways to provide these services in any organization.

"Lets use a token to secure this API call. Should I use the ID token or the access token? 🤔 The ID token looks nicer to me. After all, if I know who the user is, I can make better authorization decisions, right?"

Fraunhofer Institute for Applied Information Technology FIT, Project Group Business & Information Systems Engineering

The relationship between the issuers, holders, and verifiers is called the trust triangle simply because you need an element of trust among these entities for them to work together.

We hope this will get you thinking about enabling SSI using an option that best suits your application or business requirement.

This paper shows that federated identity is really a radical and deeply problematic departure from the way we do routine business. Federation undoes and complicates long standing business arrangements, exposing customers and service providers alike to new risks that existing contracts are unable to deal with. Identity federations tend to overlook that identities are proxies for relationships we have in different contexts. Business relationships dont easily “interoperate."

they offer a few advantages that we dont get with paper records. Whereas a physical document (lets say, a vaccine card) can be forged and passed off as authentic, the security mechanisms behind a verifiable credential means that it can never be tampered with and that anyone shown the credential will be able to immediately verify who issued it and to whom it was issued.

In the context of SSI, selective disclosure is best implemented through verifiable credentials where the user has separate credentials for each piece of information such as his/her date of birth, full name, vaccination details, address, passport number, etc.

Rather than trying to paste everything and everyone together, the path forward to help build trusted ecosystems relies on interoperability and leveraging existing assets while positioning the user in a disintermediated model of control and agency — possible with FPX and verifiable credentials.

Sebastian Gebski's Reviews > Self-Sovereign Identity: Decentralized Digital Identity and Verifiable Credentials by Alex Preukschat, Drummond Reed

highly recommended. I strongly believe that the concept of SSI will be extremely important in the future - that's actually one of the few implementations on the blockchain that make a lot of sense.

Meanwhile, digital platforms have replaced markets as the locus of private wealth extraction. For the first time in history, almost everyone produces for free the capital stock of large corporations. That is what it means to upload stuff on Facebook or move around while linked to Google Maps…. But while capitalism may end with a whimper, the bang may soon follow. If those on the receiving end of techno-feudal exploitation and mind-numbing inequality find a collective voice, it is bound to be very loud.

Theres a lot of “magic” happening under the hood of how software 2FA works. Today, were going to peel back the curtains and see how it works, how the codes are generated, what it protects and doesnt protect from.

long but good overview article.

Modex, one of the earliest players in the blockchain market, has utilized its trademark Blockchain Database (BCDB) solution to develop PatientDataChain, a working proof of concept that utilizes the unique characteristics of blockchain to create a patient-centric ecosystem that gives patients control and ownership of their medical records and identity.

Authentication is the process of proving that a user is who they claim to be to access system resources or features. Typically, this calls for some type of proof, whether that is a physical piece of information, a secret piece of information or some other immutable form of evidence.

In this context, self-sovereignty refers to the ability of the individual or the organization in control of the identity to share it and present it to other agencies with no intermediaries.

The implementation of the electronic signature was a major development in the development in management.

99% of our documents are digitally signed digitally and we have eliminated many face-to-face meetings.

Mobile First • Establish Framework of Trust • Smart City Access • Digital Economy • Financial and Social Inclusion • Enhanced Portability

X.509 certificates have been around for 40 years and have proven to be a trustworthy means of exchanging data. So, what are the differences between X.509 ceritificates and SSI? And what are the advantages of each?

Representation • Interoperability • Decentralization • Control & Agency • Participation • Equity and Inclusion • Usability, Accessibility, and Consistency • Portability • Security • Verifiability and Authenticity • Privacy and Minimal Disclosure • Transparency

By using Decentralized Identifiers (DIDs) creating a unique identifier for each and every different relationship customers can seamlessly set up a new, highly secure, two-way channel with the business

Fittingly, some define wrath as “when anger is directed against an innocent person, and when it is unduly strong or long-lasting.” That feels right if you consider the real-life impacts of disabling someones digital identity without notice.

Apparently gluttony means “overconsumption to the point of waste.” Sadly that feels apt when it comes to customer data APIs.

Put simply, most organizations are unthinkingly collecting more data from customers, without understanding the true impact: the real costs to themselves, and to customers.

6: Breaking Down Silos with Open Ecosystems and True Data Portability

Every company providing a new digital identity solution believes that all the other digital identity options are not good enough, not secure enough, not fast enough. They believe they can do better.

Yet collaboration will be critical to making digital identity work properly at scale.

It all feels like data envy to me. Aristotle described envy as the pain at the sight of anothers good fortune, stirred by “those who have what we ought to have.” Precisely.

“Self-Sovereign Identity not only presents an opportunity for businesses to build smarter, more secure, and more scalable relationships with customers; but it will enable them to completely rethink how they build trusted digital relationships from the ground up.”

We expect Digital Transformation to be a more prevalent talking point around digital identity. FOMO can go a long way, to sell SII, for Goverments and Corporations striving to not be left behind in the digital age. This is excellent work, with lots of references, by Dr. Nuttawut Kongsuwan (Finema & QTFT), and Rachata Tosirisuk (Thailand Internet Exchange, Finema & QTFT).

What is the value of Self-Sovereign Identity (SSI) for organisations and citizens? What are the current initiatives and traction of SSI in South Africa? What are the economic benefits and the hurdles to SSI adoption in South Africa?

New major white paper by Phil Windley with the Blockchain Research Institute

the relationship view of identity, the nature of authentic digital relationships, the trust bases of identity systems, and the architecture of the identity metasystem, including decentralized identifier communication and the self-sovereign Internet. He then explores how to operationalize digital relationships and the potential of generative identities (e.g., verifiable credentials) and credential exchange. He concludes with a deep dive into self-sovereign identities in production: the UK National Health Service staff passport, Bonifiis MemberPass for credit unions, the International Air Transport Association Travel Pass, and others.

Similar actions conducted in person do not represent the same amount of risk. For example, if someone asks you to verify your identity, we show our ID or drivers license, and when you pay at the store, you provide your bank card. In this way, the control and the ownership of the data stays with you.

The adoption of verifiable credentials is another fundamental part of the SSI concept. Verifiable credentials use a digital signature for identity claims by combining public-key hashing cryptography and privacy-protection techniques to convert credentials like ID cards to digital versions.

10min Video Montage

Episode 4 explores the relationship between authentication and authorization, the rise of single sign-on platforms, and the advantages of and use cases for self-sovereign identity. Guests include Brian Behlendorf, Rainey Reitman, Danny O'Brien, Sarah Friend, Wendy Hanamura, Andrew Hill, and Brad Kam.

(the) Use Case

Great explainer - infominer

How does this change the world of cybersecurity protection? Typically, bad actors approach cybersecurity attacks by developing solutions that exploit the attack vectors of their target victims.

There are 4 attack vector categories to self-sovereign identity that map directly to each element: Issuer, Holder, Trust Registry and Verifier.

Identity Proofing

Join Frank Albanese (Snapbrillia), Lance Byrd (RootsID), Nick Mason (ProofSpace), Niels Kijf (Design Academy), Patrick Suzzi (F8 OSDE), Juan Sierra (HERG), Zoéys Welt, Brian Harper, Ashton Engberg, Ninh Tran (Snapbrillia) and many others as the community discusses the different what is SSI & Proof of Reputation and why it matters.

Presentation: https://bit.ly/3OmuIRx

how do we advocate for learner-centric badge systems? This is the piece that weve been thinking about the past couple of weeks.

Lets look at a few pointers that I believe make it hard for the web3 protocols to work for businesses and users in general

True decentralization in the digital world means that once verified, your PII is on your phone and under your control. The data doesnt live anywhere else.

  • The tools Kaliya and Lucy are developing to enable self-sovereign identities
  • Whether anonymity or pseudonymity is feasible while maintaining accountability
  • Wallet Wars: how might wallets evolve and consolidate across the public and private sector

Digital identity data is introduced as having a positive impact on Germanys future as well as Europes. Following, benefits of a decentralized identity based on a fully open infrastructure are given.

We have a widely accepted Standard Model of Identity, or architecture, in which Subjects, Identity Providers and Relying Parties (aka Holders, Issuers and Verifiers) hold, present, exchange, use and/or consume digital identities.

Commonly associated with blockchain and the Self-Sovereign Identity movement, Verifiable Credentials are in fact an old idea.  It is instructive to break down their essential properties and examine the pioneering examples.

we examine more closely whether self-sovereign identity can increase or reduce risks for data misuse in certain cases.

The only ones who will benefit from your digital ID are the Issuer (who gave you the credential), holder (you) and verifier (who youre sharing it with).

Relative to the Indian context

Professor Manindra Agrawal, Department of CSE, IIT Kanpur, explains how the self-sovereign identity system can ease issues like certification, verification and eliminate forgery of identity using blockchain technology.

this is a collaborative effort — one bigger than a single individual or organization — and the whole Web3 space should work together.

I reckon most cases of over-identification stem either from bad habits (e.g. RPs gathering circumstantial AuthN signals) or from Surveillance Capitalism. Either way, better deals for users will come from better design, not by weaponising Digital Identity (SSI, DIDs).

The value of verifiable credentials and the critical role they will play to our future digital identities is undeniable. As we enter a new era of online representation, trust in the internet will need to be vigorously robust.

The passwords that have been declared dead are far from dead. Nevertheless, the way in which users authenticate themselves is changing towards more security and convenience.

Many (most) identity systems make a fundamental assumption that is built into their very architecture. This assumption creates three significant problems: privacy erosion; toxic data stores; and poor security.

You will take back control of your identity and hold it. Not Facebook, not Google, and you will decide what credentials to share on a need-to-know basis. We dont have to be scared of the shift; we have to ensure the architecture is built ethically for all

The value of verifiable credentials and the critical role they will play to our future digital identities is undeniable. As we enter a new era of online representation, trust in the internet will need to be vigorously robust.

In “Self-Sovereign Identity,” Johannes Sedlmeir makes a clear distinction between two concepts too often mixed: “identity” and “identifiers”. What we are experiencing in todays Web are some external organizations identifying us as citizens, community members, customers, etc. But this isnt our “identity.” Those are identifiers.

35min course!

In the Fundamentals of Decentralized Identity certification, you'll learn how Verifiable Credentials, Decentralized Identifiers and Blockchain work. Complete the course, level up your skills and receive your certificate as a digital Verifiable Credential.

The idea that as a user of SSI I have complete sovereignty over my digital identity is often misunderstood. At its core, SSI is about my digital identity being under my own control, so I can decide to whom I show my data, when, and for what.

data security is about system-wide design, where many different elements need to fit together to create a working whole.

Identity represents a great asset. But we do not have control of this asset, as it is in the hands of organizations, governments, institutions, etc. These entities know everything about us from all this data.

Drummond Reed and Alex Preukschat, co-authors of Manning Publication's new book 'Self-Sovereign Identity,' for a conversation on the book's development and recent release and what the future holds for SSI as a technology, architecture, and movement.

How is it possible that the Internet has spread and developed to such an extent, while the unambiguous digital identification is not yet feasible?

  • What will happen if I dont jump on this train?
  • What would it mean if I didnt have to own my customers digital identity but establish a deep digital relationship with them instead?
  • Do I have the capacity to learn about this? If not, who do you trust to figure it out both on the business and technical sides.
  • What changes when digital identity becomes a revenue driver and asset for your business? (hint: top and bottom line)
  • Which of my competitors is probably already doing this?

Decentralized identity (DID) is a way for users to own their identity, using specific credentials to verify their identity to applications. These credentials, called Verifiable Credentials, enable you to do this. Verifiable Credentials are identity attestations that come from a trusted issuer, like proof of a workplace, student IDs, or official memberships.

This series is intended to be a basic, easy-to-understand introduction to SSI, but for a much deeper dive, check out Hypersign Labs — our technical blog. Heres a good place to start on SSI:

As a result of limited and known users there was no layer of identity and authentication in the design of internet framework. With the invention of the World Wide Web (WWW), the users made it a common platform for data sciences. Various sectors of society like health and finance have started using the internet for their services.

Eventually, SSI will give people a super simple way to do the following and more:

  1. Protect sensitive identity information like SSN and birthdates to reduce the likelihood and impact of identity theft
  2. Securely prove your identity or things about yourself in a way that institutions can trust
  3. Maintain privacy and reduce the ability for corporations or nefarious actors to track you without your consent
  4. Conveniently get access to services you need without usernames and passwords

I have developed a pet peeve for "technosolutionism": the notion that a sufficiently innovative technology can solve a social problem, or a business problem, without complex and nuanced changes to social and business practice.

Even with a little bit of input and discussion, you can see the shift to words such as inclusivity and phrases such as being more accessible or getting everyone involved.

The very center of the digital identity is your documents: from your National ID or Passport to your degrees, mobile phone number, bank account number, or your medical records. Anything that is intrinsically bound to you is your data and therefore your identity. While talking about SSI these are called Verifiable Credentials (VC).

The DID model allows you to establish a relationship between your private key (your blockchain wallet) and your citizenship.  The issuing authority signs off on the truth of your claim and, thereafter, third parties can check your public key to see that the holder of the private key is in fact a British citizen.

  • How Self-Sovereign Identity Works with Trinsic's Riley Hughes Georgian

  •  What is identity?

  •  The different ways Trinsic can be used by developers.

  •  Ways to disrupt or democratize the current model of identity.

  •  Decentralized identity and its many use cases.

  •  The continued need for anonymity in a digital identity world.

  •  How identity will evolve with web 3 and the metaverse.

Our goal has been to completely abstract away the complexity of the ever-changing landscape so organizations can focus on the important stuff—what product to build, and how to take it to market. Teams shouldnt have to “pick winners” and wager what to build on. Their products should be interoperable with multiple ecosystems. Thats what Trinsic is providing, out-of-the-box.

  1. Credential metadata: This might be cryptographically signed by the issuer and contains the credential identifier as well as properties about the credential itself such as the expiry date and who the issuer is.
  2. Claim(s): A tamper-proof set of claims made about the credential subject such as someones employee number and job title.
  3. Proof(s): Cryptographic method that allows people to verify

One way to avoid password-related problems is to use decentralized identity management. This method is relatively new, so the best way to gain knowledge about it contact the experts. For this reason, we are speaking with Mike Vesey, CEO of IdRamp.

give direct input towards our product improvements and be the first choice for research recruiting opportunities.

  • Teach you how to create your first application
  • Learn about authentication and authorization credentials
  • Set up hosted authentication with Okta and try it out

SSI framework is adopted in Germany and throughout the EU as a key

privacy-by-design framework. Through its membership in DIACC, One37

contributes to the future of digital identity by leveraging the lessons from

its own real-life use-cases in Canada where Verifiable Credentials play an

increasingly crucial role.

traditional KYC/AML practices can give way to a more practical framework, where businesses can remain compliant with regulations and collect data without threatening privacy, data security, and breaching data laws.

recently-released Crypto in KYC Growth through trust ebook helps organizations to better understand the notoriously unstable market

What are verifiable credentials? In this episode we are joined by Indicio software engineer Char Howland for an introduction to what this technology is and what it can do.

So I propose this outermost framework to help us think about how to interact with shared information environments

Even though some questions are still unanswered, self-sovereign identities will unlock enormous economic value. If you want to get some initial experience with SSI you can try the available open-source technologies. A successful proof of concept will enable companies to see the possibilities of the new technology and harness this potential more effectively.

We all have a cybersecurity problem, and SSI represents the most current thinking to address it.  For that reason, we believe that SSI is not just another technology.

  • GlobaliD 101: Bring Your Own Identity

  • Part 1: What a smart and humanistic approach to digital identity would like

  • Part 2: The Trust Triangle — the system of issuers, holders, and verifiers that illustrates how identity works (and how its broken, today)

  • Part 3: Why the ID Wallet is the first step toward achieving a new vision for digital identity

  • Part 4: Why every company is an identity company

  • [...]

There is a real opportunity to combine technology that is being developed with the concept of BYO Identity that will create a new identity framework where you own and control your data.

Trust Registries allow us to know that the various shared credentials (e.g. proof of insurance) are accurate. A Homeowner can ask their Digital Wallet to verify an insurance Credential that the Contractor is honest.

Most are probably not "written" in the normally understood sense of the word (auto-scraping and ctrl-c and ctrl-v isn't writing). Many are probably not written by a person at all.

There is a real opportunity to combine technology that is being developed with the concept of BYO Identity that will create a new identity framework where you own and control your data.

The two main ingredients of SSI are verifiable credentials (VCs) and decentralized identifiers (DIDs).

No other additional information is needed to complete this data exchange. So how do you know that the information being provided is authentic? The identity proof uses a cryptographic hash function that confirms beyond any doubt that the identity claim is accurate.

The public keys, as the name implies are there to view anytime and are used for exchanging information and can be revoked, however, the private key is for the account holder himself, be that an issuer, a verifier, or a subject. It is only through a private key that one can pass on his credentials using his DID to an issuer who then validates the credentials and sends them to the verifier using his DID.

issuers or verifiers can only access the information shared by the DID holder. This information exchange can occur through various technologies, like NFC, QR, or Bluetooth. Zero-knowledge proofs are applied to restrict full information access.

That way, your sensitive personal data is stored locally on your own device rather than hosted on some companys server that becomes a target for hackers.

Oldie but Goodie by Kim Hamilton Duffy from when she worked at Learning Machines

Technically, Verifiable Claims are claims made about a “subject” (identified by a digital identifier such as a DID) that are rendered tamper proof through digital signatures. The authenticity of digital signatures may, in turn, be established through issuer identifiers, which may also be expressed as DIDs.

On this episode of “Money Reimagined,” hosts Michael Casey and Sheila Warren are together again but this time, at Converge22 by Circle. They discuss the challenges of identity and verification in the U.S. and in other countries with Daniel Buchner, head of decentralized identity at Block; and Chi Nnadi, the co-founder and CEO at Mara.