decentralized-id.github.io/_posts/development/2023-06-22-user-experience.md
2023-07-01 05:22:24 +05:30

104 lines
15 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: User Experience and Self Sovereign Identity
excerpt: >
Lack of great user experiences is often raised as one of decentralized identitys (and public blockchains) missing ingredients for ubiquitous adoption. However to arrive at usable experiences across the industry, we first need to reach consensus around basic user personas and mental models, then design and build interoperable system accordingly.
description: the mere fact of building such a verifiable and traceable architecture does not automatically translate into understandable communications
layout: single
toc: true
toc_sticky: false
permalink: /development/user-experience/
canonical_url: 'https://decentralized-id.com/development/user-experience/'
redirect_from:
- /literature/self-sovereign-identity/user-experience/
- self-sovereign-identity/user-experience
- self-sovereign-identity/user-experience/
categories: ["Development"]
tags: ["User Experience","Relationships"]
last_modified_at: 2023-06-23
published: true
---
## General
* [Identity and Consistent User Experience](https://www.windley.com/archives/2021/11/identity_and_consistent_user_experience.shtml) 2021-11 Phil Windley
> There's a saying in security: "Don't roll your own crypto." I think we need a corollary in identity: "Don't roll your own interface." But how do we do that? And what should the interface be? One answer is to adopt the user experience people already understand from the physical world: connections and credentials.
* [Fluid Multi-Pseudonymity](https://www.windley.com/archives/2021/09/fluid_multi-pseudonymity.shtml) 2021-09-07 Windley
> Fluid multi-pseudonymity perfectly describes the way we live our lives and the reality that identity systems must realize if we are to live authentically in the digital sphere.
* [Humanizing PoSSI- Human-centric structure of the Principles of SSI](https://iiw.idcommons.net/21M/_Humanizing_PoSSI-_Human-centric_structure_of_the_Principles_of_SSI) 2021-05-06 Line Kofoed
> 1. [Line] Welcome and introductions; background information around how this topic is important to discuss
> 2. Principles of SSI - [https://sovrin.org/principles-of-ssi/](https://sovrin.org/principles-of-ssi/)
> 3. Sovrin Foundation is working on Sovrin Utility GF and the Sovrin Ecosystem GF
> 4. Work on the SEGF led to reviewing how we define an ecosystem (see slide for definition) → identity ecosystem for identity services
> 5. The approach to grouping the 12 principles are intended to enable better understanding as digital trust ecosystems grow
> 6. Ecosystem of ecosystems will need a foundational set of values and principles and the PoSSI
> 7. [Sterre] It is good to have the order the principles to help better understanding
> 8. [Drummond] additional supplementary material to help laypersons understand the PoSSI better
> 9. [Alex] is the original sequence/numbering sufficient and complete?
> 10. [Chris] the grouping is more important for the SEGF
> 11. [please join Sovrin meetings]
* [Bringing User-Centricity to Decentralized Identity](https://www.youtube.com/watch?v=UnWsu1gCe9k) 2021-08-01 Nat Sakimura KuppingerCole
> Raj Hegde sits with identity veteran, Nat Sakimura - Chairman of OpenID Foundation to understand how user-centric learnings from existing authentication protocols can be applied to future identity initiatives.
* [How humans understand identity](https://medium.com/universal-identity/how-humans-understand-identity-367200ae9591) 2021-07-09 Universal Identity
> Lack of great user experiences is often raised as one of decentralized identitys (and public blockchains) missing ingredients for ubiquitous adoption. However to arrive at usable experiences across the industry, we first need to reach consensus around basic user personas and mental models, then design and build interoperable system accordingly.
## Relationship based Identity
* [Are Transactional Relationships Enough?](https://www.windley.com/archives/2022/03/are_transactional_relationships_enough.shtml) 2022-03 Phil Windley
> Our online relationships are almost all transactional. A purely transaction digital life can't feel as rich and satisfying as one based on interactional relationships. As more of our relationships are intermediated by technology, finding ways to support interactional relationships will allow us to live authentic digital lives.
* [Backchannel: A relationship-based digital identity system](https://www.inkandswitch.com/backchannel/) 2021-09 Ink and Switch
> Using Backchannel as a model example, we propose four design principles for trusted digital relationships. Then we used Backchannel to design and build three sample apps: chat, location sharing, and document preview. We also tested these designs with journalists, researchers, and designers. Based on this testing, we outline common user experience challenges and recommended solutions.
* [Authentic Digital Relationships](https://www.windley.com/archives/2020/08/authentic_digital_relationships.shtml) 2020-08 Phil Windley
> Self-sovereign identity (SSI) systems offers an alternative model that supports richer relationships. Rather than provisioning identifiers and accounts in an administrative system where the power imbalance assures that one party to the relationship can dictate the terms of the interaction, SSI is founded on peer relationships that are co-provisioned by the exchange of decentralized identifiers. This architecture implies that both parties will have tools that speak a common protocol.
* [Relationships and Identity](https://www.windley.com/archives/2020/07/relationships_and_identity.shtml) 2020-07 Phil Windley
> We build digital identity systems to create and manage relationships—not identities.
## Customer Relationships
* [The Identity Imperative: Risk Management, Value Creation, and Balance of Power Shifts](https://identitypraxis.com/2021/12/10/the-identity-imperative-risk-management-value-creation-and-balance-of-power-shifts/) 2021-12-10 Michael Becker IdentityPraxis
> Brands need to prepare for fundamental shifts in peoples attitudes and expectations. The implications of these shifts will be profound, as they will force a change in competition, business models, product offerings, and business practices.
* [The 7 Deadly Sins of Digital Customer Relationships](https://www.evernym.com/blog/7-deadly-sins-customer-relationships/) 2021-03-02 Evernym
> Its not just about measuring customers, its about keeping them. Yet the more I look at how businesses design and manage their relationships with customers, the more I see dysfunction, waste and a collapse of consumer trust. In fact, I see a number of core business behaviours that are causing this waste, this dysfunction. Seven to be precise.
* [Decentralized Identifiers: Building Smarter, More Sustainable Customer Relationships](https://www.evernym.com/blog/decentralized-identifiers-customer-relationships/) 2021-03-02 Evernym
> DIDs are about building lasting private and secure digital relationships with customers, and as well see with each of the Deadly Sins, about reducing costs, increasing compliance and enabling truly personalized products and services without being creepy.
## Design
* [More security does not have to mean less user-friendliness](https://background.tagesspiegel.de/cybersecurity/mehr-sicherheit-muss-nicht-weniger-nutzerfreundlichkeit-bedeuten) 2022-06-05 Martin Kuppinger, Tagesspiegel
> The passwords that have been declared dead are far from dead. Nevertheless, the way in which users authenticate themselves is changing towards more security and convenience.
* [How Might we Design Consent Experiences for Data Sharing?](https://www.youtube.com/watch?v=bGgV2Ffnczg) 2022-05-27 ToIP HXWG Arianna Rossi, Xengie Doan, Interdisciplinary Center for Security, Reliability and Trust (SnT) at the University of Luxembourg
> The complex ecosystem where manifold transactions can be automatically enabled by smart contracts contributes, at least in principle, to establish greater transparency about data use towards the many parties involved. However, the mere fact of building such a verifiable and traceable architecture does not automatically translate into understandable communications, easily applicable instructions and smooth transactions for human beings.
* [Tap and Prove](https://www.linkedin.com/pulse/tap-prove-stephen-wilson/) 2021-07-15 Stephen Wilson
> We should be able to “tap and prove” any important fact and figures about ourselves as easily as we tap and pay with a mobile phone at any one of 100s of millions of terminals globally.
* [Disability-inclusive ID Systems](https://blogs.worldbank.org/voices/access-agency-and-empowerment-through-disability-inclusive-id-systems) 2020-12-09 World
> Creating an inclusive ID system requires a comprehensive, whole-of-system approach to overcome barriers to ID enrollment and use for persons with disabilities.
* [EPS for SSI (Self-Sovereign Identity)](https://medium.com/@kokumai/eps-for-ssi-self-sovereign-identity-8c742e2b1d02) 2020-08-15 Hitoshi Kokumai
> you might be interested to hear that the core of EPS is designed to convert images to high-entropy codes, which work as very long passwords and also as the seeds of symmetric or asymmetric cryptographic keys.
* [Falsehoods Programmers Believe About Names - With Examples](https://shinesolutions.com/2018/01/08/falsehoods-programmers-believe-about-names-with-examples/) 2018-01-08 Shine Solutions Group
> In this post Im going to list all 40 of Patricks original falsehoods, but give you an example (or two) drawn from my experiences working in this space. Ready? Lets go!
>
> 1. People have exactly one canonical full name.
> 2. People have exactly one full name which they go by.
## Trust
* [An Introduction to Digital Trust](https://northernblock.io/verifiable-credentials/introduction-to-digital-trust/) 2021-09-06 Northern Block
> whats the purpose of SSI? Its about enabling Digital Trust (which is quickly becoming an integral part of digital transformation for organizations).
* [Will users and organizations have trust in keys roaming via the cloud?](https://www.kuppingercole.com/events/eic2022/blog/will-users-and-organizations-have-trust-in-keys-roaming-via-the-cloud) 2022-05-12 Kuppinger Cole EIC2022
> the FIDO Alliance, a set of open, scalable, and interoperable specifications has been developed to replace passwords as a secure authentication method for online services. The alliance has also worked with companies such as [Microsoft](https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-passwordless), [Google](https://cloud.google.com/blog/products/identity-security/protect-gce-vms-with-managed-fido-security-keys), and [Apple](https://fidoalliance.org/expanded-support-for-fido-authentication-in-ios-and-macos/)  to integrate and adopt FIDO standards across their operating systems.
## Users Needs
* [People Dont Understand the Purpose of Privacy Policies and Terms of Service  New Research Published](https://me2ba.org/people-dont-understand-the-purpose-of-privacy-policies-and-terms-of-service-new-research-published/) 2022-01-24 Me2B Alliance ([Report](https://me2ba.org/spotlight-report-5-me2b-alliance-validation-testing-report-consumer-perception-of-legal-policies-in-digital-technology/)
> - Consumers are aware that legal policies exist on connected technologies and that they should read them, but they continue to choose to largely ignore them.
> - 55% of survey participants did not understand that a TOS/TOU agreement is a legal contract. This has significant implications because a key requirement for legally binding contracts is mutual assent, which means that both parties have a “meeting of the minds” and must understand theyre entering into a contract.
> - None of the interview participants were aware of tools that explain or rate privacy policies and TOS/TOU documents, and half said that a score would not change their behavior.
> - 66% of survey respondents believe that privacy policies protect the business, while 50% say they protect the consumer. Its questionable that privacy policies protect either the individual or the business, as they are primarily legal notices, disclosures of how data is used by the technology and the companies behind it. Moreover, 39% of respondents erroneously thought that the privacy policy was a contract [between them and the company].
* [What Your Customers Really Want From Your Login Box](https://auth0.com/blog/what-your-customers-really-want-from-your-login-box/) 2021-10-06 Auth0
> customers want convenience and control: they want to choose which authentication method to use whether its MFA or SSO or biometrics. They want a brand experience that resembles a concierge desk: a 24/7 service where no demand is too big. To top it off, they dont want to see any technical glitches
### Location Tracking
* [Most People Feel Negatively About Location Tracking in Websites and Apps](https://me2ba.org/most-people-feel-negatively-about-location-tracking/) 2021-11-16 Me2Ba
> The Spotlight Report, “[Consumer Sensitivity to Location Tracking by Websites and Mobile Apps](https://me2ba.org/spotlight-report-3-me2b-alliance-validation-research-consumer-sensitivity-to-location-tracking-by-websites-and-mobile-apps/)”, was developed to validate the Location Commitment scoring criteria in the [Me2B Alliance Validation Research: Consumer Sensitivity to Location Tracking by Websites and Mobile Apps](https://me2ba.org/spotlight-report-3-me2b-alliance-validation-research-consumer-sensitivity-to-location-tracking-by-websites-and-mobile-apps/)
* [What is Respectful Use of Location Information? New Me2BA Reearch](https://me2ba.org/what-is-respectful-use-of-location-information-new-me2ba-research-published/) 2021-11-22 Me2B
> As weve been performing independent product audits over the past year and a half, we received some push-back on our passing criteria related to the automatic translation of IP address to geographic location. Vendors felt that automatically calculating the users geographical location was, in fact, a benefit. However, in our specification, that behavior will receive a failing score. At an impasse, we decided to conduct some validation testing with Me-s.
* [“Spotlight Report #3: Consumer Sensitivity to Location Tracking by Websites and Mobile Apps”](https://me2ba.org/spotlight-report-3-me2b-alliance-validation-research-consumer-sensitivity-to-location-tracking-by-websites-and-mobile-apps/) 2021-11-16 Me2B
> This research quantifies and qualifies public opinion of location tracking in a variety of different contexts within web and mobile technology.
* [Do Consumers Even Want Personalized Ads?](https://anonyome.com/2021/06/do-consumers-even-want-personalized-ads/) 2021-06 Anonyme
> The [YouGov](https://www.globalwitness.org/en/blog/do-people-really-want-personalised-ads-online/) poll of consumers in France and Germany we mentioned earlier says its the [behind the scenes](https://mysudo.com/2021/02/beware-the-dark-patterns-trying-to-steal-your-data/) or back door nature of personalization that gives people the creeps.
* [Only 5% Of US Consumers Want To Be Tracked For Ads](https://anonyome.com/2021/05/only-5-of-us-consumers-want-to-be-tracked-for-ads/) 2021-05 Anonyme
> That means 95% of US consumers are saying no way to cross-app tracking with Apples new [App Tracking Transparency](https://anonyome.com/2021/05/apples-new-att-and-why-facebook-is-hitting-back-hard/) (ATT) feature.