Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Domains of Identity and Self-Sovereign Identity India talk

255 views

Published on

This is a version of my talk about the Domains of Identity and Self-Sovereign Identity that I gave in while I was in India to a range of institutions.

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Domains of Identity and Self-Sovereign Identity India talk

  1. 1. Kaliya Young Self-Sovereign Identity Domains of Identity + March 2019 This presentation includes slides from the following community members: * Drummond Reed * Manu Sporny * Timothy Ruff * John Jordan & BC Team
  2. 2. New America India-US Public Interest Technology Fellow Independent Expert on the Rights and Dignity of our Digital Selves
  3. 3. 2000 Conference: Global Ecology and Information Technology Convener of the: The Link Tank
  4. 4. Building Identity and Trust into the Next Generation Internet
  5. 5. Internet Identity Workshop 2005
  6. 6. Master of Science in Identity Management and Security
  7. 7. Its Everyone, Everywhere https://www.flickr.com/photos/nasamarshall/3945024874
  8. 8. What are all the different places that PII ends up in databases?
  9. 9. 1. Me and My Identity
  10. 10. 1. Me and My Identity MyData
  11. 11. 1. Me and My Identity Quantified Self Movement
  12. 12. 1. Me and My Identity User-Centric Digital Identity
  13. 13. 1. Me and My Identity Self-Sovereign Identity
  14. 14. 1. Me and My Identity
  15. 15. Children Elders
  16. 16. 2. You and My Identity Delegated Relationships
  17. 17. These are the source of data in the interactions with the next 12 domains.
  18. 18. The Next 12 Domains
  19. 19. 2 1 REGISTRATION IDENTIFICATION Government Registration 3. Government Registration
  20. 20. Primary Registration Done by Parents for their Children Government Registration
  21. 21. Primary Registration Done by Parents for their Children Secondary Registration Done by Subjects for themselves Using Documents from Primary Registration Government Registration
  22. 22. All the systems and processes are very recent inventions. 3. Government Registration Most are less then 100 yrs old
  23. 23. 3. Government Registration
  24. 24. Government Transactions 2 1 IDENTIFICATION SERVICES 4. Government Transactions
  25. 25. Civil Society Health Care Education Union Membership Religious Institutions Sports Teams Civic Participation Professional Associations
  26. 26. 2 1 REGISTRATION CREDENTIALS Civil Society Registration 5. Civil Society Registration
  27. 27. Civil Society Transactions CREDENTIALS SERVICES 1 2 6. Civil Society Transaction
  28. 28. Commercial Registration 2 1 REGISTRATION CREDENTIALS 7. Commercial Registration
  29. 29. Commercial Transactions 1 CREDENTIALS GOODS & SERVICES 2 3 PAYMENT 8. Commercial Transaction
  30. 30. 1 2 4 3 Employment Registration APPLICATION CREDENTIALS ENROLLMENT 12. Employment Registration
  31. 31. 1 2 3 Employment Transaction WORK TRANSACTION CREDENTIALS 13. Employment Transactions
  32. 32. Surveillance
  33. 33. 1) Voluntary Known Surveillance
  34. 34. 1) Voluntary Known 2) Involuntary Known Surveillance
  35. 35. Surveillance 1) Voluntary Known 2) Involuntary Known 3) Involuntary Unknown
  36. 36. Government Surveillance 9. Government Surveillance
  37. 37. Civial Society Surveillance 10. Civil Society Surveillance
  38. 38. Commercial Surveillance 11. Commercial Surveillance
  39. 39. Employment Surveillance WORK 14. Employment Surveillance
  40. 40. 1
  41. 41. 15. Data Broker Industry 1 2 3 DATA PUBLIC DATA DIGITAL DOSSIERS DA T A DATA 4 6 5 5
  42. 42. DATA 16. Black Market
  43. 43. Self-Sovereign Identity Domains of
 Identity
  44. 44. How do identifiers work today?
  45. 45. some we can pick..
  46. 46. …in someone else’s name space ORGYOU Account
  47. 47. Identity Provider Model ORGIDPYOU
  48. 48. MYURL.COM …but we really rent them… some identifiers we can pick…
  49. 49. #…and we rent our phone numbers
  50. 50. There are no digital identifiers we really own.
  51. 51. Without control of our identifiers we can’t have control over our identities & personal data. How do we own our own digital identifiers?
  52. 52. ORGYOU Account ORGIDPYOU
  53. 53. PEERYOU
  54. 54. ISSUER WALLET VERIFIER Shared Ledger or other Immutable Data Store Agent/Hub PEERYOU Decentralized Identity
  55. 55. Decentralized IDentifier - DID did:sov:3k9dg356wdcj5gf2k9bw8kfg7a Method Scheme Method-Specific Identifier Slide credit: Drummond Reed, Sovrin Foundation
  56. 56. did:sov:3k9dg356wdcj5gf2k9bw8kfg7a Slide credit: Drummond Reed, Sovrin Foundation
  57. 57. did:sov:3k9dg356wdcj5gf2k9bw8kfg7a 047d599d4521480d9e1919481b024f29d2693f2 72d19473dbef971d7d529f6e9 Private
 Key Public Key cc2cd0ffde594d278c2d9b432f4748506a7f9f2 5141e485eb84bc188382019b6 Slide credit: Drummond Reed, Sovrin Foundation
  58. 58. { “Key”: “Value” } DID Decentralized Identifier DID Document JSON-LD document describing the entity identified by the DID Slide credit: Drummond Reed, Sovrin Foundation
  59. 59. 1. DID (for self-description) 2. Set of public keys (for verification) 3. Set of auth protocols (for authentication) 4. Set of service endpoints (for interaction) 5. Timestamp (for audit history) 6. Signature (for integrity) !66 The standard elements of a DID doc Slide credit: Drummond Reed, Sovrin Foundation
  60. 60. Example DID Document (Part 1) !67 { "@context": "https://w3id.org/did/v1", "id": "did:example:123456789abcdefghi", "publicKey": [{ "id": "did:example:123456789abcdefghi#keys-1", "type": "RsaSigningKey2018", "owner": "did:example:123456789abcdefghi", "publicKeyPem": "-----BEGIN PUBLIC KEY...END PUBLIC KEY-----rn" }], "authentication": [{ "type": "RsaSignatureAuthentication2018", "publicKey": "did:example:123456789abcdefghi#keys-1" }], "service": [{ "type": "ExampleService", "serviceEndpoint": "https://example.com/endpoint/8377464" }], Slide credit: Drummond Reed, Sovrin Foundation
  61. 61. Example DID Document (Part 2) !68 "created": "2002-10-10T17:00:00Z", "updated": "2016-10-17T02:41:00Z", "signature": { "type": "RsaSignature2016", "created": "2016-02-08T16:02:20Z", "creator": "did:sov:8uQhQMGzWxR8vw5P3UWH1j#key/1", "signatureValue": "IOmA4R7TfhkYTYW87z640O3GYFldw0 yqie9Wl1kZ5OBYNAKOwG5uOsPRK8/2C4STOWF+83cMcbZ3CBMq2/ gi25s=" } } Slide credit: Drummond Reed, Sovrin Foundation
  62. 62. ISSUER WALLET VERIFIER Shared Ledger or other Immutable Data Store Agent/Hub Shared Ledgers BTCR IPFS
  63. 63. Building a Universal Resolver
  64. 64. WALLET Agent/Hub
  65. 65. ISSUER WALLET VERIFIER Shared Ledger or other Immutable Data Store Agent/Hub S Identifier Owners Edge Layer Cloud Layer Agent/HubAgent/Hub WALLET WALLET IPFS BTCR Secure Communication Channel with PKI
  66. 66. did:sov:3k9dg356wdcj5gf2k9bw8kfg7a Slide credit: Drummond Reed, Sovrin Foundation Who cares about really long numbers?
  67. 67. Verifiable Credentials
  68. 68. HOLDERHOLDER VERIFIERVERIFIER When a credential is shown to a verifier with a proof of ID, verification is highly fallible.
  69. 69. Fancy print gimmicks might make a credential seem authentic but these are easy to forge these days.
  70. 70. THE CENTRALIZED DATABASE
  71. 71. Verification systems are overly complex … PORTAL and create privacy problem.
  72. 72. ISSUER WALLET VERIFIER Shared Ledger or other Immutable Data Store Agent/Hub
  73. 73. ISSUER WALLET VERIFIER Shared Ledger or other Immutable Data Store Agent/Hub
  74. 74. ISSUER WALLET VERIFIER Shared Ledger or other Immutable Data Store Agent/Hub
  75. 75. ISSUER WALLET VERIFIER Shared Ledger or other Immutable Data Store ISSUER WALLET VERIFIER
  76. 76. ISSUER WALLET VERIFIER Shared Ledger or other Immutable Data Store ISSUER WALLET VERIFIER
  77. 77. ISSUER WALLET VERIFIER Shared Ledger or other Immutable Data Store ISSUER WALLET VERIFIER
  78. 78. ISSUER WALLET VERIFIER Shared Ledger or other Immutable Data Store ISSUER WALLET VERIFIER
  79. 79. ISSUER WALLET VERIFIER Shared Ledger or other Immutable Data Store ISSUER WALLET VERIFIER
  80. 80. ISSUER WALLET VERIFIER Shared Ledger or other Immutable Data Store ISSUER WALLET VERIFIER
  81. 81. ISSUER WALLET VERIFIER Shared Ledger or other Immutable Data Store ISSUER WALLET VERIFIER
  82. 82. ISSUER WALLET VERIFIER Shared Ledger or other Immutable Data Store ISSUER WALLET VERIFIER
  83. 83. ISSUER WALLET VERIFIER Shared Ledger or other Immutable Data Store ISSUER WALLET VERIFIER
  84. 84. A Verifiable Credential has a standard format. Slide credit: Manu Sporny Veres One
  85. 85. ISSUER WALLET VERIFIER Shared Ledger or other Immutable Data Store ISSUER WALLET VERIFIER
  86. 86. ISSUER WALLET VERIFIER Shared Ledger or other Immutable Data Store ISSUER WALLET VERIFIER
  87. 87. ISSUER WALLET VERIFIER Shared Ledger or other Immutable Data Store ISSUER WALLET VERIFIER
  88. 88. ISSUER WALLET VERIFIER Shared Ledger or other Immutable Data Store ISSUER WALLET VERIFIER
  89. 89. ISSUER WALLET VERIFIER Shared Ledger or other Immutable Data Store ISSUER WALLET VERIFIER
  90. 90. ISSUER WALLET VERIFIER Shared Ledger or other Immutable Data Store ISSUER WALLET VERIFIER
  91. 91. ISSUER WALLET VERIFIER Shared Ledger or other Immutable Data Store ISSUER WALLET VERIFIER
  92. 92. ISSUER WALLET VERIFIER Shared Ledger or other Immutable Data Store ISSUER WALLET VERIFIER
  93. 93. ISSUER WALLET VERIFIER Shared Ledger or other Immutable Data Store ISSUER WALLET VERIFIER
  94. 94. No PII ends up on the shared ledgers
  95. 95. WALLET Agent/Hub
  96. 96. 2 1 REGISTRATION IDENTIFICATION GovernmentRegistration 3.GovernmentRegistration WALLET Agent/Hub
  97. 97. GovernmentTransactions 2 1 IDENTIFICATION SERVICES 4.GovernmentTransactions 2 1 REGISTRATION IDENTIFICATION GovernmentRegistration 3.GovernmentRegistration WALLET Agent/Hub
  98. 98. GovernmentTransactions 2 1 IDENTIFICATION SERVICES 4.GovernmentTransactions 2 1 REGIST RATION CRED ENTIALS CivilSociety Registration 2 1 REGISTRATION IDENTIFICATION GovernmentRegistration 3.GovernmentRegistration 5.CivilSocietyRegistration WALLET Agent/Hub
  99. 99. GovernmentTransactions 2 1 IDENTIFICATION SERVICES 4.GovernmentTransactions CivilSocietyTransactions CRED ENTIALS SERVICES1 2 6. Civil Society Transaction 2 1 REGIST RATION CRED ENTIALS CivilSociety Registration 2 1 REGISTRATION IDENTIFICATION GovernmentRegistration 3.GovernmentRegistration 5.CivilSocietyRegistration WALLET Agent/Hub
  100. 100. GovernmentTransactions 2 1 IDENTIFICATION SERVICES 4.GovernmentTransactions CivilSocietyTransactions CRED ENTIALS SERVICES1 2 6. Civil Society Transaction 2 1 REGIST RATION CRED ENTIALS CivilSociety Registration 1 2 4 3 Employment Registration APPLICATION CREDENTIALS ENROLLMENT 2 1 REGISTRATION IDENTIFICATION GovernmentRegistration 3.GovernmentRegistration 5.CivilSocietyRegistration 13.EmploymentRegistration WALLET Agent/Hub
  101. 101. GovernmentTransactions 2 1 IDENTIFICATION SERVICES 4.GovernmentTransactions CivilSocietyTransactions CRED ENTIALS SERVICES1 2 6. Civil Society Transaction 1 2 3 Em ploym entTransaction WORKTRANSAC TION CREDENTIA LS 13. Employment Transactions 2 1 REGIST RATION CRED ENTIALS CivilSociety Registration 1 2 4 3 Employment Registration APPLICATION CREDENTIALS ENROLLMENT 2 1 REGISTRATION IDENTIFICATION GovernmentRegistration 3.GovernmentRegistration 5.CivilSocietyRegistration 13.EmploymentRegistration WALLET Agent/Hub
  102. 102. GovernmentTransactions 2 1 IDENTIFICATION SERVICES 4.GovernmentTransactions CivilSocietyTransactions CRED ENTIALS SERVICES1 2 6. Civil Society Transaction 1 2 3 Em ploym entTransaction WORKTRANSAC TION CREDENTIA LS 13. Employment Transactions 2 1 REGIST RATION CRED ENTIALS CivilSociety Registration 1 2 4 3 Employment Registration APPLICATION CREDENTIALS ENROLLMENT 2 1 REGISTRATION IDENTIFICATION GovernmentRegistration CommercialRegistration 2 1 REGISTRATION CREDENTIA LS 3.GovernmentRegistration 5.CivilSocietyRegistration 7.Com m ercialRegistration 13.EmploymentRegistration WALLET Agent/Hub
  103. 103. GovernmentTransactions 2 1 IDENTIFICATION SERVICES 4.GovernmentTransactions CivilSocietyTransactions CRED ENTIALS SERVICES1 2 6. Civil Society Transaction Commercial Transactions 1 CRE D ENTIALS GOODS & SERVICE S 2 3 PAYM ENT 8.Com m ercialTransaction 1 2 3 Em ploym entTransaction WORKTRANSAC TION CREDENTIA LS 13. Employment Transactions 2 1 REGIST RATION CRED ENTIALS CivilSociety Registration 1 2 4 3 Employment Registration APPLICATION CREDENTIALS ENROLLMENT 2 1 REGISTRATION IDENTIFICATION GovernmentRegistration CommercialRegistration 2 1 REGISTRATION CREDENTIA LS 3.GovernmentRegistration 5.CivilSocietyRegistration 7.Com m ercialRegistration 13.EmploymentRegistration WALLET Agent/Hub
  104. 104. ISSUER WALLET VERIFIER Shared Ledger or other Immutable Data Store Agent/Hub PEERYOU
  105. 105. Individuals have their own Identities
  106. 106. What about the organizations?
  107. 107. Verifiable Organizations Network
  108. 108. Let’s look at an example
  109. 109. Paper documents are cumbersome as proof of legal compliance and permission. REGISTERED PERATING PERMIT QUALIFICATION Certificate of PERMIT en CONFIRMATION LETTER REGISTERED PERATING PERMIT QUALIFICATION Certificate of PERMIT en CONFIRMATION LETTER
  110. 110. PROVINCE INCORPORATION REGIONAL HEALTH AUTHORITY PERMIT MUNICIPALITY BUSINESS LICENSE Mary requires a variety of documents in order to establish her bakery. Some requirements are not obvious, so she’ll have to do her homework.
  111. 111. This journey involves multiple sources … PROVINCE INCORPORATION REGIONAL HEALTHAUTHORITY PERMIT MUNICIPALITY BUSINESS LICENSE … and modes of service delivery.
  112. 112. STEP 12 All of this activity is a major burden for all involved.
  113. 113. What if … businesses could provide verifiable proofs about qualifications when transacting online? Mary owns this proof-of status for her business Certificate issued Certificate shared Certificate verified
  114. 114. The credential definition is created and published on the blockchain (ledger) by an issuer. DEFINITIONDEFINITION LEDGERLEDGERISSUERISSUER
  115. 115. Open registry of decentralized identifiers. PERMIT ISSUERS HOLDER VERIFIERS
  116. 116. We have a chicken-or-egg dilemma. How do we kickstart one side of the market?
  117. 117. What can services plug into to get things rolling?
  118. 118. Welcome to British Columbia’s verifiable organizations. search TheOrgBook fills that role and unlocks the hidden value of BC Registries data. Registration, permit, and license services can plug into incorporated businesses.
  119. 119. Welcome to British Columbia’s verifiable organizations. search Digitally signed and sealed verifiable credentials A global, open blockchain registry
  120. 120. MARY OLIVIERA The new enrollment experience is more convenient … … with a global, open blockchain registry.
  121. 121. Mary can own her proof-of-status and store them in her digital wallet … … which opens up more service possibilities …
  122. 122. A decentralized verifiable credential is carried by the holder on a smart phone or other computing device. The phone does a lot of the work as the holder’s agent.
  123. 123. Organizations now have identities
  124. 124. Organizations now have identities People now have identities
  125. 125. Organizations now have identities People now have identities OPEN STANDARDS FOR IDENTIFIERS & DATA EXCHANGE
  126. 126. ssiscoop.com
  127. 127. Kaliya Young kaliya@identitywoman.net Internet Identity Workshop

×