Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Self-Sovereign Identity for the Decentralized Web Summit

91 views

Published on

Self-Sovereign Identity helps individuals have control over their own identifier. This talk shares the origins of this work and how it works.

Published in: Technology
  • Really liked this slideshare... sorry I wasn't there to enjoy the voiceover. At last a presentation that recognises the fundamental importance of a DID-based identity infrastructure for any VIABLE, trusted decentralised / peer to peer ecosystem. Of course, better performance would also help if attempting something more ambitious in scale than say VON (good start though!) or less scarily centralised than one of the state e-ID systems. Perhaps the emerging Rchain platform might be technically capable of scale???
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Self-Sovereign Identity for the Decentralized Web Summit

  1. 1. Kaliya Young Introduction to Self-Sovereign Identity www.identitywoman.net www.internetidentityworkshop.com www.ssiscoop.com www.humanfirst.tech Decentralized Web Summit August 1, 2018
  2. 2. Long Time Ago in a Far Far away (1999)
  3. 3. There were two answers - neither one was good.
  4. 4. Global Ecology and Information Technology 2000
  5. 5. These entities were going to give us digital identities??? Really?
  6. 6. Building Identity and Trust into the Next Generation Internet
  7. 7. Underlying this report is the assumption that every individual ought to have the right to control his or her own online identity. You should be able to decide what information about yourself is collected as part of your digital profile, and of that information, who has access to different aspects of it. Certainly, you should be able to read the complete contents of your own digital profile at any time. An online identity should be maintained as a capability that gives the user many forms of control. Without flexible access and control, trust in the system of federated network identity will be minimal.
  8. 8. A digital profile is not treated [by corporations who host them] as the formal extension of the person it represents. But if this crucial data about you is not owned by you, what right do you have to manage its use? A civil society approach to persistent identity is a cornerstone of the Augmented Social Network project.
  9. 9. Organizations would have identities People would have identities
  10. 10. They would be able to connect on their own terms Each being first class nodes on the network
  11. 11. Building Identity and Trust into the Next Generation Internet 2003
  12. 12. Innovating the Protocols to represent people in the digital realm in ways that empower them that they are in control.
  13. 13. Internet Identity Workshop 2005
  14. 14. Lots of Open Standards or Protocols have been born & nested at IIW XRI/XDISAML Information Cards JSON-LD DID DIDAuth Verifiable Credentials JLINC UMA BlockCerts BOPS
  15. 15. …but why do protocols matter?
  16. 16. …why does infrastruture matter?
  17. 17. Time Infrastructure
  18. 18. Standard Time
  19. 19. Communications Infrastructure
  20. 20. 1865
  21. 21. Protocol is a system of distributed management that facilitates peer-to-peer relationships between autonomous entities. -Alexander Gallway, Protocol
  22. 22. Internet protocols allow for inter-operation between computers. -Alexander Gallway, Protocol
  23. 23. Protocol is a language that regulates flow, directs netspace, codes relationships, and connects life forms. It is etiquette for autonomous agents. -Alexander Gallway, Protocol
  24. 24. Where is Layer 8? Where are the Protocols?
  25. 25. https://medium.com/evernym/the-three-models-of-digital-identity-relationships-ca0727cb5186
  26. 26. Back then: Now:
  27. 27. https://medium.com/evernym/the-three-models-of-digital-identity-relationships-ca0727cb5186
  28. 28. RENT-A
  29. 29. RENT-A MYURL.COM
  30. 30. RENT-A MYURL.COM #
  31. 31. RENT-A MYURL.COM #** Special NAME-SPACE for People? **
  32. 32. Decentralized IDentifier - DID did:sov:3k9dg356wdcj5gf2k9bw8kfg7a Method Scheme Method-Specific Identifier Slide credit: Drummond Reed, Sovrin Foundation
  33. 33. did:sov:3k9dg356wdcj5gf2k9bw8kfg7a Slide credit: Drummond Reed, Sovrin Foundation
  34. 34. did:sov:3k9dg356wdcj5gf2k9bw8kfg7a Public Key cc2cd0ffde594d278c2d9b432f4748506a7f9f2 5141e485eb84bc188382019b6 Slide credit: Drummond Reed, Sovrin Foundation
  35. 35. did:sov:3k9dg356wdcj5gf2k9bw8kfg7a 047d599d4521480d9e1919481b024f29d2693f2 72d19473dbef971d7d529f6e9 Private
 Key Public Key cc2cd0ffde594d278c2d9b432f4748506a7f9f2 5141e485eb84bc188382019b6 Slide credit: Drummond Reed, Sovrin Foundation
  36. 36. did:sov:3k9dg356wdcj5gf2k9bw8kfg7a 047d599d4521480d9e1919481b024f29d2693f2 72d19473dbef971d7d529f6e9 Private
 Key Public Key cc2cd0ffde594d278c2d9b432f4748506a7f9f2 5141e485eb84bc188382019b6 Slide credit: Drummond Reed, Sovrin Foundation
  37. 37. { “Key”: “Value” } DID Decentralized Identifier DID Document JSON-LD document describing the entity identified by the DID Slide credit: Drummond Reed, Sovrin Foundation
  38. 38. 1. DID (for self-description) 2. Set of public keys (for verification) 3. Set of auth protocols (for authentication) 4. Set of service endpoints (for interaction) 5. Timestamp (for audit history) 6. Signature (for integrity) !54 The standard elements of a DID doc Slide credit: Drummond Reed, Sovrin Foundation
  39. 39. Shared Ledgers BTCR IPFS
  40. 40. !56 Method DID prefix Sovrin did:sov: Bitcoin Reference did:btcr: Ethereum uPort did:uport: Blockstack did:stack: Veres One did:v1: IPFS did:ipld: Active DID Method Specs Slide credit: Drummond Reed, Sovrin Foundation
  41. 41. !57 A DID method specification defines how to read and write a DID (and its DID document) on a specific blockchain or distributed network Slide credit: Drummond Reed, Sovrin Foundation
  42. 42. 1. The syntax of the method-specific identifier 2. Any method-specific elements of a 
 DID document 3. The CRUD (Create, Read, Update, Delete) operations on DIDs and DID documents for the target system !58 A DID Method spec defines… Slide credit: Drummond Reed, Sovrin Foundation
  43. 43. Create Addressable Identifiers Created and Owned by People
  44. 44. The decentralized identity “stack” Identity Owners Slide credit: Drummond Reed, Sovrin Foundation
  45. 45. The decentralized identity “stack” Identity Owners Edge Layer Edge Wallet Edge Wallet Edge Agent Edge Agent Slide credit: Drummond Reed, Sovrin Foundation
  46. 46. The decentralized identity “stack” Cloud Layer Cloud Wallet Cloud Wallet Cloud Agent Cloud Agent Identity Owners Edge Layer Edge Wallet Edge Wallet Edge Agent Edge Agent Slide credit: Drummond Reed, Sovrin Foundation
  47. 47. DID Layer The decentralized identity “stack” Cloud Layer Cloud Wallet Cloud Wallet Cloud Agent Cloud Agent Identity Owners Edge Layer Edge Wallet Edge Wallet Edge Agent Edge Agent Slide credit: Drummond Reed, Sovrin Foundation
  48. 48. DID Layer The decentralized identity “stack” Cloud Layer Cloud Wallet Cloud Wallet Cloud Agent Cloud Agent Identity Owners Edge Layer Edge Wallet Edge Wallet Edge Agent Edge Agent Slide credit: Drummond Reed, Sovrin Foundation Identity Owners
  49. 49. Verifiable Credentials
  50. 50. What do we mean by Credential? 67Slide credit: Manu Sporny Veres One
  51. 51. W3C Verifiable Credentials 68 The mission of the W3C Verifiable Claims Working Group: Express credentials on the Web in a way that is cryptographically secure, privacy respecting, and automatically verifiable.Slide credit: Manu Sporny Veres One
  52. 52. Anatomy of a Verifiable Credential Verifiable Credential Issuer Signature ClaimsClaimsClaims Credential Identifier Credential MetadataCredential MetadataCredential Metadata 69 Slide credit: Manu Sporny Veres One
  53. 53. HOW DO YOU KNOW ITS TRUE? Without…
  54. 54. HOW DO YOU KNOW ITS TRUE? Without…
  55. 55. Verifiable Credentials Ecosystem 72 Issuer (Website) Government, Employer, etc. Verifier (Website) Company, Bank, etc. Holder (Digital Wallet / Personal Data Store) Citizen, Employee, etc. Issue Credentials Present Profiles Slide credit: Manu Sporny Veres One
  56. 56. !73
  57. 57. Decentralized Identifiers 74 Decentralized Identifiers (Identifiers are owned by individuals) Blockchains / DHTs (Decentralized Ledger) Veres One, Sovrin, Bitcoin, Ethereum, etc. Issuer (Website) Government, Employer, etc. Verifier (Website) Company, Bank, etc. Holder (Digital Wallet / Personal Data Store) Citizen, Employee, etc. Issue Credentials Present Profiles Slide credit: Manu Sporny Veres One
  58. 58. https://medium.com/evernym/the-three-models-of-digital-identity-relationships-ca0727cb5186
  59. 59. Self Sovereign Identity no facebook no phone number no email provider
  60. 60. NO PERSONALLY IDENTIFIABLE INFORMATION ENDS UP ON THE BLOCK CHAIN
  61. 61. Directed Identifiers
  62. 62. I get different DIDs for different parts of my life
  63. 63. I get to prove things about my self
  64. 64. Institutions can Issue Verified (Digital) Credentials to Organizations
  65. 65. Verifiable Organizations Network British Columbia Government is building it, and its all up on GitHub
  66. 66. Verifiable Organizations Network
  67. 67. Verifiable Organizations Network
  68. 68. Verifiable Organizations Network OrgBookProfile a Business Public Business Permits
  69. 69. Verifiable Organizations Network OrgBookProfile a Business Business Owner Can Claim These Public Business Permits
  70. 70. Verifiable Organizations Network OrgBookProfile a Business Business Owner Can Claim These In the Verifiable Credentials Format Public Business Permits
  71. 71. Verifiable Organizations Network OrgBookProfile a Business Business Owner Can Claim These In the Verifiable Credentials Format In a Digital Wallet Public Business Permits
  72. 72. Verifiable Organizations Network HolderIssuer Verifier Issues 
 Claim Decentralized Identifiers (DIDs) Public Blockchain or other Decentralized Network Signs Claim Countersigns Claim Wallet Slide credit: Drummond Reed, Sovrin Foundation BC GOVERNMENT BC BUSINESS
  73. 73. Verifiable Organizations Network HolderIssuer Verifier Issues 
 Claim Decentralized Identifiers (DIDs) Public Blockchain or other Decentralized Network Signs Claim Countersigns Claim Verifies Signatures Wallet Slide credit: Drummond Reed, Sovrin Foundation BC GOVERNMENT BC BUSINESS CANADIAN GOVERNMENT
  74. 74. Verifiable Organizations Network HolderIssuer Verifier Issues 
 Claim Presents
 Claim Decentralized Identifiers (DIDs) Public Blockchain or other Decentralized Network Signs Claim Countersigns Claim Verifies Signatures Wallet Slide credit: Drummond Reed, Sovrin Foundation BC GOVERNMENT BC BUSINESS CANADIAN GOVERNMENT
  75. 75. 
 DATA SHARING with DIDs & VC JLINC Object Capabilities User Managed Access XRI/XDI
  76. 76. Decentralized Identity Foundation
  77. 77. 95
  78. 78. working on: DID Auth
  79. 79. !97 A simple standard way for a DID owner to authenticate by proving control of a 
 private key DID Auth is… Slide credit: Drummond Reed, Sovrin Foundation
  80. 80. Building: UNIVERSAL RESOLVER
  81. 81. Differences Between Ledgers
  82. 82. Bitcoin,
 Ethereum, IOTA,
 Veres One Permissionless Permissioned Public Private Validation Access Hyperledger Sawtooth* Sovrin, IPDB Hyperledger (Fabric, Sawtooth, Iroha),
 R3 Corda,
 CU Ledger Blockchain Types / Governance * in permissionless mode 100Slide credit: Drummond Reed, Sovrin Foundation
  83. 83. SPEED 101 DID Creation DID Ledger Operations / day Consensus delay Bitcoin 0.6M / day ~3,600 seconds Ethereum 2.1M / day ~375 seconds Veres One 18M / day ~30 seconds Sovrin 2.6M / day ? Slide credit: Manu Sporny Veres One
  84. 84. COST 102 DID Creation Bitcoin ~$15-$73 Ethereum ~$4-$14 Veres One* ~$1-$2 Sovrin ? doing ICO * Commodity prices guaranteed due to strong downward pressure on operational costs Slide credit: Manu Sporny Veres One
  85. 85. 105 VERES ONE A Globally Interoperable Blockchain for Identity Slide credit: Manu Sporny Veres One
  86. 86. DID Layer The decentralized identity “stack” Cloud Layer Cloud Wallet Cloud Wallet Cloud Agent Cloud Agent Identity Owners Edge Layer Edge Wallet Edge Wallet Edge Agent Edge Agent Slide credit: Drummond Reed, Sovrin Foundation Identity Owners
  87. 87. They would be able to connect on their own terms Each being first class nodes on the network
  88. 88. Internet Identity Workshop #27 October 23-25 Get Involved Building This Infrastructure
  89. 89. ssiscoop.com Kaliya Young identitywoman.net Internet Identity Workshop #27 October 23-25 #28 April 30-May2 .
  90. 90. The Core Problem, Restated !112 How does a verifier determine whether they can trust an issuer without the whole world needing to rely on a single root of trust? Slide credit: Drummond Reed, Sovrin Foundation
  91. 91. !113 Sovrin Web of Trust Model Identity Owner Trust Anchor Trust Hub* * Inspired by the British Columbia Government’s “TheOrgBook” service 
 and concepts from Infocert about the evolution of Certificate Authorities Slide credit: Drummond Reed, Sovrin Foundation
  92. 92. SWoT Core Design Principles 1. Decentralized – No single root of trust 2. Secure – Immune as possible to gaming and Sybil attacks 3. Privacy-respecting – Identity owners may remain private and yet still prove they are trusted 4. As simple as possible – Everyone can understand it (not just cryptogeeks) !114 Slide credit: Drummond Reed, Sovrin Foundation
  93. 93. Sovrin Web of Trust Roles !115 Identity Owner Trust Anchor Trust Hub DID Private Public Public Holds SWoT Claims About Self Yes Yes Yes Issues SWoT Claims About Other Issuers No Yes Yes Holds SWoT Claims About Other Issuers No No Yes Slide credit: Drummond Reed, Sovrin Foundation
  94. 94. !116 In this model, the Sovrin Foundation is simply one Trust Hub for Sovrin stewards—
 each steward may serve as either a Trust Anchor or a Trust Hub Slide credit: Drummond Reed, Sovrin Foundation
  95. 95. !117 Sovrin Trust Framework Sovrin Powered Trust Frameworks Slide credit: Drummond Reed, Sovrin Foundation
  96. 96. Build this New Infrastructure With Us
  97. 97. 120 VERES ONE A Globally Interoperable Blockchain for Identity Slide credit: Manu Sporny Veres One
  98. 98. A world where people and organizations create, own, and control their identifiers and their identity data VISION 121Slide credit: Manu Sporny Veres One
  99. 99. 122 Utilize Blockchain technology and multistakeholder governance to create a public good for self-administered identity management. SOLUTION Slide credit: Manu Sporny Veres One
  100. 100. 123 ECOSYSTEM Veres One Project Maintainer Community advises Board of Governors, which ensures proper execution of the mission. Ensures technical operation of the Network and implements new features. Can quickly create identifiers on the Veres One Blockchain. Accelerators provide compute and storage resources that keep the Network 
 secure. Nodes Pay fees 
 Manages Rewards Slide credit: Manu Sporny Veres One
  101. 101. GLOBAL 124Slide credit: Manu Sporny Veres One
  102. 102. Why James Chartrand 
 Wears Women’s Underpants http://www.copyblogger.com/james-chartrand-underpants/

×