Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Self-Sovereign Identity: Lightening Talk at RightsCon

236 views

Published on

Self-Sovereign Identity technology has enormous potential to empower individuals and address privacy challenges globally. It uses shared ledgers (blockchain) to give individuals the power to create and manage their own identifiers, collect verified claims and interact with others on the network on their terms. This lighting talk by one of the pioneers working on this new emerging layer of the internet for 15 years will give a high level picture of how it works covering the core standards and technologies along with outlining some potential use-cases.

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Self-Sovereign Identity: Lightening Talk at RightsCon

  1. 1. Self-Sovereign Identity Kaliya Young Rights Con May 18, 2018
  2. 2. Long Time Ago in a Far Far away Planetwork convened 50 Environmental Groups at the Presidio in SF in1999 They asked how can we use the internet to work together to solve our environmentalcrises.
  3. 3. There were two answers - neither one was good.
  4. 4. Global Ecology and Information Technology 2000
  5. 5. Building Identity and Trust into the Next Generation Internet 2003
  6. 6. Building Identity and Trust into the Next Generation Internet
  7. 7. Underlying this report is the assumption that every individual ought to have the right to control his or her own online identity. You should be able to decide what information about yourself is collected as part of your digital profile, and of that information, who has access to different aspects of it. Certainly, you should be able to read the complete contents of your own digital profile at any time. An online identity should be maintained as a capability that gives the user many forms of control. Without flexible access and control, trust in the system of federated network identity will be minimal.
  8. 8. A digital profile is not treated [by corporations who host them] as the formal extension of the person it represents. But if this crucial data about you is not owned by you, what right do you have to manage its use? A civil society approach to persistent identity is a cornerstone of the Augmented Social Network project.
  9. 9. What are the Protocols for People?
  10. 10. Where is Layer 8?
  11. 11. Internet Identity Workshop 2005
  12. 12. https://medium.com/evernym/the-three-models-of-digital-identity-relationships-ca0727cb5186 You get to have Different Accounts at Every single site you go to.
  13. 13. https://medium.com/evernym/the-three-models-of-digital-identity-relationships-ca0727cb5186
  14. 14. User Relying Party Identity Provider
  15. 15. We have ended up here :(
  16. 16. https://medium.com/evernym/the-three-models-of-digital-identity-relationships-ca0727cb5186 FACEBOOK Relying Party Identity Provider User
  17. 17. How can I own my own digital identity?
  18. 18. RENT-A MYURL.COM # ** Special NAME-SPACE for People? ** How can people own their own ID? We had these choices
  19. 19. IIW #25
  20. 20. Presenting: Self-Sovereign Identity I think we finally figured it out
  21. 21. https://medium.com/evernym/the-three-models-of-digital-identity-relationships-ca0727cb5186
  22. 22. Decentralized IDentifier - DID did:sov:3k9dg356wdcj5gf2k9bw8kfg7a Method Scheme Method-Specific Identifier Slide credit: Drummond Reed, Sovrin Foundation
  23. 23. did:sov:3k9dg356wdcj5gf2k9bw8kfg7a Slide credit: Drummond Reed, Sovrin Foundation
  24. 24. did:sov:3k9dg356wdcj5gf2k9bw8kfg7a Public Key cc2cd0ffde594d278c2d9b432f4748506a7f9f2 5141e485eb84bc188382019b6 Slide credit: Drummond Reed, Sovrin Foundation
  25. 25. did:sov:3k9dg356wdcj5gf2k9bw8kfg7a 047d599d4521480d9e1919481b024f29d2693f2 72d19473dbef971d7d529f6e9 Private
 Key Public Key cc2cd0ffde594d278c2d9b432f4748506a7f9f2 5141e485eb84bc188382019b6 Slide credit: Drummond Reed, Sovrin Foundation
  26. 26. 37 { “Key”: “Value” } DID Decentralized Identifier DID Document JSON-LD document describing the entity identified by the DID Slide credit: Drummond Reed, Sovrin Foundation
  27. 27. 1. DID (for self-description) 2. Set of public keys (for verification) 3. Set of auth protocols (for authentication) 4. Set of service endpoints (for interaction) 5. Timestamp (for audit history) 6. Signature (for integrity) 38 The standard elements of a DID doc Slide credit: Drummond Reed, Sovrin Foundation
  28. 28. Where does it go? How can I find it if its Decentralized?
  29. 29. Shared Ledgers
  30. 30. 41 Method DID prefix Sovrin did:sov: Bitcoin Reference did:btcr: Ethereum uPort did:uport: Blockstack did:stack: Veres One did:v1: IPFS did:ipld: Active DID Method Specs Slide credit: Drummond Reed, Sovrin Foundation
  31. 31. 1. The syntax of the method-specific identifier 2. Any method-specific elements of a 
 DID document 3. The CRUD (Create, Read, Update, Delete) operations on DIDs and DID documents for the target system 42 A DID Method spec defines… Slide credit: Drummond Reed, Sovrin Foundation
  32. 32. In summary, a DID is… 1. A permanent (persistent) identifier – It never needs to change 2. A resolvable identifier – You can look it up to get metadata 3. A cryptographically-verifiable identifier – You can prove ownership using cryptography 4. A decentralized identifier – No centralized registration authority is required 43Slide credit: Drummond Reed, Sovrin Foundation
  33. 33. Back to the Humans How can they use this?
  34. 34. DID Layer The decentralized identity “stack” Cloud Layer Cloud Wallet Cloud Wallet Cloud Agent Cloud Agent Identity Owners Edge Layer Edge Wallet Edge Wallet Edge Agent Edge Agent Slide credit: Drummond Reed, Sovrin Foundation
  35. 35. Public-Private Cryptographic Keys Public Key Infrastructure = PKI
  36. 36. DID Layer The decentralized identity “stack” Cloud Layer Cloud Wallet Cloud Wallet Cloud Agent Cloud Agent Identity Owners Edge Layer Edge Wallet Edge Wallet Edge Agent Edge Agent Encrypted P2P Interaction Slide credit: Drummond Reed, Sovrin Foundation
  37. 37. Directed Identifiers
  38. 38. I get different DIDs for different parts of my life
  39. 39. I get to prove things about my self
  40. 40. Verifiable Credentials
  41. 41. The mission of the W3C Verifiable Claims Working Group: Express credentials on the Web in a way that is cryptographically secure, privacy respecting, and automatically verifiable. Slide credit: Manu Sporny Veres One
  42. 42. Slide credit: Manu Sporny Veres One
  43. 43. Anatomy of a Verifiable Credential Verifiable Credential Issuer Signature ClaimsClaimsClaims Credential Identifier Credential MetadataCredential MetadataCredential Metadata 57 Slide credit: Manu Sporny Veres One
  44. 44. Slide credit: Manu Sporny Veres One Issuer (Website) Government, Employer, etc. Holder (Digital Wallet / Personal Data Store) Citizen, Employee, etc. Issue Credentials Verifiable Credentials Ecosystem
  45. 45. Slide credit: Manu Sporny Veres One Issuer (Website) Government, Employer, etc. Verifier (Website) Company, Bank, etc. Holder (Digital Wallet / Personal Data Store) Citizen, Employee, etc. Issue Credentials Present Profiles Verifiable Credentials Ecosystem
  46. 46. Slide credit: Manu Sporny Veres One Decentralized Identifiers (Identifiers are owned by individuals) Issuer (Website) Government, Employer, etc. Verifier (Website) Company, Bank, etc. Holder (Digital Wallet / Personal Data Store) Citizen, Employee, etc. Issue Credentials Present Profiles Verifiable Credentials Ecosystem
  47. 47. 61
  48. 48. Slide credit: Manu Sporny Veres One Decentralized Identifiers (Identifiers are owned by individuals) Blockchains / DHTs (Decentralized Ledger) Veres One, Sovrin, Bitcoin, Ethereum, etc. Issuer (Website) Government, Employer, etc. Verifier (Website) Company, Bank, etc. Holder (Digital Wallet / Personal Data Store) Citizen, Employee, etc. Issue Credentials Present Profiles Verifiable Credentials Ecosystem
  49. 49. https://medium.com/evernym/the-three-models-of-digital-identity-relationships-ca0727cb5186
  50. 50. Decentralized Identity Foundation
  51. 51. 65
  52. 52. working on: DID Auth
  53. 53. 67 A simple standard way for a DID owner to authenticate by proving control of a 
 private key DID Auth is… Slide credit: Drummond Reed, Sovrin Foundation
  54. 54. DID Layer The decentralized identity “stack” Identity Owners Cloud Layer Cloud Wallet Cloud Wallet Cloud Agent Cloud Agent Edge Layer Edge Wallet Edge Wallet Edge Agent Edge Agent DID Auth Slide credit: Drummond Reed, Sovrin Foundation
  55. 55. Building: UNIVERSAL RESOLVER
  56. 56. Differences Between Ledgers
  57. 57. Bitcoin,
 Ethereum, IOTA,
 Veres One Permissionless Permissioned Public Private Validation Access Hyperledger Sawtooth* Sovrin, IPDB Hyperledger (Fabric, Sawtooth, Iroha),
 R3 Corda,
 CU Ledger Blockchain Types / Governance * in permissionless mode 71Slide credit: Drummond Reed, Sovrin Foundation
  58. 58. Four Emerging Open Standards for SSI DID (Decentralized Identifier) DKMS (Decentralized Key Management System) DID Auth Verifiable Credentials Slide credit: Drummond Reed, Sovrin Foundation
  59. 59. What can we Build with SSI?
  60. 60. 75 New ways to connect people and people New tools to connect civil society. Build real alternatives to Facebook and Google.
  61. 61. Internet Identity Workshop #27 October 23-25 Get Involved Building This Infrastructure kaliya@identitywoman.net

×