The Domains of Identity & Self-Sovereign Identity MyData 2018

The Domains of Identity & Self-Sovereign Identity MyData 2018
Kaliya Young Self-Sovereign Identity Domains of Identity + @ Aug 29, 2018 This presentation includes slides from the following Community members: * Drummond Reed * Manu Sporny * Timothy Ruff * John Jordan & BC Team
Kaliya Young Self-Sovereign Identity Domains of Identity + @ Aug 29, 2018 1. The MyData —> Identity Connection 2. How did I begin in Identity? 3. The Domains of Identity - My Masters Report 4. An Overview of Self-Sovereign Identity 5. Conclusion —> Creating Alignment
begins with Identity
Identity is socially constructed & contextual
Who you see yourself to be. Who you preset yourself to be. How you are seen.
Groups Identity Contexts Are Social with People Family https://www.flickr.com/photos/houseoflim/409869608https://www.flickr.com/photos/twiga_swala/2286910386/ https://www.flickr.com/photos/genista/346236490/
Identity Contexts are also Institutional Organizational https://www.flickr.com/photos/tomsaint/33022263665 https://www.flickr.com/photos/usdagov/9583705941/
Increasingly Contexts Involve Devices https://www.flickr.com/photos/medithit/41538066141
Key aspects of “identity” in these contexts are the identifiers that come with those contexts.
Sports Association Number Identifiers of many types Student Numbers Customer Numbers Airline Points numbers Patient Numbers Government ID Number Passport Names
In the Digital World we have even more identifiers.
some we can pick..
…in someone else’s name space ORGYOU Account
They can be your “Identity Provider” ORGIDPYOU
MYURL.COM …but we really rent them… some identifiers we can pick…
#…and we rent our phone numbers
There are no digital identifiers we really own.
Without control of our identifiers we can’t have control over our personal data. How do we own our own digital identifiers? The quest for this is one I have been on for 15 years
Global Ecology and Information Technology 2000 The Link Tank
Building Identity and Trust into the Next Generation Internet
Underlying this report is the assumption that every individual ought to have the right to control his or her own online identity. You should be able to decide what information about yourself is collected as part of your digital profile, and of that information, who has access to different aspects of it.
Certainly, you should be able to read the complete contents of your own digital profile at any time. An online identity should be maintained as a capability that gives the user many forms of control. Without flexible access and control, trust in the system of federated network identity will be minimal.
A digital profile is not treated [by corporations who host them] as the formal extension of the person it represents. But if this crucial data about you is not owned by you, what right do you have to manage its use? A civil society approach to persistent identity is a cornerstone of the Augmented Social Network project.
Organizations would have identities People would have identities OPEN STANDARDS FOR IDENTIFIERS & DATA EXCHANGE
They would be able to connect on their own terms Each being first class nodes on the network.
Building Identity and Trust into the Next Generation Internet
Internet Identity Workshop 2005
First I need to share the Domains of Identity
Its Everyone, Everywhere https://www.flickr.com/photos/nasamarshall/3945024874
Master of Science in Identity Management and Security Identity and Security Class
Master of Science in Identity Management and Security What are all the different places that PII ends up in databases?
1. Me and My Identity
1. Me and My Identity User-Centric Digital Identity
1. Me and My Identity Indie Web Efforts
1. Me and My Identity Quantified Self Movement
1. Me and My Identity Self-Sovereign Identity
1. Me and My Identity MyData
1. Me and My Identity
Children Elders
2. You and My Identity Delegated Relationships
These are the source of data in the interactions with the next 12 domains.
The Next 12 Domains
2 1 REGISTRATION IDENTIFICATION Government Registration 3. Government Registration
Government Transactions 2 1 IDENTIFICATION SERVICES 4. Government Transactions
Civil Society Health Care Education Union Membership Religious Institutions Sports Teams Civic Participation Professional Associations
2 1 REGISTRATION CREDENTIALS Civil Society Registration 5. Civil Society Registration
Civil Society Transactions CREDENTIALS SERVICES 1 2 6. Civil Society Transaction
Commercial Registration 2 1 REGISTRATION CREDENTIALS 7. Commercial Registration
Commercial Transactions 1 CREDENTIALS GOODS & SERVICES 2 3 PAYMENT 8. Commercial Transaction
1 2 4 3 Employment Registration APPLICATION CREDENTIALS ENROLLMENT 12. Employment Registration
1 2 3 Employment Transaction WORK TRANSACTION CREDENTIALS 13. Employment Transactions
Surveillance
1) Voluntary Known Surveillance
1) Voluntary Known 2) Involuntary Known Surveillance
Surveillance 1) Voluntary Known 2) Involuntary Known 3) Involuntary Unknown
Government Surveillance 9. Government Surveillance
Civial Society Surveillance 10. Civil Society Surveillance
Commercial Surveillance 11. Commercial Surveillance
Employment Surveillance WORK 14. Employment Surveillance
1
15. Data Broker Industry 1 2 3 DATA PUBLIC DATA DIGITAL DOSSIERS DA T A DATA 4 6 5 5
DATA 16. Black Market
Surveillance Sousveillance Sousveillance
Surveillance Sousveillance Sousveillance
Self-Sovereign Identity Domains of  Identity https://medium.com/evernym/the-three-models-of-digital-identity-relationships-ca0727cb5186
PEER YOU
ISSUER WALLET VERIFIER Shared Ledger or other Immutable Data Store Agent/Hub PEERYOU Self-Sovereign Identity
Decentralized IDentifier - DID did:sov:3k9dg356wdcj5gf2k9bw8kfg7a Method Scheme Method-Specific Identifier Slide credit: Drummond Reed, Sovrin Foundation
did:sov:3k9dg356wdcj5gf2k9bw8kfg7a Slide credit: Drummond Reed, Sovrin Foundation
did:sov:3k9dg356wdcj5gf2k9bw8kfg7a 047d599d4521480d9e1919481b024f29d2693f2 72d19473dbef971d7d529f6e9 Private  Key Public Key cc2cd0ffde594d278c2d9b432f4748506a7f9f2 5141e485eb84bc188382019b6 Slide credit: Drummond Reed, Sovrin Foundation
did:sov:3k9dg356wdcj5gf2k9bw8kfg7a 047d599d4521480d9e1919481b024f29d2693f2 72d19473dbef971d7d529f6e9 Private  Key Public Key cc2cd0ffde594d278c2d9b432f4748506a7f9f2 5141e485eb84bc188382019b6 Slide credit: Drummond Reed, Sovrin Foundation HELD IN A WALLET
{ “Key”: “Value” } DID Decentralized Identifier DID Document JSON-LD document describing the entity identified by the DID Slide credit: Drummond Reed, Sovrin Foundation
1. DID (for self-description) 2. Set of public keys (for verification) 3. Set of auth protocols (for authentication) 4. Set of service endpoints (for interaction) 5. Timestamp (for audit history) 6. Signature (for integrity) !88 The standard elements of a DID doc Slide credit: Drummond Reed, Sovrin Foundation
Example DID Document (Part 1) !89 { "@context": "https://w3id.org/did/v1", "id": "did:example:123456789abcdefghi", "publicKey": [{ "id": "did:example:123456789abcdefghi#keys-1", "type": "RsaSigningKey2018", "owner": "did:example:123456789abcdefghi", "publicKeyPem": "-----BEGIN PUBLIC KEY...END PUBLIC KEY-----rn" }], "authentication": [{ "type": "RsaSignatureAuthentication2018", "publicKey": "did:example:123456789abcdefghi#keys-1" }], "service": [{ "type": "ExampleService", "serviceEndpoint": "https://example.com/endpoint/8377464" }], Slide credit: Drummond Reed, Sovrin Foundation
Example DID Document (Part 2) !90 "created": "2002-10-10T17:00:00Z", "updated": "2016-10-17T02:41:00Z", "signature": { "type": "RsaSignature2016", "created": "2016-02-08T16:02:20Z", "creator": "did:sov:8uQhQMGzWxR8vw5P3UWH1j#key/1", "signatureValue": "IOmA4R7TfhkYTYW87z640O3GYFldw0 yqie9Wl1kZ5OBYNAKOwG5uOsPRK8/2C4STOWF+83cMcbZ3CBMq2/ gi25s=" } } Slide credit: Drummond Reed, Sovrin Foundation
ISSUER WALLET VERIFIER Shared Ledger or other Immutable Data Store Agent/Hub Shared Ledgers BTCR IPFS
!92 Method DID prefix Sovrin did:sov: Bitcoin Reference did:btcr: Ethereum uPort did:uport: Blockstack did:stack: Veres One did:v1: IPFS did:ipld: Active DID Method Specs Slide credit: Drummond Reed, Sovrin Foundation
1. The syntax of the method-specific identifier 2. Any method-specific elements of a   DID document 3. The CRUD (Create, Read, Update, Delete) operations on DIDs and DID documents for the target system !93 A DID Method spec defines… Slide credit: Drummond Reed, Sovrin Foundation
Building a Universal Resolver
WALLET Agent/Hub
ISSUER WALLET VERIFIER Shared Ledger or other Immutable Data Store Agent/Hub S Identifier Owners Edge Layer Cloud Layer Agent/HubAgent/Hub WALLET WALLET IPFS BTCR Secure Communication Channel with PKI
ISSUER WALLET VERIFIER Shared Ledger or other Immutable Data Store Agent/Hub S Identifier Owners Edge Layer Cloud Layer Agent/HubAgent/Hub WALLET WALLET IPFS BTCR Secure Communication Channel with PKI
did:sov:3k9dg356wdcj5gf2k9bw8kfg7a Slide credit: Drummond Reed, Sovrin Foundation Who cares about really long numbers?
Verifiable Credentials
HOLDERHOLDER VERIFIERVERIFIER When a credential is shown to a verifier with a proof of ID, verification is highly fallible.
Fancy print gimmicks might make a credential seem authentic but these are easy to forge these days.
How do you know its true? Without… THE CENTRALIZED DATABASE
Verification systems are overly complex … PORTAL and create privacy problem.
ISSUER WALLET VERIFIER Shared Ledger or other Immutable Data Store Agent/Hub
ISSUER WALLET VERIFIER Shared Ledger or other Immutable Data Store ISSUER WALLET VERIFIER
A Verifiable Credential has a standard format. 110 Slide credit: Manu Sporny Veres One
No PII ends up on the shared ledgers
WALLET Agent/Hub
WALLET Agent/Hub
2 1 REGISTRATION IDENTIFICATION GovernmentRegistration 3.GovernmentRegistration WALLET Agent/Hub
GovernmentTransactions 2 1 IDENTIFICATION SERVICES 4.GovernmentTransactions 2 1 REGISTRATION IDENTIFICATION GovernmentRegistration 3.GovernmentRegistration WALLET Agent/Hub
GovernmentTransactions 2 1 IDENTIFICATION SERVICES 4.GovernmentTransactions 2 1 REGIST RATION CRED ENTIALS CivilSociety Registration 2 1 REGISTRATION IDENTIFICATION GovernmentRegistration 3.GovernmentRegistration 5.CivilSocietyRegistration WALLET Agent/Hub
GovernmentTransactions 2 1 IDENTIFICATION SERVICES 4.GovernmentTransactions CivilSocietyTransactions CRED ENTIALS SERVICES1 2 6. Civil Society Transaction 2 1 REGIST RATION CRED ENTIALS CivilSociety Registration 2 1 REGISTRATION IDENTIFICATION GovernmentRegistration 3.GovernmentRegistration 5.CivilSocietyRegistration WALLET Agent/Hub
GovernmentTransactions 2 1 IDENTIFICATION SERVICES 4.GovernmentTransactions CivilSocietyTransactions CRED ENTIALS SERVICES1 2 6. Civil Society Transaction 2 1 REGIST RATION CRED ENTIALS CivilSociety Registration 1 2 4 3 Employment Registration APPLICATION CREDENTIALS ENROLLMENT 2 1 REGISTRATION IDENTIFICATION GovernmentRegistration 3.GovernmentRegistration 5.CivilSocietyRegistration 13.EmploymentRegistration WALLET Agent/Hub
GovernmentTransactions 2 1 IDENTIFICATION SERVICES 4.GovernmentTransactions CivilSocietyTransactions CRED ENTIALS SERVICES1 2 6. Civil Society Transaction 1 2 3 Em ploym entTransaction WORKTRANSAC TION CREDENTIA LS 13. Employment Transactions 2 1 REGIST RATION CRED ENTIALS CivilSociety Registration 1 2 4 3 Employment Registration APPLICATION CREDENTIALS ENROLLMENT 2 1 REGISTRATION IDENTIFICATION GovernmentRegistration 3.GovernmentRegistration 5.CivilSocietyRegistration 13.EmploymentRegistration WALLET Agent/Hub
GovernmentTransactions 2 1 IDENTIFICATION SERVICES 4.GovernmentTransactions CivilSocietyTransactions CRED ENTIALS SERVICES1 2 6. Civil Society Transaction 1 2 3 Em ploym entTransaction WORKTRANSAC TION CREDENTIA LS 13. Employment Transactions 2 1 REGIST RATION CRED ENTIALS CivilSociety Registration 1 2 4 3 Employment Registration APPLICATION CREDENTIALS ENROLLMENT 2 1 REGISTRATION IDENTIFICATION GovernmentRegistration CommercialRegistration 2 1 REGISTRATION CREDENTIA LS 3.GovernmentRegistration 5.CivilSocietyRegistration 7.Com m ercialRegistration 13.EmploymentRegistration WALLET Agent/Hub
GovernmentTransactions 2 1 IDENTIFICATION SERVICES 4.GovernmentTransactions CivilSocietyTransactions CRED ENTIALS SERVICES1 2 6. Civil Society Transaction Commercial Transactions 1 CRE D ENTIALS GOODS & SERVICE S 2 3 PAYM ENT 8.Com m ercialTransaction 1 2 3 Em ploym entTransaction WORKTRANSAC TION CREDENTIA LS 13. Employment Transactions 2 1 REGIST RATION CRED ENTIALS CivilSociety Registration 1 2 4 3 Employment Registration APPLICATION CREDENTIALS ENROLLMENT 2 1 REGISTRATION IDENTIFICATION GovernmentRegistration CommercialRegistration 2 1 REGISTRATION CREDENTIA LS 3.GovernmentRegistration 5.CivilSocietyRegistration 7.Com m ercialRegistration 13.EmploymentRegistration WALLET Agent/Hub
ISSUER WALLET VERIFIER Shared Ledger or other Immutable Data Store Agent/Hub PEERYOU
Individuals have their own Identities
What about the organizations?
Verifiable Organizations Network
Paper documents are cumbersome as proof of legal compliance and permission. REGISTERED PERATING PERMIT QUALIFICATION Certificate of PERMIT en CONFIRMATION LETTER REGISTERED PERATING PERMIT QUALIFICATION Certificate of PERMIT en CONFIRMATION LETTER
Let’s look at an example
PROVINCE INCORPORATION REGIONAL HEALTH AUTHORITY PERMIT MUNICIPALITY BUSINESS LICENSE Mary requires a variety of documents in order to establish her bakery. Some requirements are not obvious, so she’ll have to do her homework.
This journey involves multiple sources … PROVINCE INCORPORATION REGIONAL HEALTHAUTHORITY PERMIT MUNICIPALITY BUSINESS LICENSE … and modes of service delivery.
STEP 12 All of this activity is a major burden for all involved.
What if … businesses could provide verifiable proofs about qualifications when transacting online? Mary owns this proof-of status for her business Certificate issued Certificate shared Certificate verified
The credential definition is created and published on the blockchain (ledger) by an issuer. DEFINITIONDEFINITION LEDGERLEDGERISSUERISSUER
Open registry of decentralized identifiers. PERMIT ISSUERS HOLDER VERIFIERS
We have a chicken-or-egg dilemma. How do we kickstart one side of the market?
What can services plug into to get things rolling?
Welcome to British Columbia’s verifiable organizations. search TheOrgBook fills that role and unlocks the hidden value of BC Registries data. Registration, permit, and license services can plug into incorporated businesses.
Welcome to British Columbia’s verifiable organizations. search Digitally signed and sealed verifiable claims A global, open blockchain registry
MARY OLIVIERA The new enrollment experience is more convenient … … with a global, open blockchain registry.
Mary can own her proof-of-status and store them in her digital wallet … … which opens up more service possibilities …
A decentralized verifiable credential is carried by the holder on a smart phone or other computing device. The phone does a lot of the work as the holder’s agent.
Organizations now have identities
Organizations now have identities People now have identities
Organizations now have identities People now have identities OPEN STANDARDS FOR IDENTIFIERS & DATA EXCHANGE
ssiscoop.com
Protocol is a language that regulates flow, directs netspace, codes relationships, and connects life forms. It is etiquette for autonomous agents. -Alexander Gallway, Protocol
We must make it right. We must make it happen. …but who is we? …and how do we do it?
We is….
Decentralized Identity Foundation We is….
“everyone” We is….
We must Practice Systems Leadership
We must Practice Systems Leadership Phase 1: See the Larger System
Have an Ecosystem Map
Have an Ecosystem Map ^ upto date
We must Practice Systems Leadership Phase 1: See the Larger System Phase 2: Reflective and Generative Conversation
EMPLOY Systems Leaders Build Self-Organizing Capacity We must Hire good community “managers”catalysts
We must Practice Systems Leadership Phase 1: See the Larger System Phase 2: Reflective and Generative Conversation Phase 3: Co-Create the Future
Coordinate development of common building blocks: Code, Infrastructure, Protocols…. Ship Interoperable Products
Coordinate development of common building blocks: Code, Infrastructure, Protocols…. Ship Interoperable Products Work towards alignment, not control.
Ask and listen first. Write it down. Put a stake in the ground. Create real-time feedback loops. What does it take to Build Alignment? Remind each other what we’re doing and why.
Alignment is a process. We must set our expectations accordingly, and celebrate each victory along the way.
We will make it right. We will make it happen. Together!
ssiscoop.com Kaliya Young identitywoman.net Internet Identity Workshop

Check these out next

The Domains of Identity & Self-Sovereign Identity MyData 2018

Recommended

More Related Content

Slideshows for you(20)

Similar to The Domains of Identity & Self-Sovereign Identity MyData 2018(20)

More from Kaliya "Identity Woman" Young(16)

Recently uploaded(20)

The Domains of Identity & Self-Sovereign Identity MyData 2018