Antti 'Jogi' Poikola, Researcher at Aalto University and Sovrin Foundation Trustee, features in our third Webinar "SSI & MyData" by explaining how MyData is both an alternative vision and guiding technical principles for how we, as individuals, can have more control over the data trails we leave behind us in our everyday actions. The core idea of MyData is that we, you and I, should have an easy way to see where data about us goes, specify who can use it, and alter these decisions over time. Jogi explains how this pieces fit together and how data is merging into the SSI space.
Self-Sovereign Identity and the MyData model from Finland - Antti 'Jogi' Poikola
1. SSI & MyData
Antti 'Jogi' Poikola
May 17, 2018
twitter.com/apoikola
SSIMeetup.org
https://creativecommons.org/licenses/by-sa/4.0/
2. 1. Empower global SSI communities
2. Open to everyone interested in SSI
3. All content is shared with CC BY SA
SSIMeetup.org
Alex Preukschat @SSIMeetup @AlexPreukschat
Coordinating Node SSIMeetup.org
https://creativecommons.org/licenses/by-sa/4.0/
SSIMeetup objectives
17 May 2018
4. The core idea is that individuals should
be in control of their own data.
The MyData approach aims at
strengthening digital human rights
while opening new opportunities for
businesses to develop innovative
personal data based services built on
mutual trust.
MyData Vision
SSIMeetup.org
5. Weak
Data Protection
Lots of data
usage
Less usage of
personal data
MyData
´just´ complying with the
regulation
GDPR
Strong
Data Protection
People decide on how
their data is used
Organisations decide how
the data is used
Old paper times
SSIMeetup.org
7. MyData Roles: Who Does What
Person
Identity owner
Data
Source
issuer
Data Using
Service
verifier
Operator
agency
Please note: “Roles” are not “Actors” an individual or organisation may fulfill one or more
roles at once.
SSIMeetup.org
9. Intersection of the customer base of a data
source (bank for example), that is willing to
use a new service.
Data Source ready to provide data
under person’s permission
Data Using Service able to use the
data from the Data Source to create
value
Persons willing to use the Service
and give permission to their data
and who are connected to right kind
of data sources
Use Case = Basic Unit of an Ecosystem
SSIMeetup.org
10. Data Source ready to provide data
under person’s permission
Data Using Service able to use the
data from the Data Source to create
value
value > costs
for everybody
Persons willing to use the Service
and give permission to their data
and who are connected to right kind
of data sources
Viable Use Case
SSIMeetup.org
11. I want to keep customers!
Be trusted and transparent, but also benefit
from being the original data source.
- Costs of the API investments
and maintenance
- Risk of losing customers
I want quality data!
I don’t want to bother my customers with
data collection, but I need reliable data for
personalizing our service.
- Cost of data
- Costs of service building and
maintenance
- Marketing, support, etc.
I want easiness!
Instead of filling in the forms I wish to have
a safe and trusted way of sharing existing
information between organizations.
- Time and effort
- Payment of the service
Needs Costs
SSIMeetup.org
13. Network Effects
Don’t expect everybody
to connect one agency!
Account
Portability
It must be possible to
change agency without
breaking things.
SSIMeetup.org
14. Why Agencies
?
DTL based SSI
technologies can
serve as the shared
infrastructure for
interoperable but
competing operators.
→ Self Sovereign
Identity & Payments
Could we do without operators?
- They are market developers (self interested)
- They create interoperability beyond the ledger
transactions (i.e. common business rules)
- They reduce fragmentation → Systemic simplicity
- They facilitate discovery (data, people, services)
- They hide the leger complexities from developers
- They create systemic trust (no need to trust one tool
provider, you can always change)
SSIMeetup.org
15. Agencies
Consenting as a
service!
Legal compliance
and technically easy
connections to data
sources!
“API of Me”!
Possibility to share and
consent data between
services and easy to
use personal cloud
(PDS).
Data Market!
Possibility to cover the costs of the API
investments and cost efficient data
portability implementation. SSIMeetup.org
16. Agencies
Market Efficiency
- Integrated payments
- Low transaction costs
- Ready-to-use
infrastructure
- Agreement efficiency
→ smart contracts
Design
- Understandable
- Ease of use
- Systemic simplicity
Trust Framework
- Trusted governance
- Possibility to enforce
business & tech. rules
Legal compliance
- Auditability
- Transparency
- Consent management
- “Data protection as a
service”
Open Ecosystem
- Interoperability
- Competition based
market
- Network effects
benefiting all
SSIMeetup.org
17. Sovrin Network is a specific deployment of the
Hyperledger Indy codebase.
OTHER DISTRIBUTED
LEDGER FOR IDENTITY ?
OTHER LEGAL ENTITY AND
TRUST FRAMEWORK ?
Other Indy deployments with separate
foundation or consortium and different Trust
Framework are possible.
1.
Trust
Framework and
Network
2.
Distributed
Ledger
3.
Agencies
Software agents (provided by agencies) read and write identity transactions to the Distributed
Ledger. Agent software that supports the W3C specification on distributed identifiers (DID) can
write also to other non-Indy based ledgers as long as the leger has implemented the DID
method.
AGENTS SUPPORTING
W3C STANDARDS
NON-STANDARD AGENT
IMPLEMENTATIONS ?
21. 1000 people 30+ countries 3 days
Helsinki, Finland
Aug 29th - 31st, 2018
Image by Bearinthenorth(CC
https://pixabay.com/en/panorama-of-helsinki-helsinki-18906
SSIMeetup.org