Self-Sovereign Identity for the Decentralized Web Summit

Kaliya Young
Introduction to

Self-Sovereign Identity

www.identitywoman.net
www.internetidentityworkshop.com
www.ssiscoop.com
www.humanﬁrst.tech
Decentralized Web Summit
August 1, 2018

Long Time Ago in a Far Far away
(1999)

There were two answers - neither one was good.

Global Ecology and
Information Technology
2000

These entities were going to give us digital identities??? Really?

Building Identity and
Trust into the Next
Generation Internet

Underlying this report is the assumption that every individual ought
to have the right to control his or her own online identity. You should
be able to decide what information about yourself is collected as part
of your digital profile, and of that information, who has access to
different aspects of it. Certainly, you should be able to read the
complete contents of your own digital profile at any time. An online
identity should be maintained as a capability that gives the user many
forms of control. Without flexible access and control, trust in the
system of federated network identity will be minimal.

A digital profile is not treated [by corporations who host
them] as the formal extension of the person it represents.
But if this crucial data about you is not owned by you,
what right do you have to manage its use?
A civil society approach to persistent identity is a
cornerstone of the Augmented Social Network project.

Organizations would have identities
People would have identities

They would be able to connect on their own terms
Each being ﬁrst class nodes on the network

Building Identity and
Trust into the Next
Generation Internet
2003

Innovating the Protocols
to represent people
in the digital realm
in ways that empower them
that they are in control.

Internet Identity Workshop 2005

Lots of Open Standards or Protocols have
been born & nested at IIW
XRI/XDISAML
Information
Cards
JSON-LD
DID
DIDAuth
Veriﬁable Credentials
JLINC
UMA
BlockCerts
BOPS

…but why do protocols matter?

…why does infrastruture matter?

Protocol is a system of distributed
management that facilitates peer-to-peer
relationships between autonomous
entities.
-Alexander Gallway, Protocol

Internet protocols allow for
inter-operation between computers.

Protocol is a language that regulates ﬂow,
directs netspace, codes relationships, and
connects life forms. It is etiquette for
autonomous agents.

Where is Layer 8?
Where are the Protocols?

https://medium.com/evernym/the-three-models-of-digital-identity-relationships-ca0727cb5186

RENT-A
MYURL.COM
#** Special NAME-SPACE
for People? **

Decentralized IDentiﬁer - DID
did:sov:3k9dg356wdcj5gf2k9bw8kfg7a
Method
Scheme
Method-Specific Identifier
Slide credit: Drummond Reed, Sovrin Foundation

Public
Key
cc2cd0ffde594d278c2d9b432f4748506a7f9f2
5141e485eb84bc188382019b6

047d599d4521480d9e1919481b024f29d2693f2
72d19473dbef971d7d529f6e9
Private 
Key
Public
Key
cc2cd0ffde594d278c2d9b432f4748506a7f9f2
5141e485eb84bc188382019b6

{ “Key”: “Value” }
DID
Decentralized
Identifier
DID Document
JSON-LD document
describing the
entity identified by
the DID

1. DID (for self-description)
2. Set of public keys (for verification)
3. Set of auth protocols (for authentication)
4. Set of service endpoints (for interaction)
5. Timestamp (for audit history)
6. Signature (for integrity)
!54
The standard elements of a DID doc

!56
Method DID prefix
Sovrin did:sov:
Bitcoin Reference did:btcr:
Ethereum uPort did:uport:
Blockstack did:stack:
Veres One did:v1:
IPFS did:ipld:
Active DID Method Specs

!57
A DID method specification
defines how to read and write
a DID (and its DID document)
on a specific blockchain or
distributed network

1. The syntax of the method-specific identifier
2. Any method-specific elements of a  
DID document
3. The CRUD (Create, Read, Update, Delete)
operations on DIDs and DID documents for
the target system
!58
A DID Method spec defines…

Create Addressable Identiﬁers
Created and Owned by People

The decentralized identity “stack”
Identity Owners

Identity Owners
Edge Layer
Edge Wallet Edge Wallet
Edge Agent Edge Agent

Cloud Layer
Cloud Wallet Cloud Wallet
Cloud Agent Cloud Agent
Identity Owners
Edge Layer

DID Layer
Cloud Layer
Identity Owners
Edge Layer

DID Layer
Cloud Layer
Identity Owners
Edge Layer
Identity Owners

What do we mean by Credential?
67Slide credit: Manu Sporny Veres One

W3C Verifiable Credentials
68
The mission of the W3C Verifiable Claims Working Group:
Express credentials on the Web in
a way that is cryptographically
secure, privacy respecting, and
automatically verifiable.Slide credit: Manu Sporny Veres One

Anatomy of a Verifiable Credential
Verifiable Credential
Issuer Signature
ClaimsClaimsClaims
Credential Identifier
Credential MetadataCredential MetadataCredential Metadata
69
Slide credit: Manu Sporny Veres One

HOW DO YOU KNOW ITS TRUE?
Without…

Verifiable Credentials Ecosystem
72
Issuer
(Website)
Government,
Employer, etc.
Verifier
(Website)
Company,
Bank, etc.
Holder
(Digital Wallet /
Personal Data Store)
Citizen, Employee,
etc.
Issue
Credentials
Present
Profiles

Decentralized Identifiers
74
Decentralized Identifiers
(Identifiers are owned by individuals)
Blockchains / DHTs
(Decentralized Ledger)
Veres One, Sovrin, Bitcoin, Ethereum, etc.
Issuer
(Website)
Government, Employer,
etc.
Verifier
(Website)
Company, Bank, etc.
Holder
(Digital Wallet /
Personal Data Store)
Citizen, Employee, etc.
Issue
Credentials
Present
Profiles

Self Sovereign Identity
no facebook
no phone number
no email provider

NO PERSONALLY IDENTIFIABLE
INFORMATION
ENDS UP ON THE BLOCK CHAIN

I get different DIDs for
different parts of my life

I get to prove things
about my self

Institutions can Issue
Veriﬁed (Digital) Credentials
to Organizations

Veriﬁable Organizations Network
British Columbia Government
is building it,
and its all up on GitHub

OrgBookProﬁle
a Business
Public Business Permits

OrgBookProﬁle
a Business
Business Owner
Can Claim These

OrgBookProﬁle
a Business
Business Owner
Can Claim These
In the Veriﬁable
Credentials Format

OrgBookProﬁle
a Business
Business Owner
Can Claim These
In the Veriﬁable
Credentials Format
In a Digital Wallet

HolderIssuer Verifier
Issues  
Claim
Decentralized Identifiers (DIDs)
Public Blockchain or other Decentralized Network
Signs
Claim
Countersigns
Claim
Wallet
BC GOVERNMENT BC BUSINESS

Issues  
Claim
Signs
Claim
Countersigns
Claim
Verifies
Signatures
Wallet
BC GOVERNMENT BC BUSINESS CANADIAN GOVERNMENT

Issues  
Claim
Presents 
Claim
Signs
Claim
Countersigns
Claim
Verifies
Signatures
Wallet
BC GOVERNMENT BC BUSINESS CANADIAN GOVERNMENT

DATA SHARING with DIDs & VC
JLINC
Object Capabilities
User Managed Access
XRI/XDI

Decentralized Identity Foundation

!97
A simple standard way for a
DID owner to authenticate by
proving control of a  
private key
DID Auth is…

Bitcoin, 
Ethereum, IOTA, 
Veres One
Permissionless Permissioned
Public
Private
Validation
Access
Hyperledger Sawtooth*
Sovrin,
IPDB
Hyperledger (Fabric,
Sawtooth, Iroha), 
R3 Corda, 
CU Ledger
Blockchain Types / Governance
* in permissionless mode
100Slide credit: Drummond Reed, Sovrin Foundation

SPEED
101
DID Creation
DID Ledger Operations / day Consensus delay
Bitcoin 0.6M / day ~3,600 seconds
Ethereum 2.1M / day ~375 seconds
Veres One 18M / day ~30 seconds
Sovrin 2.6M / day ?

COST
102
DID Creation
Bitcoin ~$15-$73
Ethereum ~$4-$14
Veres One* ~$1-$2
Sovrin ? doing ICO
* Commodity prices guaranteed due to strong downward pressure on operational costs

105
VERES ONE
A Globally Interoperable
Blockchain for Identity

Internet Identity Workshop
#27 October 23-25
Get Involved Building This Infrastructure

ssiscoop.com
Kaliya Young identitywoman.net
Internet
Identity
Workshop
#27 October 23-25
#28 April 30-May2
.

The Core Problem, Restated
!112
How does a verifier determine
whether they can trust an issuer
without the whole world needing
to rely on a single root of trust?

!113
Sovrin Web of Trust Model
Identity Owner Trust Anchor Trust Hub*
* Inspired by the British Columbia Government’s “TheOrgBook” service  
and concepts from Infocert about the evolution of Certificate
Authorities

SWoT Core Design Principles
1. Decentralized
– No single root of trust
2. Secure
– Immune as possible to gaming and Sybil attacks
3. Privacy-respecting
– Identity owners may remain private and yet still
prove they are trusted
4. As simple as possible
– Everyone can understand it (not just cryptogeeks)
!114

Sovrin Web of Trust Roles
!115
Identity Owner Trust Anchor Trust Hub
DID Private Public Public
Holds SWoT Claims
About Self
Yes Yes Yes
Issues SWoT Claims
About Other Issuers
No Yes Yes
Holds SWoT Claims
About Other Issuers
No No Yes

!116
In this model, the Sovrin
Foundation is simply one Trust
Hub for Sovrin stewards— 
each steward may serve as either a
Trust Anchor or a Trust Hub

!117
Sovrin Trust
Framework
Sovrin
Powered
Trust
Frameworks

Build this New Infrastructure With Us

120
VERES ONE
A Globally Interoperable
Blockchain for Identity

A world where people and organizations
create, own, and control their identifiers
and their identity data
VISION

122
Utilize Blockchain technology and
multistakeholder governance to create a public
good for self-administered identity management.
SOLUTION

123
ECOSYSTEM
Veres One Project
Maintainer
Community advises Board
of Governors, which
ensures proper execution
of the mission.
Ensures technical operation
of the Network and
implements new
features.
Can quickly create
identifiers on the Veres One
Blockchain.
Accelerators
provide compute and
storage resources that keep
the Network  
secure.
Nodes
Pay fees  
Manages
Rewards

GLOBAL

Why James Chartrand  
Wears Women’s Underpants
http://www.copyblogger.com/james-chartrand-underpants/

Self-Sovereign Identity for the Decentralized Web Summit

Self-Sovereign Identity for the Decentralized Web Summit

More Related Content

What's hot

Similar to Self-Sovereign Identity for the Decentralized Web Summit

More from Kaliya "Identity Woman" Young

Recently uploaded

Self-Sovereign Identity for the Decentralized Web Summit