Trust, Blockchains, and Self-Soveriegn Identity
•Download as PPTX, PDF•
2 likes•1,083 views
This talk discusses sovereignty as a foundational model for a new kind of identity system that not only establishes all entities as peers, but also provides the means of using verifiable claims to build trustworthy relationships. A self-soversign identity system with verifiable claims provides increased privacy and control for individuals, more transparent consent, opens new opportunities for relying parties and third party claims providers, and reduces or eliminates integration costs while making systems simpler.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Trust, Blockchains, and Self-Soveriegn Identity
Similar to Trust, Blockchains, and Self-Soveriegn Identity (20)
More from Phil Windley
More from Phil Windley (20)
Recently uploaded
Recently uploaded (20)
Trust, Blockchains, and Self-Soveriegn Identity
- 1. Self-Sovereign Identity (SSI) as an Alternative to Existing Trust Models Phillip J. Windley, Ph.D. Office of the CIO Brigham Young University @windley
- 2. Sovrin
- 3. Why do we build identity systems?
- 8. Claim Inspector Verifiable Claims When you can instantly trust what someone says about themselves, workflows and integrations are dramatically simplified. Claim Holder Claim Issuer
- 9. Three Things Make Sovrin Work Decentralized Identifiers DIDs provide pairwise identity for every relationship to prevent correlation. DID Descriptor Objects link DIDs to public keys and end points Verifiable Claims Allow third parties to provide identity owners with credentials they can use just like they do offline. Distributed Ledger Global and public: • nobody owns it • everybody can use it • anybody can improve it
- 16. Self-Sovereign Identity (SSI) as an Alternative to Existing Trust Models Phillip J. Windley, Ph.D. Brigham Young University http://www.windley.com @windley
Editor's Notes
- Hi, I’m Phil Windley. I’m an enterprise architect at Brigham Young University and co-founder of the Internet Identity Workshop.
- I’m also the chair of a non-profit foundation that is building a global, public, decentralized identity utility called Sovrin. Today I’m going to speak about trust and it’s relation to trust. Internet identity is broken. There are too many anti-patterns and too many privacy breaches. Too many legitimate business cases are poorly served by current solutions. I’m going to explain why I think a decentralized identity utility is a better way of using identity to create trust than the systems we’ve built to date.
- Why do we build identity systems? There are several reasons, but on of the most important is trust. Authentication is about trust. Authentication answers the questions “How can I trust the person at the other end of this connection is who they say they are?”
- Trust has evolved form somethings that was local and based on who you know. Now we use institutions like banks, universities, and others to allow us to trust strangers. Trust helps us believe what people say. We constantly evaluate information based on trust. But believing people online is difficult because identifiers lack the surrounding trustworthy context that is necessary to provide the clues we need to establish trust. The best way to create context around an identifier is to link it to other information in a way we can trust. A trust framework places identifiers in context so that people can believe in them. -- Image: https://commons.wikimedia.org/wiki/File:Vegetable_Vending_-_Andul_Bazaar_-_Howrah_2012-03-25_2917.JPG (CC BY 3.0)
- When a site like Amazon builds an identity system, they’re creating a trust framework. Simple trust frameworks allow the owner (Amazon in this case) to know things about the subjects of the framework with some level of certainty,. This trust framework is centralized, owned, private. We call them “administrative” because they’re designed to administer identity and establish trust in a specific domain. Amazon, in this case. The system, the identifiers, and how they work are owned and controlled by Amazon. They are subject to Amazon’s terms and conditions. They are useful for establishing trust within that domain, but not across domains
- More complicated trust frameworks federate to transfer trust between the participants and establish outside the context of a single domain For example, Visa and other credit systems provide a framework that links banks together so that I can use a card from one bank to buy something from a merchant who uses a different bank. These trust frameworks rely on a central, overarching administrator (Visa in this case) to establish context in the form of business processes, legal agreements, and technology (BLT). Other examples of trust frameworks that link multiple parties are services like Uber and AirBnB. Trust frameworks are a vital part of commerce since they allow us to work with strangers.
- In the physical world, trust frameworks are often more ad hoc and rely on trustworthy credentials. When you go into the pharmacy to purchase drugs, they might want to know you’re over 18. In the US, at least, it’s common for them to ask for a driver’s license for this purpose. Why? [click] Driver’s license is an identity credential for use in a specific administrative domain: licensing drivers Nevertheless, because of it’s implementation, it has uses outside the administrative domain for which it was designed. A driver’s license is implemented as a decentralized, trustworthy credential that serves as a container for a specific set of attributes. Its veracity is easily checked by recipients. Because of this implementation, people are the conveyors of trustworthy attestations (called claims). You can start a business today and decide you want to use a DL for proof of address and start doing it immediately. No permission required. No integrations. No APIs. -- Image: https://www.pexels.com/photo/colors-colours-health-medicine-143654/ (CC0) DL: https://www.dot.nd.gov/divisions/driverslicense/dlrequirements.htm
- None of the identity systems in popular use today offer support for the same kind of ad hoc attribute sharing that happens in the physical world Consequently, entities who want to rely on attributes from many parties have to perform integrations with all of them. This is slow, complex, and costly, so it typically happens only for high-value applications. Sovrin has built-in support for third-party claims that work the same way as physical credentials: they’re presented directly by the identity owner. A Sovrin identity owner can use a claim issued by her employer to [click] disclose information (such as her salary) to her bank without the employer or bank [click] even needing a relationship, much less a technical integration. [click] Sovrin claims can be used in ad hoc situations, just like credentials in the physical world, allowing individuals to function as integration points.
- Three things make it work: Distributed Ledger Public, Permissioned Distributed Ledger has same virtues as the Internet: Sovrin’s purpose-built ledger was created to provide world-class security and performance. By not using the Bitcoin blockchain, Sovrin is able to create identity records cheaply and quickly. Decentralized Identifiers & DID Descriptor Objects DIDs provide pairwise identifiers for every relationship to prevent correlation. DDOs associate DIDs with public keys and agent URLs. DIDs can be verified using cryptography, enabling a digital “web of trust.” Verifiable Claims & Zero-Knowledge Proofs Verifiable claims provide the means for third parties to provide identity owners with credentials they can use just like they do offline. Zero-knowledge proofs ensure that identity owners never need share more information than is necessary for a given transaction. -- Images: https://en.wikipedia.org/wiki/Network_topology#/media/File:NetworkTopology-Mesh.svg https://commons.wikimedia.org/wiki/File:Barcode_EAN8.svg https://commons.wikimedia.org/wiki/File:Pennsylvania-Drivers-License-1.gif
- Let’s talk about the term ”self-sovereign.” This is an idea that makes some people nervous. But I think many misunderstand what it means. In 1648, the treaties of Westphalia were signed, ending several decades-long religious wars. More importantly, these treaties established the modern idea of state sovereignty and non-interference which gives states exclusive control over the areas within their borders. But, the beauty of sovereignty isn't complete and total control, but rather the idea of borders—boundaries—that sustain a balance of power that leads to negotiations about the nature of the relationships between various entities. Sovrin clearly defines the boundaries, within which the person has complete control, and outside of which people and institutions can negotiate about shared information. Sovrin is designed to give identity owners independent control of their personal data and relationships. Sovrin is built so that the owner of the identity is structurally part of transactions made about that identity. Pairwise identifiers not only prevent correlation, but they stop third parties from transacting without the identity owner taking part since the identity owner is the only place pairwise identifiers can be correlated. But, other participants in the network are free to make their own decisions as well. For example, the pharmacy may not be willing to accept my self-asserted claim about my age and insist that I provide them with a claim from someone they trust. -- Image: https://en.wikipedia.org/wiki/Peace_of_Westphalia#/media/File:Westfaelischer_Friede_in_Muenster_(Gerard_Terborch_1648).jpg
- Another vital feature of decentralized identity—especially for a public ledger—is privacy. Privacy by Design is baked deep into Sovrin’s architecture as reflected by three fundamental features: First, identifiers on Sovrin are pairwise unique and pseudonymous by default to prevent correlation. Sovrin is the first distributed ledger to be designed around Decentralized Identifiers (DIDs) as the primary keys on the ledger. DIDs are a new type of digital identifier that were invented to enable long-term digital identities that don’t require centralized registry services. DIDs are the basis of Sovrin’s pairwise identifier architecture. Second, personal data is never written to the ledger. Rather all private data is exchanged over peer-to-peer encrypted connections between off-ledger agents. The ledger is only used for anchoring rather than publishing encrypted data. Third, Sovrin has built-in support for zero-knowledge proofs (ZKP) to avoid unnecessary disclosure of identity attributes—privacy preserving technology that has been long pursued by IBM Research (Idemix) and Microsoft (UProve), but which a public ledger for decentralized identity now makes possible at scale.
- All of this makes Sovrin a universal trust framework—one that can be used in many different situations to solve a variety of problems. Sovrin provides the benefits of a trustworthy identity platform without each participant having to build it themselves. Sovrin provides accessible provenance for trust transactions. Provenance is the foundation of accountability through recourse. Not only can Sovrin support user-controlled exchange of verifiable claims about an identifier, it also has a rock-solid revocation model for cases where those claims are no longer true. Verifiable claims are a key component of Sovrin’s ability to serve as a universal platform for exchanging trustworthy claims about identifiers. -- Photo Credit: Lorimerlite Framework from Astris1 (CC BY-SA 3.0)
- Sovrin provides the means of securely sharing information through Sovrin Trustworthy claims. As part of this, Sovrin provides standard mechanisms for: Using claims in ways that preserve privacy, Recording consent on how information will be used, and Recording consent on what was shared. As more and more of our lives are mediated by computational services, these features will become increasingly important for preserving personal independence as well as protecting companies from liability. -- Image: https://pixabay.com/p-2021308/?no_redirect
- [click] Healthcare: Sovrin partner Doctor’s Link is testing Sovrin as a means of transferring trustworthy claims about healthcare professionals’ credentials. [click] Education: Brigham Young University is conducting a proof of concept that uses Sovrin Trustworthy Claims to give students control over their personal information, including their learning activities, and demonstrate how other parties can trust learning records shared by the student. [click] Finance: USAA (a large US-based bank) and CULedger (a consortium of credit unions) are conducting proofs of concept on Sovrin for their Call centers and KYC processes. [click] Disadvantaged populations: Sovrin Partner iRespond is conducting a proof of concept to show how Sovrin Trustworthy Claims can be used with their biometric identification systems to record immunization and other health data for under-documented people in Africa and Asia. [click] Login: Web sites and service providers can store much less personal information since they can easily get it from the user through a Sovrin Trustworthy Claim, increasing security by removing honey-pots of data. Image credits: https://commons.wikimedia.org/wiki/File:Doctor_takes_blood_pressure.jpg, public domain Student in Class from Albert Herring (CC BY 2.0) Customer in bank, Indonesia https://www.flickr.com/photos/imtfi/21467116550 (CC BY-SA 2.0) https://pixabay.com/en/login-register-window-button-570317/, public domain
- So, where is Sovrin? We will launch the provisional network within the month. The provisional network has reduced features but operates on the production ledger with sufficient validator nodes (run by Sovrin Stewards) to achieve eventual consensus using Sovrin’s Byzantine Fault Tolerance algorithm. The provisional network will allow people and institutions to begin working with the Sovrin network. The full-featured, general availability network will be available in the early fall. There are a half-dozen proof of concept projects underway in using Sovrin. -- Image: https://www.flickr.com/photos/dvanzuijlekom/8521605119/
- Thanks for listening. Questions?