-
Notifications
You must be signed in to change notification settings - Fork 59
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #9 from infominer33/master
made a file for Joe Andrieu's Characteristics of Sovereign Identity
- Loading branch information
Showing
3 changed files
with
89 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| ### 7 Myths of Self-Sovereign-Identity | ||
|
|
||
| This October, Tim Ruff of Evernym published the [7 Myths of Self-Sovereign Identity](https://medium.com/evernym/7-myths-of-self-sovereign-identity-67aea7416b1), to clear up some common misconceptions about SSI. The 7 Tim highlights are an excellent start to SSI myth busting. Which other myths need busted? What is the best way to succinctly and completely relate the seven listed here? | ||
|
|
||
| #### Myth 1: Self-sovereign means self-attested. | ||
|
|
||
| Self-Sovereign means having ownership over your own credentials. However, we are still dependent on others to verify specifics about who we are. Self-attested credentials provide your personal opinion, preferences and consent. Proof of specific attributes commonly requires a trusted third party to verify and attest to. | ||
|
|
||
| #### Myth 2: SSI attempts to reduce government’s power over an identity owner. | ||
|
|
||
| Many people are reminded of the Sovereign Citizens movement, that asserts its sovereign independence from presiding governments. Self-sovereign identity, on the other-hand, enables a private, encrypted connection between a government and their citizens. That connection, mutual and revokable by either party, can support mutual authentication, communication, and datasharing; independent from change of address or phone numbers. | ||
|
|
||
| #### Myth 3: SSI creates a national or “universal ID” credential. | ||
|
|
||
| SSI is not meant to supplant a national ID system. As mentioned previously, governments can use SSI to improve existing identity systems, whether national, regional, or otherwise. SSI does not replace the trust of government or any other organization; rather SSI makes possible stronger, more flexible and verifiable connections between existing organizations, members, governments and constituents. SSI will, however, make possible identification for those who are unable to access any from a local government, including refugees and other displaced people. | ||
|
|
||
| #### Myth 4: SSI gives absolute control over identity. | ||
|
|
||
| SSI gives its owner control over some aspects of identity, but not all. The digital wallet, DIDs, interaction history, consent receipts, private keys, and self-attested credentials are under complete control of the owner. | ||
|
|
||
| Connections, relationships, and third-party issued credentials are not entirely self-sovereign, nor should they be. Like real-world relationships, all parties involved have some degree of control over the continuation of the relationship. | ||
|
|
||
| With Sovrin\Indy-style SSI, digital credentials can be held by the SSI owner in a self-sovereign digital wallet, and can still be revoked by their issuers, without the credentials being removed from the wallet. | ||
|
|
||
| #### Myth 5: There’s a “main” verifier of credentials. | ||
|
|
||
| With real SSI there is no third party in the middle verifying each credential added to a wallet. Identity proofing services can provide a valuable service, but its a lot simpler when government and financial institutions issue verifiable credentials directly to identity owners. | ||
|
|
||
| If want to use that credential somewhere other than where it was issued from, it can be instantly verified by any relying party I share it with, without having to check with the issuer. | ||
|
|
||
| #### Myth 6: There’s a built-in method of authenticating. | ||
|
|
||
| SSI isn't dependent upon any particular means of authentication. It offers a protocol supporting any authentication method that two (or more) parties opt to use. One implementation might use facial or voice biometrics while another uses proof of location, and another simply exchanges digitally signed attestations, which are incredibly strong. | ||
|
|
||
|
|
||
| #### Myth 7: User-centric identity is the same as SSI. | ||
|
|
||
| User-centric identity gives the user greater control than before, and that’s great! However, it never realized its original intent — user independence — and it actually left large intermediaries with even more power than before. Facebook and Google, the biggest beneficiaries of the move to user-centric identity, would call their services user-centric. | ||
|
|
||
| Even the term gives it away: you’re still a user and not the owner, and that means the underlying service is siloed or federated, not self-sovereign. Of course with SSI there are services provided by third parties, such as cloud agent hosting and relationship management apps and tools, but they are modular and replaceable. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,15 +1,30 @@ | ||
| # self-sovereign-identity | ||
| Articles and documents associated with designing and implementing identity technology using self-sovereign identity principles | ||
|
|
||
| ## Local on Github | ||
| ## Local to this repository | ||
| * [The Path to Self-Sovereign Identity](ThePathToSelf-SovereignIdentity.md) - The original article on Self-Sovereign Identity and the 10 Principles of Self-Sovereign Identity as published on 2016-04-25 in github and at [Life With Alacrity](http://www.lifewithalacrity.com/2016/04/the-path-to-self-soverereign-identity.html) by [Christopher Allen](http://www.github.com/christophera) | ||
|
|
||
| * [Self-Sovereign Identity Principles](self-sovereign-identity-principles.md) - The Self-Sovereign Identity Principles, in progress of being revised. | ||
| * [10 Principles of Self-Sovereign Identity](self-sovereign-identity-principles.md) - The Self-Sovereign Identity Principles, in progress of being revised. | ||
|
|
||
| * [Self-Sovereign Bill of Rights](self-sovereign-identity-bill-of-rights.md) - lifeID (founded by [Chris Boscolo](https://github.com/cboscolo)) adapted the 10 Principles of Self-Sovereign Identity into a [Bill of Rights](https://medium.com/@lifeID_io/lifeid-self-sovereign-identity-bill-of-rights-d2acafa1de8b) that all self-sovereign identity solution should uphold. | ||
|
|
||
| * [Core Characteristics of Self Sovereign Identity](characteristics-of-sovereign-identity.md) - from *A Technology-Free Definition of SSI* for review and comparison against *10 Principles of SSI* | ||
|
|
||
| * [Schutte's Take](https://github.com/infominer33/self-sovereign-identity/blob/master/Schutte-on-SSI.md) which offers criticism on the 10 Principles. | ||
|
|
||
| * [7 Myths of Self Sovereign Identity](7-myths-of-self-sovereign-identity.md) - from Timothy Ruff's [blog post](https://medium.com/evernym/7-myths-of-self-sovereign-identity-67aea7416b1). | ||
|
|
||
|
|
||
|
|
||
| ## Elsewhere | ||
|
|
||
| * [A Technlogy-Free Definition of Self-Sovereign Identity](https://github.com/jandrieu/rebooting-the-web-of-trust-fall2016/raw/master/topics-and-advance-readings/a-technology-free-definition-of-self-sovereign-identity.pdf) - Topic paper for Rebooting Web of Trust III by [Joe Andrieu](http://www.github.com/jandrieu) | ||
|
|
||
| * [Identity and Digital Self-Sovereignty](https://medium.com/learning-machine-blog/identity-and-digital-self-sovereignty-1f3faab7d9e3#.3jcgvnbok) - Blog post by [Natalie Smolenski](https://medium.com/@nsmolenski) | ||
|
|
||
| * [Self-Sovereign Bill of Rights](self-sovereign-identity-bill-of-rights.md) - lifeID (founded by [Chris Boscolo](https://github.com/cboscolo)) adapted the 10 Principles of Self-Sovereign Identity into a [Bill of Rights](https://medium.com/@lifeID_io/lifeid-self-sovereign-identity-bill-of-rights-d2acafa1de8b) that all self-sovereign identity solution should uphold. | ||
| * [SSI: A Roadmap for Adoption](https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-spring2018/blob/master/final-documents/a-roadmap-for-ssi.md) from Rebooting the web of trust, Spring 2018. | ||
| > This document proposes the formation of a short-term team to develop consistent messaging for the Self-Sovereign Identity (SSI) market. | ||
| * [How to Convince Dad* of the Importance of Self-Sovereign Identity](https://github.com/WebOfTrustInfo/rwot7/blob/master/final-documents/convincing-dad.md) (\*and your sister and your daughter and your best friend and your nephew) (SSI Use-Cases) | ||
|
|
||
| * [A Gentle Guide to Self Sovereign Identity](https://bitsonblocks.net/2017/05/17/gentle-introduction-self-sovereign-identity/) has a section called "How would self-sovereign identity work for the user?" that could be "modularized" and improved upon. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,30 @@ | ||
| # Core Characteristics of Sovereign Identity | ||
|
|
||
| From [Joe Andrieu](https://github.com/jandrieu)'s [A Technology‐Free Definition of Self‐Sovereign Identity](https://github.com/jandrieu/rebooting-the-web-of-trust-fall2016/raw/master/topics-and-advance-readings/a-technology-free-definition-of-self-sovereign-identity.pdf), for comparison with the [Ten Principles of Self Sovereign Identity](https://github.com/WebOfTrustInfo/self-sovereign-identity/blob/master/self-sovereign-identity-principles.md) and continued discussion: | ||
|
|
||
| ### Control. Acceptance. Zero Cost. | ||
|
|
||
| These are the three fundamental characteristics of self‐sovereign identity. | ||
|
|
||
| #### CONTROL | ||
| * **Self‐sovereign identities are controlled by the individual:** | ||
| * **Self‐generatable and Independent:** Individuals must be able to create identity information without asking for permission and be able to assert identity information from any authority. The resulting identity must have the same technical reliability as those provided by well‐known, “official” sources. The observer, of course, is always free to decide whether or not a given piece of information is meritorious, but the information must be able to be verified as a non‐repudiatable statement of correlation using exactly the same mechanisms regardless of source. Further, individuals must be able to present self‐generated identity information without disclosing that the authority in the claim is the subject of the claim. | ||
| * **Opt‐in**: The affordance for asserting identity information starts with the individual. While an individual may present claims from known or accepted third party authorities, it is the individual who asserts that the claim applies to them. Self‐sovereign identities begin with the will of the individual, with the intentional presentation of identity information. | ||
| * **Minimal Disclosure**: Individuals should be able to use services with minimal identity information. Features that depend on enhanced correlation must be understood by the average user. Such features should be permissioned with the highest granularity, so functions independent of correlation work equally well alongside those dependent on it. It is not acceptable to deny services because of a refusal to provide unrelated information. | ||
| * **Non‐participation**: Individuals must be able to choose to not provide identity information for services where it isn’t absolutely required. Any spontaneous identifiers necessary for a service to function, such as cookies or session ids, must use the same infrastructure for consent, persistence, transience, and disclosure as if provided by the individual. | ||
| * **Opt‐out**: Individuals should be able to opt‐out of identifying records post‐facto as a matter of course. People should be able to stop the use of a correlating identity information by request. Some transactions necessarily require long term retention of identity information, such as financial transactions, purchases, and shipments. Actions that create permanent records should be clearly marked and communicated such that the retention is expected and understood by the average person. All other actions which leverage a self‐sovereign identity should be de‐correlated on‐demand and said identifiers should no longer be used to correlate that individual across contexts. | ||
| * **Recoverable**: Sovereign identities must be robust enough to be recovered even if hard drives are lost, wallets stolen, or birth certificates lost in a fire. Self‐sovereign identities must provide a way for individuals to recover and reassert that existing identify information applies to them even in the face of complete loss of credentials. This may be challenging given current technical proposals, but the point of this paper is to explore the non‐technical requirements of a self‐sovereign identity. To fully address the needs of UN Sustainable Development Goal 16.9, identity assurance can’t depend on pieces of paper, devices, or other artifacts that can be lost, stolen, destroyed, and falsified. | ||
|
|
||
| #### ACCEPTANCE | ||
| * **Self‐sovereign identities are accepted wherever observers correlate individuals across contexts.** | ||
| * **Standard**: There is an open, public standard managed through a formal standards body, free to use by anyone without financial or intellectual encumbrance. Simple The core standard (schema, serialization, and protocols) must be atomically minimal, providing the barest data set, allowing complexity to emerge not from a complicated data model but from a multiplicity of information types, authorities, and observations. | ||
| * **Non‐repudiatable**: Individual claims should be cryptographically signed to assure non‐repudiatable statements of correlation. Long term, public and semi‐public ledgers should be used to record claims that become statistically impossible to falsify over time. Self‐sovereign identities, at a minimum depend on cryptographic assurances, and most likely will be further enabled by non‐repudiatable public ledgers. | ||
| * **Reliable**: Access to self‐sovereign identities must be at least as reliable as access to the Internet. It should not rely on any individual or group of centralized servers, connections, or access technologies. Substantially Equivalent Above all, self‐sovereign identities must meet the needs of legacy identity observers at least as well as current solutions. If the core architecture is inherently less capable than existing approaches there is little hope of systemic adoption. | ||
|
|
||
| #### ZERO COST | ||
| * **Finally, any proposed standard for self‐sovereign identity must be adoptable at absolutely minimal cost.** | ||
| * Not only must it be free of licensing encumbrances, it must be implementable with readily available, inexpensive, commodity hardware running common operating systems. If it can’t be achieved using today’s commodity products, then we must help manufacturers incorporate what we need. | ||
|
|
||
| **In order to reach every last person on the planet**—the explicit target of UN Sustainable Development Goal 16.9—**self‐sovereign identity must be realizable at massive scale with close to zero marginal cost**. | ||
|
|
||
| The systems we use to make sense of the resulting identity transactions will provide more than enough consulting, software, and hardware revenue to finance the development of the core enabling technology. Just as the web browser was a zero cost entry into a vast economic and innovation engine of the world‐wide web, so too must self‐sovereign identity begin with the most cost‐effective on‐ramp that can be engineered. |