Identosphere 227: April SSI News • Learning Credential Developments • DIDs for Chess Players
Infominer moved on to new opportunities. This is a catchup post covering Decentralized and Self-Sovereign Identity for April 2025
Why I’m Excited About a Decentralized Identity System for Chess
This week we – along with our partners at World Chess, operators of the FIDE Online Arena – announced a novel proposal for utilizing blockchain-based decentralized identifiers (DIDs) and verifiable credentials (VC) in the world of chess. DIDs are a match made in heaven for the vast online/offline chess ecosystem – and, we believe, for any number of other similar gaming communities. Check out the whitepaper for full details of our envisioned system.
IETF Group SPICEy Developments
GLobal Unique Enterprise (GLUE) Identifiers was adopted.
The specification’s abstract is:This specification establishes an IETF URN namespace for GLobal Unique Enterprise (GLUE) Identifiers. It also establishes an IETF URN namespace for identifiers defined by the IETF Secure Patterns for Internet CrEdentials (SPICE) working group. The GLUE URN namespace is within the SPICE URN namespace.
OpenID Connect standard claims registration for CBOR Web Tokens was adopted.
The specification’s abstract is: This document registers OpenID Connect standards claims already used in JSON Web Tokens for CBOR Web Tokens.
Traceability Claims was updated with an eye towards future working group adoption.
The specification’s abstract is: This document defines claims to support traceability of physical goods across supply chains, focusing on items such as bills of lading, transport modes, and container manifests. These claims standardize the encoding of essential logistics and transport metadata, facilitating enhanced transparency and accountability in global supply chains. These claims are registered for use in both CBOR Web Tokens (CWTs) and JSON Web Tokens (JWTs).
A Significant Event Without Fanfare
Presentation Exchange was removed from the OpenID for Verifiable Presentations specification. It had once-upon-a-time been the only query language used for verifiable credential presentation.
OpenID Presentations at April 2025 OpenID Workshop and IIW
AI and Identity
AI Agents as Decentralized Identity Verifiers
Identity verification is a crucial component of online security and governance. Current identity systems rely on governments and corporations, which are centralized, to validate user credentials. These systems present risks related to data breaches, identity theft, and data monopolization. Decentralized identity systems, based on blockchain technology, offer a new approach to identity verification, and AI agents could play a major role in automating and enhancing these processes.
Let's fix OAuth in MCP
From Phil Windley
First Person Identity
I'm sitting in VRM day listening to Drummond Reed talk about his First Person Project. If you know Drummond or me, you know we've been interested in this idea since 2011 when we were both working on something called a personal cloud. I've written about this idea extensively on this blog, arguing that people have no place to stand on the internet and thus our digital relationships are, as a result, anemic.
Establishing First Person Digital Trust
After Alice and Bob exchange DIDs and establish a secure DIDComm channel, they have the foundation of a relationship. But what if they want to do more than just message each other? What if they want to capture, express, and eventually use the fact that they met—on their own terms? That's where the verifiable relationship credential (VRC) comes in.
What IIW Participants Value Most
When participants register, one of the questions we ask them is what they value most about IIW. Over 100 people answered that question. Rather than bore you with the raw data, I asked ChatGPT to summarize the responses. Here's what it said:
Why Do Policy Languages Feel So Hard?
Permit.io just published the results of a survey they conducted with over 200 developers on access control. There's lots of good data there, but one thing that struck me is that over 50% of developers said that they've never used any of the popular policy languages.
Standards News
DIF Launches Decentralized Identity Foundation Hospitality & Travel Working Group
Evolving from the ongoing H&T Special Interest Group (SIG). This new working group will focus on developing standards, schemas, processes, and documentation to support the self-sovereign exchange of data between travelers, services, intermediaries in the hospitality and travel industry, and their AI agents.
OAuth 2.0 Protected Resource Metadata is now RFC 9728
The OAuth 2.0 Protected Resource Metadata specification has been published as RFC 9728!
Decentralized Identity Interop Profile v4
In the context of the European eIDAS regulation (eIDAS) and its Architecture and Reference Framework (ARF), the DIIP profile is a profile for “regular” digital credentials, “non-qualified electronic attestations of attributes”.
Learning and Work Credential News
Velocity Network Foundation Partners with the Learn & Work Ecosystem Library to Advance Credential Transparency and Interoperability
Learn and Work Ecosystem Library
The learn-and-work ecosystem is composed of 12 key components that must be connected and coordinated so that INDIVIDUALS can move seamlessly through the marketplace using a variety of credentials to communicate the skills and knowledge acquired in multiple settings (school, work, service, self-study); SCHOOLS can count learning obtained outside of academic settings toward a degree or other credential; EMPLOYERS have more detailed and externally-validated information for hiring, reskilling, and upskilling workers; and the PUBLIC is informed about the learn-and-work ecosystem.
Oldy but Goodies
Long Live RSS
This post from Cory Doctorow entitled You should be using an RSS reader caught my eye a while ago. I used to use an RSS reader all the time. I've tried to get back into it a time or two, but it didn't stick. Inspired by Cory to try one more time, I downloaded the RSS reader he uses (Newsblur) and gave it another shot. This time I coupled it with moving the RSS reader app on my phone to a more prominent position so when I'm looking for something to browse, I see it first.
Considering what should be
Privacy ≠ Freedom (but it should)
Without trying to be hyperbolic, the current trajectory for privacy laws and regulations is leading down a path of digital alienation. It is time for privacy laws and practices to support digital autonomy.
(MyData) The Robot Revolution: Why Privacy by Design is Non-Negotiable
The Era of Robots is (Almost) Here:
The Hardware is Just the Beginning:
But Is It Safe? The Privacy Dilemma:
As robots become integrated into our lives, data security and privacy concerns become paramount. Imagine:...
IEEE P7012 is final! MyTerms
The standard is P7012: Standard for Machine Readable Personal Privacy Terms, which “identifies/addresses the manner in which personal privacy terms are proffered and how they can be read and agreed to by machines.”
The SSI Illusion: Why Cryptographic Identity Can’t Replace Institutional Trust
Blockchain: The Future Of Secure Data?
By Andres Andreu, CISSP, ISSAP, QTE
Part 1 Blockchain: The Future Of Secure Data?
Part 2 Decentralized Identifiers and its impact on privacy and security
Legislative Engagement
Internet Safety Labs Provides Testimony for Massachusetts Data Privacy Acts
Internet Safety Labs testified in support of the Massachusetts Consumer Data Privacy Act (H78) and Massachusetts Data Privacy Act (H104), advocating for strong data minimization, restrictions on sensitive data sales, and robust enforcement to protect residents’ privacy. We’re grateful to the Massachusetts Legislature for hearing our testimony. The written testimony is available to view, along with a video of the testimony below:
Company News
(ID Untion) From Concept to MVP: Successfully Delivering the Digital Product Passport Demo
Over the past three years, a dedicated research team from IDunion has been working intensively on the Digital Product Passport (DPP).
(Ceramic) The Future of Ceramic: Focusing on Recall
(Ayan Works) The Promise of Blockchain in National ID Systems
(ONTO) The Future of Decentralized Identity: The Key to a Human-Centered Web3
Dive into decentralized identity with ONTO Wallet and Holonym to discover why it matters in the Web3 world.
Research
Self-sovereign identity and digital wallets by Babel et al.
Current digital identity management approaches create fragmented, service-specific identities that are difficult to manage and raise concerns about corporate lock-in and data protection, while providing limited support for machine-verifiable attributes. The European Digital Identity Wallet represents a significant advancement toward unified identity management using self-sovereign identity (SSI) principles, though SSI still lacks comprehensive theoretical analysis and clear value propositions for digital ecosystems.