Identosphere 110 • Standards Regret • IIW workshop Highlights • Economics of Personal Data • OpenID for VCs
Thanks for reading, and be sure to support our weekly digest of the decentralized identity landscape: news, policy, events, jobs, and developments in the proliferation sovereign identification systems
Welcome to the Identosphere Weekly!
Thanks for supporting our efforts in this ecosystem.
(if you have power to spend some end of the year left over budget - we would love a contribution)
It is coming up on the End of the Year - if you have remaining money in your company budget - please consider contributing to this Newsletter. You can do a one time contribution via paypal here.
eSSIF-Lab final event 12/1 Brussels (Kaliya will be there)
Save the Date: APAC Digital Identity unConference, March 1-3 Bangkok, Thailand
IIW 36 April 18-20, Mountain View
Safe the Date: Digital Identity unConference Europe #DICE. June 7-9, Zurich, Switzerland
Open position: Researcher Apply by 12/5 MyData
with a background in governance, human-centric infrastructures, and data ecosystems.
SSI, Web5, IDtech, Reusable Identity, Authentic Data — Which Should You Use?
“Reusable” and “self-sovereign” are ideologies, ideals, or ambitions identity developers can ascribe to, just like directors can aspire to produce artistic vs entertaining films.
Web2, web3, and web5, as paradigms or architectures, are akin to the style used to shoot, which is determined in part by the types of cameras, lenses, and other technologies used.
Categorical terms such as IDtech, fintech, medtech, etc. are like genres of movies (e.g. superhero, horror, romance+comedy, etc).
Internet Identity Workshop Highlights
“Once you figure out identity, banking is just accounting” h/t Tommy McThomuel
IIWXXXV is a wrap! The largest @idworkshop to date Heidi Nobantu Saul
~ 160 Sessions called and Convened See you in April 2023
making history for SSI/DID and beyond Robert Mao
verifiable credentials movement has gone from a dream of a better Internet to practical discussions and proofs of concepts. This is something that we are working passionately on, so it was great to join other like minded people working to digitize bits of identity information into digital wallets.
Identity Insights - IIW Recap Day 1 Indicio [Day 2] [Day 3]
In this special edition of Identity Insights we talk with Mike Ebert, Enterprise Software Team Lead at Indicio, about his experiences during the first day of IIW, including what the event is all about, what new ideas are being introduced, and the most interesting sessions of the day.
[github] OpenID for Verifiable Credential Issuance - Client library Sphereon
OpenID4VCI defines an API designated as Credential Endpoint that is used to issue verifiable credentials and corresponding OAuth 2.0 based authorization mechanisms (see [RFC6749]) that a Wallet uses to obtain authorization to receive verifiable credentials [...] allows new applications built using Verifiable Credentials to utilize OAuth 2.0 as integration and interoperability layer.
[iiw] “DID Method Battle Royale” by Nick Reynolds from @ConsenSys / @veramolabs Ankur Banerjee
we discussed other characteristic beyond the DID Method Rubric for scoring IIW35_Day 2_Session 8_Space D
So why now and why client discovery? Tobias Looker
I believe we need a simple and common approach documented for the OAuth2 community that enables a wide range of use cases and many of the proposals to date have been more focused on specific applications such as federation or social login. mattrglobal / draft-looker-oauth-client-discovery
[Tweet] For all the people who attended the “standards regrets” session at #iiw @idworkshop Vittorio
the book that presents OpenId 2 as a case study of design failure is [Why We Fail: Learning from Experience Design Failures Paperback Victor Lombard]
Privacy Preserving and Scalable Revocation Method for Self Sovereign Identity -- The Perfect Revocation Method does not exist yet Andreas Freitag
Revocation can be done with different methods e.g. lists, compressed lists and cryptographic accumulators. A revocation method must be privacy preserving and must scale. This paper gives an overview about the available revocation methods, include a survey to define requirements, assess different revocation groups against the requirements, highlights shortcomings of the methods and introduce a new revocation method called Linked Validity Verifiable Credentials
Real World Use
The use of Verifiable Credentials (VC) – a tamper-evident data file with a set of claims about a person, organisation, or thing that can be cryptographically verified – is poised to streamline the entire events industry. Using VCs, however, it would be far more difficult for bots and scalpers to get the requisite level of trust necessary to bulk-buy and resell tickets, while event-goers will be able to prove trusted attributes
Gordian Envelope Use Case: Educational Credentials BlockchainCommons
Gordian Envelopes are useful for credentials in large part because of their ability to support advanced features such as elision, peer-based attestation, and herd privacy. They go far beyond just presenting validatable credentials to allowing the individual holders to decide what gets credentialed, what gets shown, how, and in what context. They thus add self-sovereign control to the standard rubric of Verifiable Credentials
The goal of the Action Plan is to scale this approach nationally, developing a single micro-credentials framework that is shared across Scotland’s skills and employment organizations
This strategy offers Scotland multiple levels of accelerating economic benefit, most notably:
An improved approach for explicitly linking the skills requirements of employers to available skills programs and academic courses.
Advancing a common digital economy infrastructure that will service multiple use cases including this one.
With an industry that generates such significant global revenue, it’s bound to attract the attention of cyberattackers looking to steal company and gamer data for malicious use.
attempting to onboard traditional gaming users into Web3 is difficult because getting them used to cryptocurrency wallets and understanding private keys and memorizing long strings of numbers is difficult. Using decentralized identity gives them a unique ID that follows them from application to application that’s easier to maintain.
New group working to #endsurveillancecapitalism Stop tracking us, stop manipulating us, and stop working with companies that do Chris Heuer
We are thankful for Keep Badges Weird WeareopenCoop
In this first year of Keep Badges Weird we wrote lots of reflections, promising practices, invitations and other posts.
SICPA DIGITAL IDENTITY SICPA
Starting from birth registration, all the way to death certification, daily living in our communities revolves around foundational physical identity documents that enable access to education, health and social benefits, education, finance and commerce over a lifetime.
Yet millions of people are excluded from these services due to the lack of formal ID. Can governments offer a digital identity designed for people?
While there are many organizations working to make self-sovereign identity a reality, this is just a handful of the groups that are helping drive forward progress.
Traverse: Insights from Australian Red Cross creating, designing and ending a digital identity platform Solferino Academy
There is a long-standing challenge within the humanitarian sector – the slow process of onboarding and managing staff and volunteers for rapid deployment during a crisis.
Economics of Personal Data
The Great Data Delusion MyData
This is the first of a series of blogs exploring the Surprising Economics of Personal Data, the subject of Mydex CIC’s latest White Paper.
what few people have realised (yet) is that new citizen-empowering ways of collecting, storing, sharing and using personal data have the potential to transform the workings of our economy, cutting the costs of service provision by 30%, 50% or more (depending on circumstances), while improving service quality and opening up new vistas of innovation.
BlueSky - Authenticated Transfer Protocol
First impressions of Bluesky's AT Protocol Educated Guesswork
ATP allows you to have a persistent identity that is portable between PDSes. It does so by introducing the computer scientist's favorite tool, another layer of indirection. The basic idea is that your identity is used to look up which PDS your data is actually stored on; that way you can move from PDS to PDS without changing your identity.
TBD team at Block announced Web5: an extra decentralized web platform. It is being built upon Decentralized Identifiers, Decentralized Web Nodes, Verifiable Credentials and many other SSI primitives. On Oct 27, 2022 Gabe Cohen presented on how they think about Web5, what they are building, how it is becoming a reality, and how you can help.
Seek a 'Queen Bee' decision maker. Remember the future tipping point. Talk to customers! Customers define the solution fit. Are you selling optimization/relief/enhancement? Narrow the market. Political solutions needed
Defederation and governance processes Doug Belshaw
To “keep things the way they are” is always an option, never the default. Framing this option as a default position introduces a significant conservative bias — listing it as an option removes this bias and keeps a collective evolutionary.
To “look for other options” is always an option. If none of the other current options are good enough, people are able to choose to look for better ones — this ensures that there is always an acceptable option for everyone.
Neal Stephenson on The Future of the Metaverse a16z Podcast
When Neal Stephenson coined “the metaverse” three decades ago, his book Snow Crash was found on the shelves of “science fiction”. While the book remains in that category, many of its concepts are now found in reality… Fast forward to 2022, where numerous companies are now building toward their version of the metaverse, including Neal himself
From “Dynamite to Metaverse,” Global Community Discusses Crypto’s Role in Terror Financing Shyft Network
The Annual ‘No Money for Terror Conference” was held in New Delhi, India, on the 18th and 19th of November, 2022.
Both Spruce and Trinsic replied they are rooting for everyone.
What digital identity, DID, or verifiable credential projects are you rooting for going into 2023? Add/ remove from this list: @gitcoin passport, @Sismo_eth, @gitpoap, @proofofhumanity, @discoxyz, @layer3xyz, @SpruceID, @BrightIDProject, @0xPolygonID, @ceramicnetwork
[video] IIW 35 Extended Demo Veramo
Today we’re going to show you 3 different ways to get started with Veramo. No matter what your platform or use case.
This video is an extended version (showing full setup required, to serve as a developer resource) of the demo to be given by the Veramo team at IIW 35.
so that even Muggles can backup and restore their digital wallet across vendors and using standard tools like tar/gzip/argon2. Let's make this happen!
Standard Wallet Backup Container Sam Curren at IIW Fall 2022 Notes by Lance Byrd
Problem: Wallet backups are custom to the wallet and lock your identity into a vendor
Goal: Backup/Restore across wallet vendors using common tech
Note: JFF wallet plugfest might focus on testing interop of wallet backup/restore
[tweet] Devil's Dictionary of Linguistic Dark Patterns #iiw Nat Sakimura
Go to website: Run our code on your computer
Sign-in / log-in: Allow us to track you across sessions and create your behavioral profile
Privacy agreement: How are we going to sell your data
Decentralized: We run our code on your machine at your own risk
Self-sovereign: Yours to use and yours to lose
UK Digital Identity and Attributes Trust Framework [...] places rigorous fraud management, privacy, cyber security and inclusion requirements on organisations, based on robust international standards. It’s been developed in conjunction with the National Cyber Security Centre, as well as other expert stakeholders such as the ICO.
Apple Spying on its Customers
“Through its pervasive and unlawful data tracking and collection business, Apple knows even the most intimate and potentially embarrassing aspects of the user’s app usage—regardless of whether the user accepts Apple’s illusory offer to keep such activities private,” the lawsuit said.