Identosphere 113 • NIST Digital Identity Guidelines 800-63-4 Draft live • European SSI Taking Off • X-Road reboot with SSI • Metaverse Interop Report
Happy Solstice from Identosphere's Weekly review of the latest news in Self Sovereign Identity and Verifiable Credentials.
Happy Holiday from Identosphere
We will be back the first weekend of January.
Thanks for supporting our efforts in this ecosystem.
Make a one time contribution by PayPal, or contribute monthly by Patreon!
Upcoming
GS1 Global Forum 2/13-16
Save the Date: APAC Digital Identity unConference (website will be live Dec 23) - 3/1-3 Bangkok, Thailand
[DATE MOVED] Thoughtful Biometrics Workshop virtual unConference - 3/13-17 [Registration]
IIW36 - 4/18-20, Mountain View, CA
Digital Identity unConference Europe #DICE - 6/7-9, Zurich, Switzerland
Top Finds
Asymmetric wallet wars Anil John
the 21st century version of the NASCAR Problem in Identity, which are QR codes, deeplinks and protocol handlers - supporting only a pre-selected menu defined by platforms and technology vendors using their own opaque criteria with no insight, input or choice possible by an individual.
Report: Rebooting Trust Management in X-Road niis
Trust is the basic concept around which business and information security is formed. Like most systems, currently, X-Road uses a centralised root of trust to manage identities. The report presents the results of the research on migrating X-Road towards self-sovereign identity (SSI) management.
The Road to Interoperability An Open Metaverse State of the Union By the People Building It Lighthouse World
In Conversation with Disco's Evin McMullen and Jonny Howle
*great interview beginnning on page 57
Encrypted attributes append directly to a self-provisioned user identity, and only designated parties with the right keys for the designated period can access these attributes. Because the flow of information between parties happens only with the cryptographic consent of the identity owner whose verifiable credentials are requested, SSI forms an essential primitive for coherent management of privacy and identity needs across varying contexts, environments, and worlds
Standards Work
SP 800-63-4 (Draft), Digital Identity Guidelines CSRC, David Temoshok (NIST), Diana Proud-Madruga (Electrosoft), Yee-Yin Choong (NIST), Ryan Galluzzo (NIST), Sarbari Gupta (Electrosoft), Connie LaSalle (NIST), Naomi Lefkovitz (NIST), Andrew Regenscheid (NIST)
Comments by: 3/24/23
NIST requests comments on the draft fourth revision to the four-volume suite of Special Publication 800-63, Digital Identity Guidelines. This publication presents the process and technical requirements for meeting the digital identity management assurance levels specified in each volume. They also provide considerations for enhancing privacy, equity, and usability of digital identity solutions and technology.
The role of trust registries in an SSI ecosystem Gataca
There are different trust frameworks (EBSI Registries is one example), and consulting about the validity of a specific credential implies knowing the trust framework it is anchored on. Trust Frameworks are typically provided by government agencies, but they could also be built by industry consortia or other private entities.
[thread] Our work to make AnonCreds ledger-independent is now fully funded! Animo
partner and collaborator @id_ltd funded a large part of the ACA-Py work, also the @cheqd_io community passed a proposal to support the project, pledging 433,900 $CHEQ from the community pool! Thanks community!
Interop
The Catch-22 of Interoperability Trinsic
The real end-goal of web5 is a universally-accepted and useful digital ID–a goal only achievable through interoperability. Thus, the unique value of web5 is interoperability, or more precisely, the extreme convenience and high trust interoperability delivers to identity products.
Unfolding supply chains with interoperability and decentralisation Origin Trail
With the endless variety of possible scenarios in global supply chains, a knowledge asset is there to represent any single (small or large) part of it, whether that’s raw material, finished product, professional service, factory building, compliance certificate, quality claim or anything else you can think of. But even though they can be so incredibly diverse, they all share the same core characteristics:
Trends
McKinsey Technology Trends Outlook 2022
except it must have been written by Jr. Researchers cause they think BankID from Norway is SSI
Digital-trust technologies enable organizations to build, scale, and maintain the trust of stakeholders in the use of their data and digital-enabled products and services. [Learn more about this Trend PDF] $34 Billion Investment, 2021
Thoughts on personal data protection trends and outlook 2022-23 Data Science Central
The root problem with online identity: Poor data architecture design Identity proofs (a.k.a., verifiable credentials) that stay encrypted and on your phone
European
Spherity won the second EU project with EBSI: Traceability Reference Architecture Conformant EBSI
Within this project, Spherity will lead the work package on Products & Materials Traceability that deals with Seafood, Agrifood, Halloumi, and Battery Traceability.
EWC has been selected by the European Commission to participate in EU Digital Identity Wallet Large Scale Pilots Intesi Group
The pilot will focus on situations which are central people’s online lives and identify barriers and enablers to adoption and scaling of the EUDI wallet.
EWC selected by European Commission to participate in Digital ID Wallet Large-Scale Pilots Spherity
The pilot scenarios require the collaboration of a multitude of European partners such as Wallet Providers, Qualified Attestation and other trust services, Personal Identification Data (PID)-/ Organisational Digital Identity (ODI)-Providers, relying on parties such as travel agencies, airlines, ferry operators, as well as international payment providers.
eSSIF-Lab Final Event: leveraging self-sovereign identities around Europe ESSIF Lab
More than 80 self-sovereigneSSIF-Lab, an EU-funded Research and Innovation project about self-sovereing identities celebrated its final event last Thursday, December 1st, at La Tricoterie in Brussels, counting with over 80 SSI and NGI experts and many more via an online livestream
[video] The Future Use of Self Sovereign Identity and Verifiable Credentials
Alexander presented the lessons learned from the European Horizon 2020 project QualiChain
Organization
Why are joined up services so difficult to deliver? MyDex
When it comes to making handovers between these specialisms things fall apart. Information isn’t passed on. Actions fall between stools. There is miscommunication, error and poor coordination.
When organisations become waste factories MyDex
There’s an old joke told by economists that if you see a £€$100 note on the ground, ignore it because it must be a scam. If it wasn’t a scam, someone else would have picked it up already.
Explainers
Decentralized Identifiers Provide Secure Supply Chain Visibility Transmute Tech
[video] Self-sovereign identity: A primer for privacy pros conversation between Dominik Beron (walt.id), Kristina Yasuda (Microsoft) and Kaliya IdentityWoman Young
Is Self Sovereign Identity compliant with the GDPR? STDIL
A finalized assessment of whether an SSI system is compliant with the GDPR can only be made case-by-case within a specific implementation. The questions listed above nevertheless give a concise overview of the most relevant problem areas.
[tweet] Non-Fungible Tokens vs Verifiable Credentials Extrimian
Company News
New Partnership for Technological Progress Daasi
Open Sources is vitalised by collaboration and its corresponding communities. Thus it is vital for companies in this sector to have an active partner network. After successful collaboration between Vereign and DAASI International on the Gaia-X Federation Services, both companies decided to let the success grow by officially announcing their new partnership.
Web 7.0 DIDComm Agent Architecture Reference Model (DIDComm-ARM) 0.40 Hyperonomy
Enrich Customer Profiles by Unifying First-Party Data auth0
FullContact hits the Marketplace with four integrations
Consumer trust, business efficiency and patient safety start with globally unique and verifiable identification GS1
The GS1 Registry Platform is a cloud-based repository of Global Company Prefixes (GCPs), GS1 Identification Keys such as Global Trade Item Numbers (GTINs or barcode numbers) and GS1 Global Location Numbers (GLNs), each accompanied by a minimum set of data attributes and links to other sources of data.
[tweet] Unveiling our latest experiment Auth0
use auth0 to issue and verify Verifiable Credentials (VCs) at https://verifiablecredentials.dev/
Use Case
Identity in the metaverse at risk, says former Windows architect Cointelegraph
Cointelegraph spoke with Andrew Newman, chief technology officer and co-founder of cybersecurity firm ReasonLabs and former architect of Microsoft’s Windows Defender anti-malware software.
[podcast] Aon’s Jouko van Aggelen on using verifiable credentials to prove skills Velocity
An experienced HR leader, Jouko is passionate about connecting people, data and tech to create actionable insights for individuals and organisations, making him the perfect person to explain how verifiable credentials unlock new possibilities for people to prove their skills now and in the future
Decentralised ID: the surveillance capitalism and fraud fightback The Paypers
We are expecting tooling to enter the market which will take the load off users. Users will have direct control over their data but may set policies that decide where it is shared. This could be sharing fake names and proxy email addresses when registering for public wifi but sharing real details when interacting with a bank.
Public Sector
Why Governments are taking notice of Decentralized Identity Technology Indicio
Trust is important. I don’t think that will come as a shock to anyone. What might be surprising is how many opportunities there are in a day, or even a single interaction, to break that trust.
FIDO Alliance White Paper: FIDO for e-Government Services FIDO Alliance
With phishing attacks on the rise, it is imperative for governments to support “phishing-resistant” MFA technology that is also accessible, efficient, and cost-effective.
Wallets
Wallets and Agents Phil Windley - adapted from my forthcoming book, Learning Digital Identity, from O'Reilly Media.
Nexera ID Brings Self-Sovereign Identity & Verifiable Credentials To Any Crypto Wallet New Cryptocurrency News
“Nexera ID solves some of the biggest challenges in the space today around self-sovereignty, self-custody and privacy,” said AllianceBlock CEO & Founder Rachid Ajaja. “With Nexera ID, we are ushering in the next era of self-sovereignty, self-custody, security of digital assets and protecting users’ privacy.”
Web 3
Energy Web joins Hyperledger Foundation to Accelerate Web 3 Interoperability Energy Web
Specifically, Energy Web will contribute towards enterprise interoperability of Web 3 solutions via Hyperledger FireFly. Interoperability between different blockchains and identity solutions has emerged as a top priority for Energy Web as the organisation begins constructing solutions that leverage multiple technologies from different enterprise and Web 3 ecosystems.
Towards Digital Self-Sovereignty: The Web3 Identity Stack Nichanan Kesonpat, 1kx Network
[audio] Ethereum in 2023 with Vitalik Buterin bankless
what Ethereum’s most scalable use case is, why he plans to say ‘Ethereum’ rather than ‘crypto’ in 2023, how Ethereum solves the big bad identity problem, and why he thinks “simple DeFi good, complicated DeFi bad.”
Cryptoeconomic Markets Research ConsenSys
Historically, when the US Federal Reserve (Fed) begins tightening, it exposes asset classes where excessive leverage has built up. In 2000 it exposed technology companies (the Tech bubble), in 2007 it exposed subprime lending (mortgage-backed securities), and in this cycle it exposed crypto.
Decentralized Web
Playing with ActivityPub Mac Wright
Under the hood, there’s ActivityPub, WebFinger, and a number of other neat standards like JSON-LD, but for most people, they’re using Mastodon, the application. Mastodon is the software that you sign into and use as a Twitter alternative, and it’d built on all of those standards.
[thread] Bluesky is building a social protocol bluesky
We released “ADX” (the X stood for Experiment) in May. Now that the design is starting to solidify, we’re renaming it to the “Authenticated Transport Protocol” — the “AT Protocol.”
NOSTR
a native internet protocol for social media: Small Grants from @Jack GetRevue
There’s a lot of conversation around the #TwitterFiles. Here’s my take, and thoughts on how to fix the issues identified.
I’ll start with the principles I’ve come to believe…based on everything I’ve learned and experienced through my past actions as a Twitter co-founder and lead:
Social media must be resilient to corporate and government control.
Only the original author may remove content they produce.
Moderation is best implemented by algorithmic choice.
Jack Dorsey Gives Decentralized Social Network Nostr 14 BTC in Funding Coindesk
The former Twitter CEO has donated roughly 14 BTC worth $245,000 to fund Nostr's development, after recently publishing his views on a native internet protocol for social media.
nostr-protocol/nostr github
The problem with Mastodon and similar programs
User identities are attached to domain names controlled by third-parties;
Server owners can ban you, just like Twitter; Server owners can also block other servers;
Migration between servers is an afterthought and can only be accomplished if servers cooperate. It doesn't work in an adversarial environment (all followers are lost); [...]
The problem with SSB (Secure Scuttlebutt) [...]
its protocol is too complicated because it wasn't thought about being an open protocol at all. It was just written in JavaScript in probably a quick way to solve a specific problem and grew from that, therefore it has weird and unnecessary quirks like signing a JSON string which must strictly follow the rules of ECMA-262 6th Edition;
What if I told you things like Nostr are just little installable protocols that can run on Web5's DWeb Nodes Daniel Ƀrrr
right next to your installed protocols for music, personal photos, collaborative document editing, career info, calendars, encrypted medical data, event tickets, etc.?
Nostr is a stupid simple P2P protocol that works, built by builders | Hacker News
* Nostr uses websockets and relays to build a really simple P2P network. We also steal a few ideas from bitcoin (ECDSA ids, schnorr-signed events).
* Relays are simply dumb data stores for events that clients publish and subscribe to. […]
* Nostr is powerful enough to host chat apps very easily. Here is a rip of Telegram, running on Nostr
Thanks for Reading!
Read more \ Subscribe: newsletter.identosphere.net
Contact \ Submission: newsletter [at] identosphere [dot] net