Identosphere 150: Provider Discovery • The Rise of CredTech • Zero Trust • JOSE COSE Algos, Fully Speced
Weekly edition of the latest Self Sovereign Identity related news, development, upcoming events, and thoughtful commentary from the blog-o-sphere. Thanks for your continued support.
Identosphere’s Weekly Highlights
We Gather, You Read!
Still aggregating industry info, Without Advertising or Sponsorship. Support by PayPal, or Patreon!
Upcoming
[Germany] Self Sovereign Identity at Eclipse: Why, What, and How? 10/17 Eclipse Con
[California, IIW] Internet Identity Workshop #37 10/10-12 ← Ticket Sales Open
PreIIW Activities
OpenID Foundation Hybrid Workshop 10/09 12:20-3:45
Open Wallet Foundation - in the Morning.
VRM Day - all Day
JFF PlugFest - afternoon
Hiring
Software Engineer in Test Atala Prism
Funding
Really excited to see this new Code With Us opportunity from the BC Digital Trust 2023-09-01 Hyperledger
They are looking for applicants to develop a Load Generator for Testing BC Gov Issuers, Verifiers, and DIDComm Mediator, w/ a budget of $60k CAN. Details here: https
Decolonising financial compliance Lido Nation
Build ecosystem governance frameworks and technology for Āhau, using TribalDIDs methodologies, to interoperate with financial and compliance systems removing nation-building barriers in Aotearoa/NZ
[Tweet, Cardano, AtalaPrism, DIDComm, DIF] Get ready for real Peer-to-Peer encrypted chat, without a centralized provider in the middle 2023-09-01 Bjorn Sandmann, Blocktrust
Powered by DIDs, DIDComm and our identity wallet. Please consider supporting our work in Catalyst F10!
Narrative
CTA to SSI crowd, how do you feel about the term: #CredTech? 2023-08-08 Alex Tweeddale
- We’re seeing a convergence around “Digital Credentials”, whether W3C VCs, mDocs, AnonCreds or other,
- It’s far more self-explanatory than SSI,
- It’s an iteration of @rileyphughes’ #IDTech
The Future of Data is 'Zero Data' 2020-06-15 CitizenMe
1) Zero Data platforms that hold zero data
Personal data should be held by humans first, and by the companies, organisations and governments that humans choose to interact with, second.
Explainer
Decentralized Technology and Verifiable Credentials: A Comprehensive Guide Sourceless Blockchain 2023-07-13
Verified Credentials: Why The Are Essential in Our Digital Age 2023-08-31 Dock
What is Governance with Trevor Butterworth 2023-08-17 Identity Insights, Indicio
Indicio VP of Communications and Governance Trevor Butterworth joins Identity Insights to explain what governance is and why its important. See a demonstration of governance in action: Governance Demo
[Network Security, User Authentication, Application Security] Zero Trust 2023-08-28 Phil Windley
While vendors provide ready-made solutions for many aspects of Zero Trust, you'll still need to tailor these solutions to your organization's unique needs and integrate them into a coherent strategy. Here's breakdown of the things you need to do on your own (i.e., you can't buy these)
Government
[Report, FPF] UNLOCKING DATA PROTECTION BY DESIGN AND BY DEFAULT: LESSONS FROM THE ENFORCEMENT OF ARTICLE 25 GDPR 2023-05-17 Future of Privacy Forum
This analysis is all the more important, with novel technologies involving very complex personal data processing, like Generative AI, being built and deployed on the market, raising data protection concerns.5 Understanding how this obligation manifests in practice and what are the requirements of DPbD&bD may prove essential for the next technological age.
The U.K. Government Is Very Close To Eroding Encryption Worldwide 2023-07-26 Electronic Frontier Foundation
U.K. lawmakers still have a chance to stop their nation from taking this shameful leap forward towards mass surveillance.
Spec Work
Fully-Specified Algorithms for JOSE and COSE 2023-08-29 Mike Jones
This specification creates fully-specified algorithm identifiers for all registered polymorphic JOSE and COSE algorithms and their parameters, enabling applications to use only fully-specified algorithm identifiers.
Identity Provider Discovery Spec 2023-08-28 Mee Foundation
Provider Discovery is a specification that defines how an app/site can discover information about one or more authentication, digital wallet, age verification, or other types of providers a person chooses to disclose to this app/site via the browser/OS they are using to interact with it.
[OAuth Security Workshop] The Key Is Not Enough! – OpenID Connect Federation at OSW 2023 2023-08-27 Mike Jones
2016 - First draft of OpenID Connect Federation 1.0
2020 - First interop between implementations
2021 - The valley of desperation: “Why is nobody interested?”
2022 - Wow, Italy adopts OIDC Federation for their national eID !!!
Cryptography
ElGamal Verifiable encryption using Kryptology and Golang 2023 Buchanan, William J A Security Site
With verifiable encryption, Bob can prove to Alice that he has used a given encryption key of a ciphertext with a NIZK (Non-interactive Zero Knowledge Proof). In this case we will use ElGamal encryption and generate a proof of the public key which has been used for the encryption. If Bob uses Trent's public key to encrypt some ciphertext for Alice, then Bob can produce a proof that it has been encrypted with Trent's public key. Alice will then be able to check this against Trent's public key. In this case, we will use the secp256k1 elliptic curve, and use AEAD encryption to perform the actual encryption on the message
Company News
Patnerships
[Tweet, Adoption] Over a month since we partnered with Verida to support their incentivised test-net 2023-08-27 Gatekeeper
missions by issuing VerifiableCredentials for participants to prove their involvement. Today, we sit at an excess of 5000 VC claims. Thank you to everyone who has participated
[HID Global] Gataca and HID Partner for SSI Opportunities 2023-08-27 Gataca
HID is a major corporation in the secure identity industry with a strong global presence, and is at the forefront of empowering verified and trusted identities with its comprehensive range of solutions, from access control and identity management to citizen ID, card printing, and RFID tracing, monitoring, and location systems.
Product / Development
Microsoft Entra Private Access: An Identity-Centric Zero Trust Network Access Solution 2023-08-28 Microsoft
[Landing Page, 101] Decentralized Identity, Decentralized Identifiers, and Verifiable Credentials Curity
The Curity Identity Server version 8.2 introduced the ability to issue verifiable credentials using the OpenID for Verifiable Credential Issuance draft specification.
Credential Issuers Can Now Request Missing Data Directly From Users Dock
Let's say an Organisation wants to issue a VC to someone, but they are missing crucial details about the Holder. Now, the Issuer can request that missing data, and the Holder can fill in the missing information from their Wallets. Once the details are submitted, the VC is automatically issued to the Holder's Wallet.
[HowTo] Building Polygon ID-Based Verifiable Credential Apps Is Fast-Tracked With Dock’s Platform 2023-08-28 Dock
Convert user data into fraud-proof and instantly Verifiable Credentials
Create decentralized identifiers (DIDs) on the Polygon blockchain
Issue Polygon-based Verifiable Credentials in as little as 2 API calls (create a DID and issue a credential)
Import credentials to Polygon-based ID wallets
Accelerate implementations with easy integrations without complex code
Speed up the app building process to get faster to market
[GCloud] Simplify adoption of open source verifiable credentials with Google Cloud 2023-08-06 Indicio
Remove the need for complex open source adoption roadmaps, the need for complicated partner integrations, and manual data verification. Build using open standards with open source to reduce fraud, enhance security, and maximize efficiency and user experience.
[eIDAS, OID4VC, DIDComm, ACA-Py, AnonCreds] Indicio offers a variety of verifiable credential protocols, tools, and building blocks 2023-08-29 Indicio
we help our customers assess what is important to their use case [...] technologies we have on our roadmap, here are the technologies we are asked about most often:
Credential types: SD-JWT, JSON-LD, OpenBadges 3.0, mDL/mDOC
Protocols: DIDComm v2, OID4VCI/OID4VP, WACI
DID Methods: did:web, did:indy, did:ion
Governance: DIF CredentialTrustEstablishment, eIDAS PKI, TOIP Trust Registries
Signature Types: RSA, ECDSA, Secp256k1
Codebases
[Video] What is SocketDock with Colton Wolkins 2023-08-31 Indicio, Identity Insights
https://github.com/hyperledger/aries-socketdock “Websocket Relay Service for use with clustered Mediators”
[twitter] verify Verifiable Credentials (VC) issued for the GS1 Verifiable Credentials Digital License ecosystem 2023-08-31 Phil Archer
just released a load of open source code (under Apache 2.0) for verifying GS1 Verifiable Credentials (following relevant @w3c specs) Really happy to see this. We're already working on how we can develop and expand our use of VCs. https://github.com/gs1us-technology/vc-verifier-core
Use Cases
[SupplyChain] Vincent Weijers, COO of bol.com: "Without good product identification, our operations would fall apart." GS1
[DIDs, VCs] Photo forensics for AI-generated faces Content Authenticity Alliance
[Kids] My teddy, my blanket, … my Data? MyData
The unique approach of the mIKs-it tool lies in the fact that it focuses on the developmental stages of 0-7 years. Whether it is playing with their parents’ phone, watching YouTube or listening to songs: early childhood is most likely the period when children will first come into contact with technology.
Automating Billing & Settlement: use cases and examples in multiple know-your-customer verticles 2023-08-31 Baseline Protocol
The digital business dilemma states that digital business transactions can at most fulfill two of these three characteristics: decentralization, security, and performance.
Organization
Why I took on the tomi challenge and you should too: DAO expert opinion 2023-08-31 Grace Rachmany, Tomi Pioneers
Experimenting with Daos. Grace Shares about Tomi experience
the DAO tooling we can create together will resonate throughout Web3. DAOs for content moderation, DAOs for name services, DAOs for strategy-building, Verifiable Credentials and DIDs for DAOs, reputation for DAOS, accountability for fulfilling DAO proposals… All of these are part of tomi’s agenda for the next year’s planning.
[GreenPeace] Exploring community learning pathways Part 2: Greenpeace’s Critical Incident Network 2023-08-31 We are Open Co-op
Creating a whole educational programme is much more complex than simply putting together a training session. [...] This process combines learning goals, ways of testing understanding, teaching methods, carefully chosen resources, and more.
Mid-Year Progress Report on the ToIP Trust Spanning Protocol Trust over IP
seven pillars apply not just to the trust spanning protocol, but to a core family of protocols that together form the foundation for all the trust task protocols at Layer 3 of the ToIP technology stack. [...]
Verifiable Identifiers
End-to-End Authenticity and Confidentiality
Direct Connections (Inner and Outer Channels)
Routing Via Intermediaries (Routing Channels)
Relationship Context Channels
Text and Binary Encoding
Trust Task Protocol Framework
Identity NOT SSI
The Second Law of AuthN-Dynamics Kuppinger Cole
[Estonia] Government plans to allow voting by smart device from next elections 2023-08-28 ERR
Tracked an NYC Subway Rider's Movements with an MTA ‘Feature’ 404 Media
Your non-employee “identity junk drawer” could lead to major security issue SC Magazine
[AI] NYU Researchers Detail Age-Altering AI Model FindBiometrics
[AI, IP] US Copyright Office wants to hear what people think about AI and copyright 2023-08-29 The Verge
[Domain Names] Introducing the 100-Year Plan: Secure Your Online Legacy for a Century 2023-08-25 Wordpress - Finally someone is doing something to address “digital death”
[World Coin] French data watchdog probes Worldcoin’s Paris hub Politico
Web 3
The Blockchain Trilemma - ETH Vs SOL Vs ATOM with Mike Ippolito 2023-09-04 bankless
Mike Ippolito, co-founder at Blockworks, who's here to breakdown his take on the Blockchain trilemma and how Ethereum, Solana, and Cosmos chains all attempt to solve it
[Podcast] Marko Baricevic: Cosmos SDK - The Internet of Appchains 2023-08-26 Epicenter
[US Regulation] Four Bills That Will Define The Future Of Digital Assets Defiant
FIT for the 21st Century Act, RFIA, DAMS, and DCEA Could Finally Bring Regulatory Clarity To The U.S. Crypto Industry
[Thread 1/6, lisk-did] A comprehensive toolkit to develop W3C Decentralized Identifier (DID) and Verifiable Credentials (VC) for @LiskHQ Sidechain! 2023-08-29 Aldo Suhartono Putra
lisk-did.js.org [...] https://www.npmjs.com/package/lisk-did [...] kruuu.com becomes the first lisk-did adopter, fostering secure blockchain-based certifications for trusted talent empowerment!
Ushering in the next chapter for USDC 2023-08-21 Coinbase
Coinbase is increasing its support for stablecoins with an investment in Circle; Circle will take full control over USDC issuance and governance; Coinbase and Circle will also maintain a commercial relationship.
Thanks for Reading
Read more \ Subscribe: newsletter.identosphere.net
Contact \ Submission: newsletter [at] identosphere [dot] net