Identosphere 169: Apple Proposes to Open NFC in EU AutiTrust Deal • Formal Security Analysis of OpenID for VCs • Credentials for AI
Weekly edition of the latest Self Sovereign Identity related news, development, upcoming events, and thoughtful commentary from the blog-o-sphere. Please support our continued work aggregating infos!!
We Gather, You Read!
3+ years and still aggregating industry info: No Marketing, No Sponsorship, Just the top stories in the Verifiable Credentials galaxy!
Consider supporting our efforts by PayPal, or Patreon!
Upcoming
[Virtual] FTC Tech Summit 1/25
[Brussels] EU Policy Devroom at FOSDEM 02/04
A Private Event for Executives in Identity, Cabo, Mexico 02/6-8
[EU] DIGITAL HORIZONS 360 Sponsorship Invitation. Hospitality Technology Innovation 02/20-21 Spain
Annual Privacy Forum 2024 Enisa. Submissions due 04/15
[California] Internet Identity Workshop #38 04/16-18 (super earlybird tickets end Friday)
RFC
FTC is taking another look at COPPA and kids’ online privacy – and we want your insights 2024-01-11 FTC
You’ll want to read the Notice of Proposed Rulemaking to see what’s on the table. Some of the suggested updates address changes in technology, such as limiting push notifications to kids. Others aim to clarify and streamline the COPPA Rule and strengthen data security. And still others are designed to strengthen how children’s personal information is protected online with an aim to ensure that parents – not companies – are in charge. For example, the proposal would require targeted advertising to kids to be off by default.
Massive News!!!!
Apple offers to open up NFC payments access to settle EU antitrust probe Finextra
Apple would create the necessary APIs to allow equivalent access to the NFC components in the Host Card Emulation mode, a technology issued to securely store payment credentials and complete transactions, without relying on an in-device secure element.
The EC is now giving competitors and customers one month to comment on the commitments.
Looking ahead
Trends in Decentralized Identification to Watch for in 2024 2024-01-17 Indicio
While credentials are an integral part of the equation, many travelers will never think twice about them, and may not even realize they are using decentralized technology. We see this simplicity and speed driving adoption in many other industries, as they realize the time and cost savings to be gained.
The Future of Identity: the Role of Blockchain for Identity 2024-01-16 WaltID, Polygon ID
In the landscape of our digital age the very essence of identity is undergoing a profound shift. This webinar explores the role of blockchain in the various entities that govern the ecosystem of decentralised identities. We have an array of experts: people working on blockchain, decentralized identity Solutions and SSI in those use cases, as well as business development. This discussion not only unveils the challenges but also illuminates the amazing possibilities that lie ahead.
Standards
(1/2) We built an SSI-to-OIDC bridge that allows any OpenID Connect client to adopt Verifiable Credentials for sign-in 2024-01-19 hoops_felix
It is comparatively straightforward to set up and, of course, free and open-source.
Verifiable Credentials (#W3C #VC) and Mobile Driver License (#ISO #mDL) are the most popular #openstandards for #digitalcredentials 2024-01-19 Harrison Tang
Listen to @IDIMAndrew sharing the latest updates on mDL
Formal Security Analysis of OpenID for Verifiable Credentials 2024-01-18 OpenID
The formal security analysis uses the Web Infrastructure Model (WIM), a detailed formal model of the web, which has been developed by the University of Stuttgart and used to complete formal analysis of other protocols including the OpenID Foundation standards OpenID Connect, FAPI 1.0 and FAPI 2.0, and the foundational IETF standard OAuth 2.0 (RFC6749). In this instance, the WIM is used to model the interaction of OID4VCI and OID4VP in an ecosystem.
OPUS: OpenID for Verifiable Credentials : formal security analysis using the Web Infrastructure Model 2023 University of Stuttgart
To describe what security means in this context, we define an authentication security property and a session integrity security property for OID4VCI and OID4VP. We prove that the model is secure with respect to the security properties under the assumption of a vigilant user. If this assumption is violated, we have discovered a number of attacks. This work makes several contributions to the protocol specifications: First, the discovered vulnera- bilities were brought to the attention of the working group. Second, several issues were filed to improve the quality and security of the specifications. Lastly, we engaged in ongoing discussions on related issues.
The Hitchhiker’s Guide to KERI. Part 1: Why should you adopt KERI? 2024-01 Nuttawut Kongsuwan, Finema
[OpenID Connect] Publish releases to PyPI from GitHub Actions without a password or token 2024-01-14 Simon WIllison
Tell PyPI which GitHub repository should be allowed to publish a package with a specific name
Configure a GitHub Actions publish workflow to use the pypa/gh-action-pypi-publish@release/v1 action
Publish a release to GitHub that triggers the workflow
Ecosystem
[thread, 2023 recap] Notable collaborations with the @0xPolygonID ecosystem showcased the power of #VerifiableCredentials and zero-knowledge proofs 2024-01-18 Verida_io
We are grateful to all our amazing partners, advisors and community for shaping the decentralized landscape with us
Canada
Strengthening Trust in the Digital Ecosystem: Introducing the Digital Trust Conformity Assessment Program 2024-01-18 Digital Governance Council
The rollout of the Digital Trust Conformity Assessment Program marks an opportunity for organizations to demonstrate their commitment to their digital governance. We commend PlaceSpeak for their pioneering spirit and invite other organizations to follow suit, seeking the DGC Trustmark as a declaration of their pledge to a secure and trustworthy digital future for all Canadians.
EU News
Self-sovereign identity is not enough 2024-01-15 Blockworks
EIDAS and the roll-out of SSI will redirect the ownership of certain data-sets away from corporations. However, that doesn’t instantly place data back in the hands of users. To the contrary, Article 45 in the eIDAS legislation makes it possible for the EU to monitor the online activities of SSI wallet owners within its jurisdiction.
If enacted, this provision would mean that both the state and Silicon Valley could monitor and analyze the online activities of users.
TALAO Digital Identity Wallets Soars past 20,000 Downloads 2024-01-18 Talaco
But our commitment goes beyond providing state-of-the-art DID wallets. We're continuously integrating the latest OIDC4VC protocols, diverse Verifiable Credentials formats, and multiple DID methods to stay ahead in the new decentralized digital identity realm.
👉 Read more about our tech stack and commitments as Decentralized Identity (DID) Wallet Provider
A Closer Look at eIDAS 2.0 and the EU Digital Identity Wallet 2024-01-16 Kuppinger Cole
the key to unlocking the full potential of the EUDI Wallet lies not only in its technical capabilities, but equally in the investments made to educate users, promote transparency, and cultivate a user base that recognizes the transformative impact of digital wallets on both the personal and economic landscape.
Prague Land Ownership Mapping — Unearthing the Foundations of Affordability Crisis 2024-01-17 Dark Matter Labs
Through findings in this blog, we aim to question the importance of ownership data protection rules in the context of Europe’s rising costs of living crisis. The difficulty of access paralyses the research arena and informed public discourse on distribution of wealth and social responsibility (incl. involvement of journalists, academics, city administrations, etc.) further jeopardizing spatial justice. Ultimately, this hinders facilitation of adequate policy, law enforcement and action against exploitative practices such as property flipping, foreign investments, tax avoidance, money laundering and future responses to climate impacts.
Org News
DIF welcomes our new Executive Director
DIF is thrilled to welcome Kim Hamilton-Duffy as our new Executive Director.
Kim is a well-known figure at the heart of the decentralized identity technical community. She has been instrumental in pioneering early open source projects in the space, and has held leadership roles in technical standards and interoperability groups including the World Economic Forum, W3C, Decentralized Identity Foundation, and US Chamber of Commerce Foundation.
2024 OpenID Foundation Board of Directors Election Results 2024-01-17 OpenID
Thank you to following Corporate members that nominated themselves for the 2024 election:
Ralph Bragg – Co-Founder & CTO at Raidiam
Chris Michael – Co-Founder & Co-CEO at Ozone API
Atul Tulshibagwale – CTO at SGNL
Mark Verstege – Lead Architect for Information Security and Banking for the Consumer Data Right (AU)
Company Stories
SpruceID Joins the Rust Foundation 2024-01-09 SpruceID
Rust and its ecosystem has been fundamental for SpruceID’s offering from the beginning and has allowed us to achieve our goals swiftly and reliably. Joining the Rust Foundation is a way to give back to the community while ensuring the ecosystem continues to grow and help us stay on top of technical challenges.
Credentials for AI
We create AI integrity with tamper-proof credentials and anchors that attest to each step of the AI training process 2024-01-18 EQTYLab
Build trust from ingestion to inference with @w3c standards, @hedera @IPFS @n0computer https://huggingface.co/spaces/EQTYLab/lineage-explorer
A Trusted Copilot: Using Decentralized Identity to Manage an AI Virtual Assistant 2023-04-12 Indicio
The following position paper explores this idea in more detail. It anticipates using a ChatGPT-like virtual assistant to book an airline flight in a fully delegated way that results in a “beautifully frictionless process.”
But it also imagines what “a compromised AI virtual assistant could do with access to all your accounts AND a predictive understanding of your behavior and preferences.”
[Video] Using cryptography and digital identity to drive trust in a world of deepfakes and zero trust 2024-01-14 IOT Practicioner
A key factor for success in scaled evolution of IoT and Edge solutions is digital trust. Digital interactions with individuals, devices, datasets, and or disparate sources must be considered verified as originating from authorized sources to drive adoption and durable functionality. In this emerging model, TRUST = VALUE. Cyberattacks are increasingly threatening small & large businesses, hospitals, schools, and critical public infrastructure.
[C2PA/CAI] Falsified Photos: Fooling Adobe’s Cryptographically-Signed MetaData 2023-11-30 Hackaday
each file is signed with Leica’s encryption key such that any changes to the image, whether edits to the photo itself or the metadata, are tracked. The goal is to not only prove ownership, but that photos are real — not tampered with or AI-generated. At least, that’s the main selling point.
Research
AI and Democracy’s Digital Identity Crisis 2024 Shrey Jain, Harvard Getting Plurality Lab Samuel Vance-Law, Connor Spelliscy, Scott Moore, Decentralization Research Center
In this paper, we discuss attestation types, including governmental, biometric, federated, and web of trust-based, and include examples such as e-Estonia, China’s social credit system, Worldcoin, OAuth, X (formerly Twitter), Gitcoin Passport, and EAS. [...] governments will likely attempt to mitigate these risks by implementing centralized identity authentication systems; these centralized systems could themselves pose risks to the democratic processes they are built to defend.
A Universal System for OpenID Connect Sign-ins with Verifiable Credentials and Cross-Device Flow 2024-01-16 Felix Hoops, Florian Matthes, Technical University of Munich
Its handling of claims is highly configurable through a single policy and designed for cross-device authentication flows involving a smartphone identity wallet. For external interfaces, we solely rely on open standards, such as the recent OpenID for Verifiable Credentials standards. We provide our implementation as open-source software intended for prototyping and as a reference. Also, we contribute a detailed technical discussion of our particular sign-in flow. To prove its feasibility, we have successfully tested it with existing software and realistic hardware.
Establishing altruistic ethics to use technology for Social Welfare—How Japan manages Web3 and self‐sovereign identity in local communities 2024-01-18 Daum Kim, Jiro Kokuryo
We demonstrate, with reference to a local community in Japan, that SSI is successful in encouraging communal collaboration and well-being while providing individuals with greater control over their personal data. We also show that Web3 tools provide incentives for altruistic behaviors while safeguarding SSI. Integration of SSI and social protection demonstrates the potential for building an information society grounded in altruistic values, honoring individual dignity, and recognizing the government’s role in protecting social welfare. Ultimately, this research unveils how altruistic values can be fostered through SSI and Web3.
Digital Identity, Not SSI
Open Source by Gluu Agama Project of the Week: Episode 1: Agama-PassWord 2024-01-18 Loom
In this video, I present Glue's Agama Password Project, which is published in the Explorer Catalog. I demonstrate how to log into Agamalab, fork the project, and explore the code structure. I also explain the flow of the project and show the implementation of the password service. Finally, I download and test the project locally using Janssen auth server. This video provides a comprehensive overview of the project and is a great opportunity to try out Agama.
[REPORT] The Biometric Digital Identity Prism 2023-11 Prism Project
The Biometric Digital Identity Prism Report features:
Evolutionary trends influencing the biometric digital identity market.
Strategic guidance for vendors seeking to capitalize on opportunities in the biometric identity space.
Key differentiators to help plan a digital identity roadmap for your organization.
The advanced Biometric Digital Identity Prism market landscape reference model.
Assessments and profiles for vendors included on the Biometric Digital Identity Prism
Microsoft Entra’s Top 50 Features of 2023 2024-01-19 Microsoft
Below, you’ll find the top fifty features influenced by customer feedback and market needs. For a comprehensive list, please refer to the release notes. By adopting these latest identity innovations, you can better protect your digital estate and get more out of your security investments.
Path to Passwordless 2024-01-05 Findy Agency
Another option is to implement the WebAuthn support yourself. Some excellent open-source libraries already exist that ease the development of your backend service’s functionality for public key handling. Browser support for WebAuthn capabilities is rather good, and the integration to the web application is straightforward once the backend is in place. One can utilize dedicated client libraries for native applications (for example, iOS, Android, and Windows).
Winer's Law of the Internet Dave Winer
This is an extension to Postel's Law (the late Jon Postel was one of the key players of the development of the Internet), which says you should be liberal in what you accept and conservative in what you send. It goes further by saying that we should all collectively be conservative in what we send. This keeps the technology small and the market approachable by developers of all sizes. The large companies always try to make the technology complicated to reduce competition to other organizations with large research and development budgets.
Each Facebook User is Monitored by Thousands of Companies 2024-01-17 The Markup
Using a panel of 709 volunteers who shared archives of their Facebook data, Consumer Reports found that a total of 186,892 companies sent data about them to the social network. On average, each participant in the study had their data sent to Facebook by 2,230 companies. That number varied significantly, with some panelists’ data listing over 7,000 companies providing their data.
[Audio] Exploring Digital Identity 2024-01-16 Phil Windley
I was recently on the Identity at the Center podcast speaking with hosts Jim McDonald and Jeff Steadman. We discussed my journey into the field of identity, Internet Identity Workshop, and my latest book "Learning Digital Identity." We also discussed the book writing process, key takeaways from the book, and the future of identity innovation. It was a fun conversation. I hope you enjoy it too.
Thanks for Reading
Read more \ Subscribe: newsletter.identosphere.net
Contact \ Submission: newsletter [at] identosphere [dot] net