Identosphere 196: Transatlantic Interop • DHS Wallets Primer + Gov Reports on ID • Internet Safety Labs on Identity Resolution • DIF -> Credential Trust Establishment Working Group
Upcoming events, company news, organizational updates; standards, specifications, and deep thoughts on everything related to decentralized identity and verifiable credentials
DIF's Credential Trust Establishment Working Group has released a new white paper [...] describing how to achieve scaleable trust relationships in decentralized identity networks. [...] This paper explores different trust network architectures, comparing risks, benefits, and tradeoffs. It highlights the advantages of the Credential Trust Establishment Specification, offering practical recommendations for developing and managing of trust networks.
This data model is the expression about trust from the ecosystem authority, who creates, signs, and publishes the document. Any information in the document is assumed to be the carefully selected choices of the authority, including any schemas, participants, and linked governance files. Publishing the file itself places no requirement on any other participant to read or respect the opinions of the file. [Whitepaper]
Less than a year ago, I first encountered Verifiable Credentials (VCs) - a W3C standard for digital credentials that state specific facts about individuals, organizations, or entities. My initial reaction was similar to the conference attendee’s response. However, after interviewing SSI builders on a weekly livestream, my perspective changed dramatically.
The NDI wallet is a self-sovereign identity-based digital wallet designed to empower users by allowing them to securely store, share and manage their credentials within their own wallet.
The present document aims at providing a comprehensive overview of existing cryptographic schemes for selective disclosure and the formats and protocols associated with these cryptographic schemes.
For too long both the IAM and the Decentralized Identity communities were focused on boring stuff like government credentials. I don’t love it when I need to show my driver’s license. We’ve centrered the ecosystem around things that are done begrudgingly, they’re not fun for users. I think that’s maybe why the long tail of developers have not embraced DI yet.
“Verifiable credentials are really about metadata “
The term metadata has become rather loaded. Perhaps even poisoned, for its association with telecommunications surveillance. But I want to sing its praises for it is metadata that tells us if any given information is accurate or reliable, Or trustworthy, fit for purpose, valuable.
Together, S&T and USCIS’s Office of Intake and Document Production (OIDP), which designs and secures vendors to produce immigration documents, decided to use two open global standards – the Verifiable Credentials Data Model (VCDM) and Decentralized Identifiers (DIDs).
The C2PA specification supports the inclusion of W3C Verifiable Credentials(VC) into a C2PA Manifest to represent a human or organisation that may be directly associated with an asset in some way, such as the author or publisher. VCs on their own do not infer an association; this is done via credentials links in the various places they are used, such as the stds.schema-org.CreativeWork assertion, or in Assertion Metadata. The actual VC’s are stored as part of the "VC Store".
The W3C Verifiable Credential Overview that I've been reading since last month has been slightly updated. This is an update from the June 13, 2024 version to the July 6, 2024 version. Well, in the end there weren't any major updates. The samples were just changed. A quick look at the changes.
A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision. This note starts the 60-day public review period for the specification draft in accordance with the OpenID Foundation IPR policies and procedures.
In this project, we conducted an experiment that connects SSI infrastructures in the US and the EU, and we demonstrated that decentralized digital identity based on open standards can be globally interoperable and connected. To achieve this, we built upon existing infrastructures and use case narratives that have been developed in the US and the EU.
We are happy to announce the publication of our latest report, a result of the extensive efforts and dedication of the INATBA Industrial Blockchain Task Force. The report presents an overview of the status of the large and growing number of public and private consortial projects with relevance for an industry or a number of sectors, as they are using, suggesting or standardising blockchain technology as part of their innovation roadmap.
core components of a modern digital identity strategy, including: Decentralized Identifiers (DIDs), Verifiable Credentials (VCs), and Verifiable Data Registries (VDRs) - all of which rely on digital signatures (which were explained in Part 1). These tools and standards enable us to bring much needed trust to the digital realm by mirroring the norms of how we establish trust in the physical world - with secure credentials possessed and presented by citizens that authenticate their intent.
To advance the current Digital ID strategy, OIX proposes several actions. The group advocates for the evolution of DIATF to include a digital wallet strategy, leveraging the increasing use of digital wallets globally. The letter suggests that the government should support the private sector in creating and issuing digital credentials, ensuring that common proof of identity documents had digital equivalents with the same legal status
Supporting Trust Frameworks are increasingly biometrics and AI – both of which need demystifying for the public to gain confidence in them – along with Digital Public Infrastructure, the Metaverse, passkeys, digital cash, digital driver’s licences, next generation payments, the critical need for digital inclusion, and the challenges of delegated administration across communities. The agenda comprises local and international speakers covering these topics as well, all reviewed by a panel of four experts reviewing the sessions from a Te Ao Māori perspective.
This convening brought together leading stakeholders from the digital development academic and practitioner communities to consider four scenarios that present DPI and ‘generic’ approaches to common aspects of digital transformation. Participants’ discussion was structured around two specific questions: What distinguishes a ‘digital public infrastructure approach’ from a ‘generic’ approach to digital transformation? What are the specific risk profiles of a ‘digital public infrastructure’ approach to digital transformation?
Is this product sustainable for the user? If you’re successful, what does their life — and the life of their community — look like? Are you removing equity or agency from them? Can they step away? How do you know what the downsides of your product might be for them, and how are you avoiding them?
Consumers want to use biometrics to verify themselves online more, especially in sensitive use cases like financial services – where one out of two people said they would use biometric technology (48%).
One in four feel they experience regular discrimination when using automated facial biometric systems (25%).
This blog explores the knotted problem space of data governance, and how traditional property rights frameworks are increasingly ill-suited to deal with the distributed contributions, impacts, and risks of data and the emerging technologies it makes possible. [...] What becomes abundantly clear is that property rights in their current form are insufficient to address the privatization of public value, to deal with the inefficiencies of use and rent-seeking behaviors in our digital economies, or to manage distributed contributions and value flows of emerging technologies.
What are the implications for trust in the future internet where computational intelligence, i.e., AI, can mimic all sorts of content in ways that can benefit or harm interacting parties? At cyberevolution in Frankfurt this December, we will explore the implications of these and related phenomenon, with the intention of understanding the dynamics at the crossroads of trust and risk. We hope that you can join us.
Volla is reinventing what it means to hold a mobile phone in your hands, and we are glad to be a part of that. These are just the first Holochain apps to be built for Volla, but as a partnership committed to privacy first, distributed tech, we expect that there will be many more. Holochain on mobile is a huge leap, and we are thankful to Volla for blazing this trail.
Dhiway and Tarento have signed a Memorandum of Understanding (MoU) to collaboratively explore the design, development and production of various applications and services, including Dhiway’s credentialing platform MARK Studio and the trust infrastructure enabled by CORD Blockchain. The joint effort will leverage the modular trust infrastructure from Dhiway to provide verifiability of data with continuous assurance.
Many platforms rely on easily manipulated self-reported data for age verification. Privacy Risks: Traditional methods compel users to disclose sensitive personal data, raising serious privacy concerns. Regulatory Complexity: Compliance with diverse international regulations complicates operations for global platforms.
From the stone tablets of ancient civilization to single sign-ons with Google, a number of factors have remained fairly constant. Striving for a faster and easier way to issue and verify credentials brings with it an increasing number of tradeoffs in security and privacy. Falsification has gotten easier, while centralized platforms continue to become targets for corruption, data breaches and internal misuse.
In addition to being trusted digital identities, verifiable credential technology comes with its own way of communicating. It’s direct, one-to-one, and encrypted. This means each DTC has a consent-based way to create a secure trusted relationship with a traveler and take loyalty programs and service integration to the next level (again, this is why it’s important to make sure DTCs are verifiable credentials and not just fancy digital certificates).
A harder problem to solve is known as “issuer-verifier” collusion. In this scenario, the issuer of an ID–or, more likely, a rogue agent within the issuing organization–remembers a user’s unique values (such as keys or digital signatures) and, at a later time, combines them with data from places where those keys or signatures are used. This is possible even in architectures without “ phone home ” because issuing authorities (such as governments or large institutions) often have power over organizations doing the verifications, or have been known to purchase their logs from data brokers.
This file provides the list of all known companies that provide identity resolution or customer data platforms (or both), worldwide. ISL provides this data as an informational tool reflecting research at this point in time.
As a preview of coming attractions, I’ll note that profiles of OpenID Federation are being written describing how it being used in wallet ecosystems and how it is being used in open finance ecosystems. And we’re creating a list of implementations. Watch this space for future announcements.
In the latest episode of our podcast Making Data Better, George Peabody and I are joined by the former NSW Chief Data Scientist Dr Ian Oppermann. Among many other things, Ian helped set up the NSW Data Analytics Centre, he led the development of a series of superb papers on data sharing and the digital self at the Australian Computer Society, and he represented Australia in the development of the new international standard for Data Quality, ISO 8000.
ISL conducted this research to help illuminate the sizable risk of hidden identification and the worldwide web of user surveillance. ISL believes naming and exposure is crucial to effecting change. Identification resolution and customer data platforms have been hiding in plain sight for more than a decade, and yet even the “identerati” are largely unfamiliar with these industries. How can we expect everyday people to know?
