Identosphere 200!: NIST 900-63-4 Digital Identity Guidelines for Final Review • Personhood credentials & AI• MyData Call for portability
You weekly guide to the latest news events and other info surrounding development and implementation of decentralized identity and verifiable credentials. Thanks for your continued support.
Identosphere’s Weekly Highlights
We Gather, You Read!
We’re still aggregating industry info.
Thanks for supporting our efforts by a PayPal, or Patreon
Upcoming
[Berlin] SPRIND - EUDI Wallet Innovation Contest, including Lissi GmbH 9/3
Agenda for ETSI / CEN Workshop on EU Digital Identity Framework Standards 9/10-12
FediForum - unconference for the Fediverse 9/12-24 [Kaliya is facilitating]
Learn what FediForum is all about Check out the session notes and demo videos from our March 2024, September 2023 and March 2023 events to see what FediForum is all about. The sessions agendas you see there were created democratically each morning, and then run by FediForum participants. (Learn more about unconferences.)
[South Africa] DID UnConf: Africa *an IIW Inspired Regional Event 09/25-27
[Berlin, Global Trust Foundation] EU Digital Identity Wallets Forum 10/09
[California] Internet Identity Workshop #39 10/29-31 Early Bird Registration end August 29.
Shared Signals Interop Event at Gartner's IAM Summit 12/9-11
Standards
NIST Releases Second Public Draft of Digital Identity Guidelines for Final Review 2024-08-21 www.nist.gov
“Today’s draft revision from NIST highlights the Biden-Harris administration’s commitment to strengthening anti-fraud controls while ensuring broad and equitable access to digital services,” said Jason Miller, deputy director for management at the Office of Management and Budget. “By incorporating feedback from private industry, federal agencies, privacy and civil rights advocacy groups, and members of the public, NIST has developed strong and fair draft guidelines that, when finalized, will help federal agencies better defend against evolving threats while providing critical benefits and services to the American people, particularly those that need them most.”
NIST Special Publication 800-63 Digital Identity Guidelines pages.nist.gov
Call for Comments on Second Public Draft of Revision [...]
Key Updates to NIST SP 800-63, Revision 4:
Added context setting step
Expanded continuous evaluation metrics
Enhanced fraud management requirements
Restructured identity proofing controls
Integrated syncable authenticators guidance
Included user-controlled wallets in federation model
Updated all volumes to reflect current landscape and public feedback
SpruceID Joins NIST National Cybersecurity Center of Excellence (NCCoE) to Accelerate Mobile Driver’s License Adoption 2024-08-20 blog.spruceid.com
SpruceID is participating in the National Cybersecurity Center of Excellence (NCCoE) Accelerate Adoption of Digital Identities on Mobile Devices Consortium. This initiative will help define and facilitate a reference architecture for digital credentials that protect privacy, are implemented securely, enable equity, are widely adoptable, and are easy to use.
[tweet] Here is a better DID method (imo) that uses BitTorrent as its backing PKI infrastructure 2024-08-17 csuwildcat
and allows for multiple key association (of different types), as well as service endpoints for decentralized routing:
https://did-dht.com/
Explainer
[Personhood credentials 🧵] Think you can tell if a social media account is a bot? 2024-08-15 Steven Adler
What about as AI gets better? A new paper—co-authored with researchers from ~20 orgs, & my OpenAI teammates Zoë Hitzig and David Schnurr—asks this question: What are AI-proof ways to tell who’s real online? (1/n)
What is DIDComm? (With Pictures!) 2024-08-20 Indicio
[youtube] What is DIDComm? With Sam Curren and Helen Garneau 2024-08-22 Indicio
[linkedin] Exploring the DIDComm Protocol for Secure Communication in Decentralized Systems Gourav Patidar
How verifiable credentials disrupt online fraud, phishing, and identity theft 2024-08-19 Ken Ebert, Indicio
Think of it like an envelope for sealing and sharing digital information. The source of the envelope (the organization issuing the credential) can be cryptographically verified. The information in the envelope is digitally signed, which, in essence, means that any attempt to alter or tamper with the information breaks the seal and can be detected.
What do verifiable credentials verify? 2024-08-21 Lockstep
Government
ISO 18013-5 Standard: What It Is And How It Works 2024-08-24 blog.dock.io
Privacy and CBDCs: What Does It Mean for Users? 2024-08-21 hypersign.id
One of the key aspects of ensuring privacy in CBDC transactions is the management of users' identities. Traditional identity management systems often require users to share extensive personal information, which can be stored centrally, making it a target for cyberattacks. Hypersign tackles this issue with its Self-Sovereign Identity (SSI) framework, allowing individuals to maintain full control over their personal data.
[tweet thread] Back in March 2023 the EU introduced the European Learning Model (ELM) as a way to define multilingual data models for the education sector. 2024-08-24 drownwave
This uses W3C Verifiable Credentials to promote the recognition of educational qualifications. $ICP will play a role in this, here’s why 👇
Organization
Call to action for data portability 2024-08-22 mydata.org
The EU’s Digital Markets Act requires six big tech “gatekeepers” (Alphabet, Amazon, Apple, ByteDance, Meta, Microsoft) to provide continuous and real-time data portability mechanisms to users. We’re calling on the MyData community to help us test those tools and encourage improvements, to help drive real accountability and open up the field for consumer control and third-party services. Check out the below, and join us for a testing workshop on September 25.
[paper] Decentralised Semantics: A Semantic Engine User Perspective 2024-08-20 The Human Colossus Foundation
The paper addresses a critical issue in implementing the Findable, Accessible, Interoperable, and Reusable (FAIR) data principles. While many research groups strive to make their data FAIR, they often encounter challenges documenting the context in which data was collected, processed, and analysed. This lack of machine-actionable, contextual metadata frequently renders data less reusable and visible outside the immediate research team.
GAIN Community Group: An Update 2024-08-19 OpenID Foundation
The Community Group continues to progress with next steps to include OpenID for Verifiable Presentations, and a collaboration with the Open Identity Exchange that leverages OpenID Federation to enable the passage of Trust Framework metadata. There has been work on this already by a few of the members so this phase should have a flying start!
ToIP Welcomes GLEIF to our Steering Committee 2024-08-19 Trust Over IP
With the verifiable Legal Entity Identifier (vLEI), GLEIF has pioneered a new form of digitized organizational identity to meet the global need for automated identification, authentication and verification of legal entities across a range of industries. By creating the vLEI, GLEIF is now answering to this urgent and unmet need of pioneering a multi-stakeholder effort to create a new global ecosystem for organizational digital identity.
Business
Four Ways to Align Authentication with Business Needs 2024-08-20 www.1kosmos.com
Organizations across diverse sectors, particularly those looking for a better, more secure user experience, should carefully consider integrating passwordless authentication into their security frameworks. By leveraging biometrics, mobile devices, or security keys, passwordless systems offer a robust and user-friendly alternative to traditional password-based methods, effectively mitigating the risks associated with phishing, password theft, and unauthorized access.
Digital Identity in the Age of AI: Challenges and Opportunities 2024-08-25 sphericalcowconsulting.com
Adaptive authentication is changing how we verify digital identities. Instead of relying on passwords, this method uses AI to evaluate the risk of an access request in real time. It looks at factors like where the request is coming from, what device is being used, and what time it is.
Company Stories
[tweet] Story Protocol made headlines recently after raising significant VC funding to develop a 'Lego for IP rights. 2024-08-24 mave99a
While this is exciting, their technology, which is based on ERC-6551 (Token Bound Account) and ERC-721, is only a subset of W3C DID and Verifiable Credentials.
[tweet thread] Did you know that $ICP already has an education SaaS platform built on the GDPR subnet? 2024-08-24 drownwave
Not only that, but this platform uses W3C verifiable credentials to securely store digital educational certificates for their courses. The company is called Veriable, and here’s a thread on it
IOTA Successfully Completes European Blockchain PCP: Guest Post by IOTA 2024-08-20 CoinMarketCap
In 2021, we were selected as one of seven projects from 30+ applications to participate in the European Blockchain PCP, funded by the European Commission. The PCP aims to design new DLT solutions for Europe – first to be integrated into the European Blockchain Services Infrastructure (EBSI), an open, permissioned network of blockchain nodes across Europe that supports cross-border credential attestations for individuals and organizations; then as part of the next evolution of EBSI, the European Digital Infrastructure Consortium for Blockchain (EUROPEUM-EDIC), which will provide next-generation infrastructure to support scalable, energy-efficient, and secure blockchain applications.
IOTA Successfully Completes European Blockchain PCP 2024-08-20 blog.iota.org
The IOTA Foundation has successfully completed the final phase of the European Blockchain Pre-Commercial Procurement. [...] We are now in conversations with commercial partners to further support and drive this important European initiative in its new governance form as EUROPEUM-EDIC.
Vidos Universal Resolver Overview vidos.id
The Vidos Universal Resolver provides a scalable, reliable, and configurable DID resolution service. The W3C Decentralized Identifiers (DIDs) v1.0 standard-compliant service supports a comprehensive range of DID methods, ensures 99.95% SLA-backed uptime, and cost-effective operations. It's designed for seamless integration into enterprise systems and existing decentralized identity applications.
Credence ID’s mDL Verification Platform Now Supports Ohio, NY, Virginia IDs 2024-08-23 findbiometrics.com
The expansion broadens the platform’s coverage, making it a more comprehensive solution for verifying individuals presenting mDLs across various states and international territories.
Thoughtful
The Future of Digital Identity 2023-12-14 dcbuilder.mirror.xyz
I will try to present a holistic overview of what the space of digital identity has to offer at the moment and what my ideal future would look like as the underlying technologies evolve and gain mass adoption. In the last couple of years, many new cryptographic primitives have emerged from different fields like zero-knowledge (ZK), fully-homomorphic encryption (FHE), trusted-execution environments (TEEs), and multi-party computation (MPC).
An Introduction to Systems Thinking 2024-08-23 blog.weareopen.coop
In Systems Thinking, one of the first steps is to draw a boundary around the system you’re examining. This boundary defines what is included within the system and what is considered external. It’s crucial because the way you set this boundary determines the scope of your analysis and influences the insights you gain.
DWeb
A Developer's Guide to ActivityPub and the Fediverse Martin SFP Bryant; The New Stack
The first step for planning an ActivityPub integration is to figure out how different aspects of your software map to the Activity Streams format. – Evan Prodromou, ActivityPub spec co-author.
[tweet] @SubstackInc Any plans to move Notes to @bluesky ATProto? 2024-08-20 paride5745
It would be great to have Notes federated with Bluesky instead of being just another silo.
Musing about OAuth and LLMs on Mastodon 2024-08-24 simonwillison.net
I'm trying to think of an OAuth API that dishes out tokens which effectively let you spend money on behalf of your users and I can't think of any - OAuth is great for "grant this app access to data that I want to share", but "spend money on my behalf" is a whole other ball game.
[tweet] If only someone built a decentralized PKI for e2e encryption so that there was no one to arrest. 2024-08-24 poldectonteg
Telegram ceo getting arrested over enabling encrypted messaging is a good reminder that you should probably never go to France - @goth600