Identosphere 202: Digital Credentials API in Chrome • EBSI for Anti-Counterfitting • Securing UPI Transactions
Everything related to decentralized identity and verifiable credentials: from the enterprise to web3, real world use, policy and research, standards and development.
Identosphere’s Weekly Highlights
We Gather, You Read!
We’re still aggregating industry info.
Thanks for supporting our efforts by a PayPal, or Patreon
Upcoming
New Listings
NIST 800-63 Feedback Sessions 09/19-20
Previously Listed
Agenda for ETSI / CEN Workshop on EU Digital Identity Framework Standards 9/10-12
FediForum - unconference for the Fediverse 9/12-24 [Kaliya is facilitating] See session notes and demo videos from our 3/2024, 9/2023 and 3/2023
[South Africa]DID UnConf: Africa *an IIW Inspired Regional Event09/25-27Postponed to the New year[Berlin, Global Trust Foundation] EU Digital Identity Wallets Forum 10/09
DIF Hackathon 10/1-11/4
[California] Internet Identity Workshop #39 10/29-31
[New Orleans] Hybrid Identity Protection Conference (HIP Conf) 11/13-14
Shared Signals Interop Event at Gartner's IAM Summit 12/9-11
Open Standards
Implement ASP.NET Core OpenID Connect OAuth PAR client with Keycloak using .NET Aspire 2024-09-02 damienbod.com
Implement OpenID Connect Back-Channel Logout using ASP.NET Core, Keycloak and .NET Aspire 2024-09-09 damienbod.com
OIDF to Co-Host Mobile Drivers License Hackathons 2024-09-06 openid.net
The OpenID Foundation is delighted that the California DMV is not only a member of the OpenID Foundation, but that the CA DMV selected OpenID for Verifiable Credential Issuance and OpenID for Verifiable Presentation as a part of their architecture.
The SLAP – Requirements for Practical Verifiable Credentials 2024-09-06 Andres Olave, Velocity Network Foundation
These issues are NOT about the VC format wars (W3C VC, SD-JWT-VC, MDOC), the Exchange wars (DIDCOMM, VC-API, or OID4VC), or the digital sinature algorithm wars (too many to mention). They are about REAL business needs that must be met before any of these technologies can meet success.
Government
EBSIs Blockchain Driving Force Behind EUIPOs Groundbreaking Anti-Counterfeiting Initiative 2024-06-20 EBSI
(European Union Intellectual Property Office) celebrated the Go-Live of the EBSI-ELSA project together with around 100 external participants and European Commission colleagues from DG CNECT, DG GROW and DIGIT, among others.
What does this go-live mean? 80% of the EBSI-ELSA infrastructure is live and accessible through the ELSA Forum since June 24th. The service will continue being refined and by December this year will be complemented by a self-service tool called the Intellectual Property (IP) wallet.
MDL
[google, mdl] Introducing Origin Trials for the Digital Credentials API Eiji Kitamura, developer.chrome.com
An origin trial for the Digital Credentials API is starting from Chrome 128. Digital Credentials API is a new web platform API that allows websites to selectively request verifiable information about the user through digital credentials such as a driver's license or a national identification card stored in a digital wallet.
Chrome launches developer trial for digital ID, credentials API 2024-09-06 Biometric Update
[github, mdl] kokukuma/mdoc-verifier
This project is an mdoc/mDL (mobile driving license) verification compliant with ISO/IEC 18013-5:2021.
Company Stories
[web3] Dock and cheqd Form Alliance to Accelerate Global Adoption of Decentralized ID 2024-09-04 blog.dock.io
We are excited to announce that the Dock and cheqd tokens and blockchains are merging to form a Decentralized ID alliance.
By harnessing the combined strengths of two industry pioneers, Dock and cheqd will accelerate the global adoption of decentralized identity and verifiable credentials, empowering individuals and organizations worldwide with secure and trusted digital identities.
Verida Technical Litepaper: Self-Sovereign Confidential Compute Network to Secure Private AI (Part 3) 2024-09-02 Verida
Verida’s self-sovereign compute network will enable infrastructure operators to deploy and register a node of a particular service type. When an API needs to send a request to one of those service types, it can perform a “service lookup” on the Verida network to identify a suitable trusted, verifiable node it can use to send requests of the required service type.
[web3] Pioneering Decentralized Identity for a Web3 World 2023-09-11 lidonation.com
Lido Nation has partnered with ProofSpace to offer Verifiable Credentials for attendance at the weekly Project Catalyst Town Hall meetings. Every week, Lido Nation will offer attendees a Verifiable Credential for that week’s meeting, with its unique meeting number. Attending the weekly meeting and claiming your free credential is a way to try out the technology, and start building your verifiable reputation in the community!
Use Cases
[youtube, finance] Verifiable Credentials in Banking and Finance Demonstration 2024-07-03 Indicio
See how Verifiable Credentials can enable reusable KYC, passwordless login, and more for financial institutions.
[Payments] Securing UPI Transactions: Advanced Biometric Solutions for Emerging Challenges 2024-09-05 hypersign.id
Hypersign’s platform is built on Self-Sovereign Identity (SSI) principles and utilizes a permissionless framework, which allows it to scale efficiently with growing UPI transaction volumes. The system’s architecture is designed to support high transaction throughput, ensuring that it can handle large volumes of authentication requests without compromising performance.
[Supply Chain] The Role of Verifiable Credentials in Supply Chain Management 2024-08-31 everycred.com
let’s explore how new technologies are reshaping the supply chain and how their implementation can increase transparency, efficiency, and, most importantly, trust.
Self-Sovereign Identity (SSI) in DevSecOps: Enhancing Security and Privacy in User Authentication 2024-09-01 AI DevSecOps Enthusiast
Integrate SSI protocols into your existing DevSecOps pipeline, focusing on authentication and authorization processes. This might involve using middleware that interacts with digital wallets and verifies credentials.
Roam: Decentralized Global WiFi Network weroam.xyz
Revolutionizing global connectivity with a Decentralized Global WiFi network powered by blockchain and OpenRoaming technology. Join the Roam network for seamless worldwide access.
[...] Roam protocol follows the W3C’s VC standard, and focuses on its implementation via a permissionless blockchain. Hash Algorithms SHA256, KECCAK-256, etc., are used to generate the hash value of the message to be signed with a private key.
OpenRoaming and WiFi Hotspots: Key Differences Explained 2024-08-30 roamnetwork.
Organizations
[Tonomy Foundation] Pangea Whitepapers: Blueprint of a Digital Nation pangea.web4.world
Pangea Technology Whitepaper (technical)
In this venture, the Tonomy Foundation has significantly contributed to the World Wide Web Consortium (W3C) decentralised Identity ecosystem. Through collaboration with the W3C Credentials Community Group and the decentralised Identity Foundation, the Foundation has substantially developed the did-jwt and did-jwt-vc, facilitating multi-party and delegated signatures. These technologies, the most utilised libraries in DID technologies with an upward trend of 40,000 weekly downloads, are poised for widespread adoption within the EU digital identity wallet framework and various national identity programs
Decentralized Web
Welcome to Bluesky! - Bluesky 2024-09-04 bsky.social
What a week! In the last few days, Bluesky has grown by more than 2.6 million users, over 85% of which are Brazilian. Welcome, we are so excited to have you here! [...]
Custom Feeds
Outside of your chronological Following feed and the default Discover feed, you can try out some new feeds! Maybe you want to see posts from your friends who don’t post as often — try Quiet Posters. If you want to see the top posts across the whole network from the last day, try Catch Up.
Not SSI
[standards] Why FIPS 140-3 Matters for Cryptography and Digital Identity Security 2024-09-04 sphericalcowconsulting.com
The first FIPS 140 was published thirty years ago (where has time gone???). The U.S. federal government realized it needed to get a handle on how the government as a whole needed to use cryptographic modules in its tech. Prior to that, it was something of a free-for-all. Each agency made its own decisions about what information and staff it had on hand. Not great.
[standards] OAuth from First Principles 2024-09-05 (h/t simonwillison)
I'll start off with an awfully flawed implementation that authorizes a user with a 3rd-party app, and then continuously attack it until we arrive at something that's secure, kind of.
[🧵security] Protecting credentials on disk 2024-09-01 argvee
Protecting credentials on disk. It baffles the mind that we're still storing API keys, web session cookies, etc. unprotected on disk. This is no better than putting plaintext passwords in files. Hoping the W3C DBSC project helps with web cookies. https://github.com/WICG/dbsc
[privacy] Decentralized Identity and Reputation: Balancing Freedom and Regulation in Digital Platforms 2024-09-04 Ontology
The Evolution of Privacy Platforms: Case Studies
Silk Road: The Dark Web’s Pioneer
Tornado Cash: Anonymizing Cryptocurrency Transactions
Telegram: A Platform for Secure Communication