Identosphere #21 • Aries Graduates to 'Active' • Dizme, Linux, & Sovrin Foundations + Algorand • Are Vaccine Passports Inevitable?

Join us for another issue filled with upcoming events, sovereign identity and personal data news, and working group discussions.

Thanks to our Patrons

We got a new patron this week! We are grateful for your support!

If you haven’t had the chance to sign up, yet, we greatly appreciate your consideration!

Your contributions help us to see that our efforts are appreciated, and go towards recovering our investment into the curation and distribution of these weekly updates.

We are also open to corporate subscriptions, for organizations who want all of their members to stay current with the latest developments in decentralized identity.

Upcoming

Open call to kickoff the upcoming Wallet Security WG at DIF March 1st

Bastian, Paul writes:

I will present motivation, goals and a first roadmap.

Very short summary:

 - standardized wallet security is necessary for sensitive credentials like id-cards, payment credentials or more

 - create a specification and interface to communicate about wallet capabilities, security, regulation-conformance and other points of security-relevant interoperability

 - define mechanism to enable wallet security assertions, certification and ways to prove them

 - define specifications about wallet user authentication, ways how to ensure them and how to communicate them to issuers/verifiers

Calander InviteWallet Security WG CharterWallet Security Mailing list

Engage with S&T and DHS Industry Liaisons March 2

The Insights Outreach webinar series will include the Office Industry Partnerships (OIP) program spotlights, engagement and contracting workshops, innovative technology demonstrations, and commercialization success stories from the community working with S&T. 

Interoperability Between ACA-Py & the Trinsic Platform March 3

Join us to see how two codebases, Aries Cloud Agent Python (ACA-Py) and Trinsic (based on Aries Framework .NET) interact interoperability in an enterprise environment.

Thoughtful Biometrics Workshop March 8,10,12

Data Ownership and Self-Sovereign Identity by Cryptonics March 10th

how it works from a technical point of view to the different real use cases in the world we are living in. Timestamping, digital signature, e-voting, authentication, and private contracts are some of the key elements that would be explained during the session.

Internet Identity Workshop XXXII (#32) April 20-22

Identiverse 2021 June 21-23 • denver, co

Catch up with peers, meet experts and share best practices and insights from the last year in identity. Join us for a unique hybrid event as we change the future of the industry together.

News

Linux Foundation Announces DizmeID Foundation to Develop and Enable a Self-Sovereign Identity Credential Network

Blindsided by this news!!

The DizmeID Foundation and technical project will define and allow for implementation of Dizme features on top of Sovrin public identity utility. The Dizme ecosystem is expected to include various technological components leveraging Hyperledger stack and adding a monetization layer based on Algorand blockchain protocol, which will enable the exchange of verifiable credentials and the development of new vertical applications. 

Hyperledger Aries Graduates To Active Status; Joins Indy As “Production Ready”

“This approval is further evidence that Hyperledger Aries is a breakout success for the Hyperledger community,” said Brian Behlendorf, General Manager for Blockchain, Healthcare and Identity at the Linux Foundation. “Convergence on common libraries for the exchange of credentials will help speed the development of urgently-needed solutions and systems, ranging from education to finance to the fight against the pandemic. Aries is key to that convergence.” 

New versions of Multibase and Multihash published

Manu Writes:

Multibase is just a date bump to signal that the specification is still alive
and being used. There are no new base-encoding mechanisms that have been added
to this release. This community uses multibase to encode a number of values,
like signature values and did:key values, in Verifiable Credentials and
Decentralized Identitifer Documents.

Multihash adds the KangarooTwelve hash function to the list of available hash
functions. KangarooTwelve's strongest draw is that it's fun to say out loud...
and is a KECCAK-based highly parallel hash function, if you're into that sort
of thing. This community uses multihash in some DID Methods (Veres One uses it
for hash values for operations and blocks), and the DID Core specification
uses multihash for Hashlinks (to provide integrity protection for DID Documents):

Fairly boring stuff, but nevertheless, foundational building blocks upon which
many of us have built our implementations.

eSSIF-Lab Infrastructure-oriented Open Call

Help us populate eSSIF-Lab Self-Sovereign Identity Framework!

2nd deadline has passed, but Infrastructure-oriented Open Call remains open. We are accepting your applications for the final deadline on 30th of June 2021 at 13:00 (Brussels Local Time).

Up to €155K funding for innovators to develop technical enhancements and extensions of eSSIF-Lab's Self-Sovereign Identity (SSI) Framework 

Decentralized Identity and DIACC PCTF Authentication

The Authentication component of the DIACC Pan-Canadian Trust Framework™ specifies processes and conformance criteria for service providers. Authentication and credential management services may be assessed against these criteria.

Identity Masters Podcast

At Authenteq, we spend a lot of time thinking and talking about how to make the internet a safer space. It’s also what drives our product roadmap and why we got into identity verification and e-KYC in the first place. As we work to democratize the knowledge we have access to, we know that for it to be truly accessible, we have to work with different formats. This is why we’re very excited to introduce the brand spanking new Identity Masters podcast now available on Spotify!

US Education Department promotes putting student records on blockchain

The COVID-19 pandemic has exposed flaws across various sectors. As a result, a number of government departments are evaluating blockchain-based systems as possible solutions for challenges involving multiparty workflows, record-keeping, transparency and more. 

For example, the United States Department of Education recently provided funding for the launch of the “Education Blockchain Initiative.” Referred to as the EBI, this project is led by the American Council on Education — an organization that helps the higher education community shape effective public policy — and is designed to identify ways that blockchain can improve data flow between academic institutions and potential employers.

Innovative Startups join forces to create a trusted training record and build a secure and safe waste data tracking system

Digital Catapult and Sellafield Ltd have selected two innovative startups, Condatis, and Jitsuin, to implement advanced digital technology solutions to support the nuclear industry to continue to monitor skills within the sector, and to provide a trusted and secure record for tracking hazardous waste and materials.

Benefits of SSI and Blockchain in Digital Identity good-id

The needs and experiences of citizens are established with how digital identity networks should preserve the freedoms and rights of users over the needs of the network. Transparency is explicitly mentioned as part of SSI, and it places a high emphasis on the importance of the public’s trust.

As we look to the future of digital identity, SSI principles with blockchain have already proven to be successful by bringing together stakeholders to create a mutually beneficial network.

Covid 19

Digital Vaccination Certificates -- Here Be Dragons!

This is a thread to keep an eye on. >> Anil John writes: 

Because I believe that this is an important conversation, I figure I would put together some high level slideware that synthesizes and shares the answers I have provided directly to those who have asked.  I am not in the hearts and minds business, so consider this in the spirit of the quote from Bruce Lee - "Absorb what is useful, Discard what is not, Add what is uniquely your own."

Happy to chat to share our mistakes, so that you don't need to repeat them, with those who have a public interest focus in this area.

The inevitable vaccine passports Or, are they actually inevitable?

Until the time digital records for vaccination are as simple and do not require a second thought around wallet/app/credential format etc - we have a long way to go before they are inevitable.

CCI Knowledge Base

If you haven’t already you might want to check out this google sheet

As our community continues to grow and the pandemic situation keeps evolving, this CCI Knowledge Base serves as a repository of ongoing COVID-19-related news, topics, researches and resources which are deem relevant to our community and digital identity technology. It aims to provide an up-to-date database for our CCI members to access relevant information quickly in one place whenever they need it, e.g. doing market research, developing their projects or simply keeping themselves updated on the news.

Submit relevant news or articles for the database

Vaccine passports prove an ethical minefield

Any Covid-19 vaccine passport scheme set up in the UK could easily turn out to be discriminatory and invasive, and open the door to worse abuses of privacy in future, say security experts and campaigners.

Literature

Self-Sovereign Identity as the Basis for Universally Applicable Digital Identities

This paper addresses the role of digital identities for a functioning digital economy and outlines requirements for their management. [...] The concept of Self-Sovereign Identities (SSI) and the associated standards “Verifiable Credentials” and “Decentralized Identifiers” is a promising approach to improve the situation. They allow the flexible exchange of tamper-proof digital proofs between users and systems. Therefore, they form the foundation for building trust relationships in the digital space. This paper introduces the SSI paradigm and discusses the barriers that prevent the wide-scale adoption of this concept. 

Beyond SSI 

DHS S&T Awards $198,600 to Develop Security and Privacy Testing of COVID-19 Contact Tracing Apps

to AppCensus, a start-up based in El Cerrito, California, to develop testing and validation services for digital contact tracing applications (apps). The phase 1 award was made under S&T’s Silicon Valley Innovation Program (SVIP) Emerging Needs: COVID-19 Response & Future Mitigation solicitation, which addressed multiple near term use-cases in response to the pandemic and prepares DHS for future mitigation. AppCensus is the first of six start-ups to receive a phase 1 award.

AppCensus AppSearch analyzes free publicly-available Android apps and reports the private and personally identifying information that different apps access and share with other parties over the Internet. We collect our results using a technique called dynamic analysis.

Making your digital life easier with Government Sign-In by Verified.Me

Our recent rebranding from SecureKey Concierge to Government Sign-In by Verified.Me* was an extensive process that was done to benefit users even more. Streamlining who we are, what we look like and how we talk about the tools in our digital identity suite means we can better communicate with you – the user. Making your digital life easier and more secure is our goal in everything we do at SecureKey.

Letter to Attorney General Becerra Re: FinCen Proposed Rule Privacy concerns

Our concerns with the consumer privacy implications of this proposed rule are twofold:

First, the proposed rule’s requirement that MSB’s collect identifying information associated with wallet addresses will create reporting that extends well beyond the intent of the rule or the transaction.

Call for Review – WebAuthN: An API for accessing Public Key Credentials Level 2 is a W3C proposed recommendation

Comments welcome through March 26

The Web Authentication Working Group has published a Proposed Recommendation of Web Authentication: An API for accessing Public Key Credentials Level 2. This specification defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users.

MyData

Attitudes To Personal Data Management

In recent years, personal data has been an increasingly popular topic of conversation for marketers, data analysts, regulators, and privacy warriors. Individuals have learnt that recent regulatory updates have given them more rights over how that data is used. Are these two forces aligned?

We distributed a survey and received over 400 responses from both individuals and organisations answering questions about the management of personal data. How aligned are the two points of view? This infographic shows a summary of key questions and responses.

Thanks for reading. See you next week!

If you find this publication to be valuable for your efforts in digital identity, support its creation by contributing on Patreon.