Identosphere #49 • Devon Loffreto is not Moxie Marlinspike • Ontario Canada Digital ID • Privacy by (Re)Design

Our weekly edition of the latest SSI related news, upcoming events, and thoughtful commentary from the blogosphere

Welcome to the Identosphere Weekly

Yes the publication time of this has been drifting lately, as weekends are especially attractive for other things, besides creating a newsletter, towards the end of the summer. <3 It might make sense overall to trend towards a weekday publication. Thanks for your understanding.

This weekly newsletter is possible Thanks to Patrons, like yourself.

Coming up

Blogtalk

Christopher Allen: Not Moxie Marlinspike, Oft confused, no more.

Link to corrected attribution Devon Loffreto is not Moxie Marlinspike

Self-Sovereign Identity has deep roots. It did not just emerge in 2016 after a blog post was written. It did not fail to exist when wikipedia editors denied it subject integrity with the stated message: "good luck with that".

Plotting ROI, and other measures for gauging performance on Peak Paradox

The purpose of this post is to plot where some (there is way too many to do them all) different investment measures align on the Peak Paradox model. 

Explainers

Self-Sovereign Identity and how we can get there ProCivis

Enabled by recent advances in the realm of cryptography, mobile devices and decentralized identity standards we can now put citizens firmly in control of their digital identities while ensuring the level of trust needed to unlock the full potential of a digital society. 

Fluid Multi-Pseudonymity Windley

Fluid multi-pseudonymity perfectly describes the way we live our lives and the reality that identity systems must realize if we are to live authentically in the digital sphere.‘

The Unbundling of Authentication vs Authorization - What You Need to Know Ping Identity

Authentication and authorization are both processes that fall under the category of identity and access management (IAM), but they serve different purposes. 

An Introduction to Digital Trust Northern Block

what’s the purpose of SSI? It’s about enabling Digital Trust (which is quickly becoming an integral part of digital transformation for organizations).

Blockchain, The Missing Piece In Self-Sovereign Digital Identity Modex (part of a youtube playlist)

How do we prove we are who we say we are? In an identity context, blockchains permit people to prove things about themselves using decentralized, verifiable credentials without revealing the actual data.

The Era of Self-Sovereign Identity Chakaray

VC-AuthN OIDC uses the OpenID connect standards to easily integrate with the supported systems and also provides a way to authenticate using the verifiable credentials, giving the control back to the user. This is similar to the traditional OpenID connect, the only difference is in the token information. Rather than using the user’s information to construct the token, this uses claims in the verifiable credentials presented by the user.

Literature

Industry-Grade Self-Sovereign Identity Pouwelse, De Kok, Kuipers, F.A.

This research has been performed in pursuit of the MSc Computer Science at Delft University of Technology in collaboration with the Dutch National Office for Identity Data (RvIG), part of the Dutch Ministry of the Interior and Kingdom Relations. Self-Sovereign Identity (SSI) is a relatively new concept part of a movement aspiring to create a universal identity layer for the Internet. SSI aims to put the citizen at the centre of their data, making them the sovereign over their digital presence.

Standardization

What are Verifiable Credentials in 3 Minutes Affinidi (video)

EIC Speaker Spotlight: Kay Chopard on Driving Digital Trust

We really hope that a diverse audience will be attracted to the Kantara workshop. The reason I say that is - we're very focused, obviously in the work we do around identity, around assurance programs, around really developing what we recommend the part of standards that are used internationally. And then also taking that the next step and making sure that those standards are implemented in the identity products that are available in the field.

Why Are Governments Choosing Hyperledger? Northern Block

  • Open Data Standards (W3C’s DID & VC Standards)

  • Open Tech Standards (Hyperledger Aries, Indy, Ursa)

  • Achieving W3C-Compliance on Aries and Indy

Development

Verifiable Credentials Guide for Developer: Call for Participation

Want to contribute to the World Wide Web Consortium (W3C) Developers Guide for Verifiable Credentials?

How Svelte Cybernetically Enhances Web Development MagicLabs

Like React, Svelte is a UI framework that makes it easier to write components. But instead of using a virtual DOM to track state changes and to re-render pages, Svelte pretty much avoids it. This is because React’s virtual DOM introduces unnecessary work for developers that, if done incorrectly, results in a slow performing app.

Why Privacy by (Re)Design Better Defines Responsibility for Privacy Anonyme

Where privacy by design puts the onus on app developers to be proactive about data privacy, privacy by (re)design redesigns the “app ecosystem to address data sharing”, spreading the burden.

Digital Identity for Development — and protection Caribou Digital

the deployment of digital identification systems needs to get smarter about understanding the political interests and risks that shape the contexts in which identification systems are used — our ID Ecosystem Mapping tool supports risk assessment arising from the deployment of digital identification systems.

Managed Open Projects: A New Way For Open Source and Open Standards To Collaborate

I recently pointed out in a TechCrunch contribution that the open source and open standards communities need to find ways to team up if they are to continue driving innovation and  development of transformative technologies to push our society forward.

Why Self-Sovereign Identity needs a token? Cheqed

Usually the question of “why does SSI need a token”, stems from people’s belief that there are existing, viable payment rails. As Sovrin outlined in their whitepaper back in 2018, traditional rails don’t work when issuers and receivers of credentials are unlikely to have a direct contractual relationship since the user is at the center with SSI.

Healthcare

What SMART on FHIR Means for the Future of Healthcare Auth0

The Substitutable Medical Applications and Reusable Technologies (SMART) platform promises to solve these data fragmentation challenges by standardizing how patient data is accessed and shared. And given SMART’s inclusion in the 21st Century Cures Act, the platform will become the standard protocol for accessing electronic health records (EHRs) in the near future.

Unlocking Possibilities MagnaCerta

As different certificate frameworks emerge, there is a need for simple tools that enable Health Service Providers to deliver interoperable certificates valid across different channels, or built according to different specifications.

Finance

Self Sovereign Identity/Decentralised Identity and Financial Services Webinar — A Synopsis

September 2nd, 2021 was a big day for all of us in the Global Developer Ecosystem (GDE) team of Affinidi as we geared to host our first webinar on Self Sovereign Identity/Decentralised Identity and Financial Services with Varsha Jagdale (General Manager of Financial Services at Affinidi) and Joseph Thompson (CEO of AID:Tech) as the speakers.

Banking’s identity problem Global Banking and Finance

Banks have sought to overcome some of these challenges with the use of biometrics such as facial recognition and fingerprints.  These are now more commonly used to login to, or unlock devices, and increase usability, but still leave the challenge of proving the authenticity of a document wide open to abuse.

Self-sovereign digital identity is a game changer for African financial inclusion ITOnline

Much like cell phone technology and the internet, the true power of SSDI will only be unleashed when it is embedded across all sectors of society, from education and medical care to telecommunications and retail. And that will require all role players – government bodies, regulators, service providers, public and private agencies – to take up the SSDI baton and become part of the change.

Company News

The Role of SSI in MOBIX’ Deep Parking

Ubikom Project

Ubikom is free, open-source email framework based on the concept of Self-Sovereign Identity. You own your identity (which, in this case, means your private key), and all the outgoing and incoming messages are encrypted and signed by default.

Canada

Ontario’s Digital ID: Technology and standards

Ontario’s Digital ID will use self-sovereign identity because it gives the holder control over the credentials in their wallet. In addition, we are layering on these extra privacy-preserving features:

  • Consent – The verifier must ask you to approve their request to confirm your credentials.

  • Data minimization – The verifier can only access what they need to confirm you are eligible for their service. For example, if you need to prove that you are old enough to buy a lottery ticket, the store clerk would only know that you are 18 or older – not your actual age, birth date or anything else about you.

  • Anonymity – Your credentials are not tracked or traced.

Ontario will launch digital ID program later this year and here's how it works

British Columbia OrgBook – ‘Tell Us Once’ via Blockchain and Self-Sovereign Identity

Canada is beginning to develop their own version of a “Tell Us Once” Digital Identity policy, an approach pioneered in Europe by the likes of Estonia.

This is a policy where having provided your data to one government agency, you’ll never be asked for it again from another, defined explicitly through legislation.

Not SSI

Apple announces first states signed up to adopt driver’s licenses and state IDs in Apple Wallet

Arizona, Connecticut, Georgia, Iowa, Kentucky, Maryland, Oklahoma, and Utah are among the first states to bring state IDs and driver’s licenses in Wallet to their residents

Someone could be tracking you through your headphones NRK Beta

  • At least 9149 products with Bluetooth transmitters were uniquely recognized at least 24 hours apart.

  • At least 129 headphones could be tracked in the dataset for longer than 24 hours.

  • Popular headphones models from Bose, Bang & Olufsen, Jabra, Sennheiser and JBL can be tracked over longer periods of time.

Thanks for Reading!

Read more \ Subscribe: newsletter.identosphere.net

Support this publication: patreon.com/identosphere

Contact \ Submission: newsletter [at] identosphere [dot] net