Identosphere #49 • Devon Loffreto is not Moxie Marlinspike • Ontario Canada Digital ID • Privacy by (Re)Design
Our weekly edition of the latest SSI related news, upcoming events, and thoughtful commentary from the blogosphere
Welcome to the Identosphere Weekly
Yes the publication time of this has been drifting lately, as weekends are especially attractive for other things, besides creating a newsletter, towards the end of the summer. <3 It might make sense overall to trend towards a weekday publication. Thanks for your understanding.
This weekly newsletter is possible Thanks to Patrons, like yourself.
Read previous issues and Subscribe : newsletter.identosphere.net
Contact \ Content Submissions: newsletter [at] identosphere [dot] net
GS1 Industry & Standards Event 2021 • 9/13-16
SVIP Demo Week 9/14-17 ←WEDNESDAY the ID things present
ICET'21- International Colloquium on Emerging Technologies • 9/18-22 • @ieeebvm Empowering Technophiles, Envisioning Tomorrow (Registration)
Internet Identity Workshop 33 • 10/12-14
Digital Trust World 2021 • 10/4-7 ‘the Conference for Authentication, Biometrics, Fraud & Security and Identity,’
Christopher Allen: Not Moxie Marlinspike, Oft confused, no more.
Self-Sovereign Identity has deep roots. It did not just emerge in 2016 after a blog post was written. It did not fail to exist when wikipedia editors denied it subject integrity with the stated message: "good luck with that".
The purpose of this post is to plot where some (there is way too many to do them all) different investment measures align on the Peak Paradox model.
Enabled by recent advances in the realm of cryptography, mobile devices and decentralized identity standards we can now put citizens firmly in control of their digital identities while ensuring the level of trust needed to unlock the full potential of a digital society.
Fluid Multi-Pseudonymity Windley
Fluid multi-pseudonymity perfectly describes the way we live our lives and the reality that identity systems must realize if we are to live authentically in the digital sphere.‘
Authentication and authorization are both processes that fall under the category of identity and access management (IAM), but they serve different purposes.
An Introduction to Digital Trust Northern Block
what’s the purpose of SSI? It’s about enabling Digital Trust (which is quickly becoming an integral part of digital transformation for organizations).
Blockchain, The Missing Piece In Self-Sovereign Digital Identity Modex (part of a youtube playlist)
How do we prove we are who we say we are? In an identity context, blockchains permit people to prove things about themselves using decentralized, verifiable credentials without revealing the actual data.
The Era of Self-Sovereign Identity Chakaray
VC-AuthN OIDC uses the OpenID connect standards to easily integrate with the supported systems and also provides a way to authenticate using the verifiable credentials, giving the control back to the user. This is similar to the traditional OpenID connect, the only difference is in the token information. Rather than using the user’s information to construct the token, this uses claims in the verifiable credentials presented by the user.
Industry-Grade Self-Sovereign Identity Pouwelse, De Kok, Kuipers, F.A.
This research has been performed in pursuit of the MSc Computer Science at Delft University of Technology in collaboration with the Dutch National Office for Identity Data (RvIG), part of the Dutch Ministry of the Interior and Kingdom Relations. Self-Sovereign Identity (SSI) is a relatively new concept part of a movement aspiring to create a universal identity layer for the Internet. SSI aims to put the citizen at the centre of their data, making them the sovereign over their digital presence.
What are Verifiable Credentials in 3 Minutes Affinidi (video)
We really hope that a diverse audience will be attracted to the Kantara workshop. The reason I say that is - we're very focused, obviously in the work we do around identity, around assurance programs, around really developing what we recommend the part of standards that are used internationally. And then also taking that the next step and making sure that those standards are implemented in the identity products that are available in the field.
Why Are Governments Choosing Hyperledger? Northern Block
Open Data Standards (W3C’s DID & VC Standards)
Open Tech Standards (Hyperledger Aries, Indy, Ursa)
Achieving W3C-Compliance on Aries and Indy
Want to contribute to the World Wide Web Consortium (W3C) Developers Guide for Verifiable Credentials?
Like React, Svelte is a UI framework that makes it easier to write components. But instead of using a virtual DOM to track state changes and to re-render pages, Svelte pretty much avoids it. This is because React’s virtual DOM introduces unnecessary work for developers that, if done incorrectly, results in a slow performing app.
Where privacy by design puts the onus on app developers to be proactive about data privacy, privacy by (re)design redesigns the “app ecosystem to address data sharing”, spreading the burden.
Digital Identity for Development — and protection Caribou Digital
the deployment of digital identification systems needs to get smarter about understanding the political interests and risks that shape the contexts in which identification systems are used — our ID Ecosystem Mapping tool supports risk assessment arising from the deployment of digital identification systems.
I recently pointed out in a TechCrunch contribution that the open source and open standards communities need to find ways to team up if they are to continue driving innovation and development of transformative technologies to push our society forward.
Usually the question of “why does SSI need a token”, stems from people’s belief that there are existing, viable payment rails. As Sovrin outlined in their whitepaper back in 2018, traditional rails don’t work when issuers and receivers of credentials are unlikely to have a direct contractual relationship since the user is at the center with SSI.
The Substitutable Medical Applications and Reusable Technologies (SMART) platform promises to solve these data fragmentation challenges by standardizing how patient data is accessed and shared. And given SMART’s inclusion in the 21st Century Cures Act, the platform will become the standard protocol for accessing electronic health records (EHRs) in the near future.
Unlocking Possibilities MagnaCerta
As different certificate frameworks emerge, there is a need for simple tools that enable Health Service Providers to deliver interoperable certificates valid across different channels, or built according to different specifications.
September 2nd, 2021 was a big day for all of us in the Global Developer Ecosystem (GDE) team of Affinidi as we geared to host our first webinar on Self Sovereign Identity/Decentralised Identity and Financial Services with Varsha Jagdale (General Manager of Financial Services at Affinidi) and Joseph Thompson (CEO of AID:Tech) as the speakers.
Banking’s identity problem Global Banking and Finance
Banks have sought to overcome some of these challenges with the use of biometrics such as facial recognition and fingerprints. These are now more commonly used to login to, or unlock devices, and increase usability, but still leave the challenge of proving the authenticity of a document wide open to abuse.
Much like cell phone technology and the internet, the true power of SSDI will only be unleashed when it is embedded across all sectors of society, from education and medical care to telecommunications and retail. And that will require all role players – government bodies, regulators, service providers, public and private agencies – to take up the SSDI baton and become part of the change.
Ubikom is free, open-source email framework based on the concept of Self-Sovereign Identity. You own your identity (which, in this case, means your private key), and all the outgoing and incoming messages are encrypted and signed by default.
Ontario’s Digital ID will use self-sovereign identity because it gives the holder control over the credentials in their wallet. In addition, we are layering on these extra privacy-preserving features:
Consent – The verifier must ask you to approve their request to confirm your credentials.
Data minimization – The verifier can only access what they need to confirm you are eligible for their service. For example, if you need to prove that you are old enough to buy a lottery ticket, the store clerk would only know that you are 18 or older – not your actual age, birth date or anything else about you.
Anonymity – Your credentials are not tracked or traced.
Canada is beginning to develop their own version of a “Tell Us Once” Digital Identity policy, an approach pioneered in Europe by the likes of Estonia.
This is a policy where having provided your data to one government agency, you’ll never be asked for it again from another, defined explicitly through legislation.
Arizona, Connecticut, Georgia, Iowa, Kentucky, Maryland, Oklahoma, and Utah are among the first states to bring state IDs and driver’s licenses in Wallet to their residents
At least 9149 products with Bluetooth transmitters were uniquely recognized at least 24 hours apart.
At least 129 headphones could be tracked in the dataset for longer than 24 hours.
Popular headphones models from Bose, Bang & Olufsen, Jabra, Sennheiser and JBL can be tracked over longer periods of time.
Thanks for Reading!
Read more \ Subscribe: newsletter.identosphere.net
Support this publication: patreon.com/identosphere
Contact \ Submission: newsletter [at] identosphere [dot] net