Identosphere #51 • Verifiable Credentials vs ZCAP-LD • German-Finnish co-operation in SSI • Wallet Mania

The "latest" in Identity news and updates, from the feed reader to our twitter feeds. The highlights reel, all in one place.

This weekly newsletter is possible Thanks to Patrons, like yourself.

Thanks for your patience as we experience some growing pains.

Please consider paying us a small amount each month via Patreaon

We have several companies who pay $50-75 a month. MANY THANKS for “keeping the lights on” <3 We can set it up via paypal as well. 

Events coming up

“We don’t want to be ‘big brother,’ we want to make sure that we can protect users’ privacy and the things built into the protocol that helped to do that were very attractive to us,” Hooper said. “WebAuthn is also very cheap, it is much cheaper to do a WebAuthn authentication event than it is to do SMS by several orders of magnitude.”

Tech Talk

Technical Debt

A short note to point folks at Seth Godin’s recent podcast about Project Debt. He covers some great topics:

  • Technical Debt – Seth covers it well but missed a major cause of technical debt. That being the shortcuts that are taken to meet deadlines and requirements – with the hope/fantasy that we’ll go back and do them right later (hint: we never do).

  • Project Debt

  • Why saying NO to those simple things may be the best thing. For some hints on how to do that see Say No With Grace.

Give it a listen on Overcast (my fave) or  Apple Podcasts.

Q&A with Gravity’s lead engineer: François Guérin

As the Lead Developer, a big part of my role is to build Gravity’s decentralized identity protocol and blockchain architecture on Tezos.

Standards

Comparing VCs to ZCAP-LD Kyle Den Hartog

^^ technically important and relevant. 

Why make the investment then to put the time and effort into ZCAPs when we’ve already got VCs? Simply put because security is hard and trying to push square pegs into round holes often times leads to bugs which are elevated to mission critical authentication/authorization bypass vulnerabilities. By designing around a fit for purpose data model with a well defined problem being solved it allows for us to be much more precise about where we believe extensibility is important versus where normative statements should be made to simplify the processing of the data models. By extension this leads to a simpler security model and likely a much more robust design with fewer vulnerabilities.

JSON is Robot Barf Windley

JSON has its place. But I think we're overusing it in places where a good notation would serve us better.

DIDComm: ECDH-1PU Implementation Identity Foundation 

In short, ECDH-1PU is a key derivation process that allows for sender authenticity and enables a “Perfect Forward Secrecy” mechanism, in addition to significant performance gains over JWS message nested in a JWE envelope, as used by existign ECDH-ES aproaches. 

Q&A: The Potential of Decentralized ID in Travel WebInTravel

Since February he has also been the informal chair of the Hospitality and Travel Special Interest Group (SIG), a subset within the Decentralized Identity Foundation, an organization creating technical specifications and reference implementations for decentralized identity and working with industries for commercial applications of such technologies.

OpenID trying to make play in the “trusted identities” online space

Global Assured Identity Network White Paper

Nat describes GAIN as an overlay network on top of the Internet with all its participants identity proofed. One key benefit of the approach proposed in the white paper is that the standards required to enable this network already exist: OpenID Connect and eKYC/IDA.

New Resources

DIF "Frequently Asked Questions" Knowledgebase

DIF has launched a massive Decentralized Identity Knowledgebase, structured as a long series of frequently-asked questions and answers. This synthesizes a year of educational efforts in the interop WG, blog posts, newsletters, and many other DIF inputs in a format we hope will be helpful as a reference and onboarding document throughout the decentralized identity space.

Trust Over IP Foundation Issues its First Tools for Managing Risk in Digital Trust Ecosystems

as we move into decentralized identity management, where individuals manage credentials in their own digital wallets, we need new risk management tools designed for this paradigm

Wallets

SSI Wallets

SSI Wallets are one of the essential components that make self sovereign identity possible. An increasing number of SSI Wallet apps are being released, each with slightly differing feature sets. This post is intended as an evergreen overview and comparison of SSI Wallet apps. If we discover a new one, we'll add it here. If you've developed an SSI Wallet app, feel free to make a pull request to this repository to get added to this list.

Wallet-Mania (with Mike Vesey, Dev Bharel, Adrian Doerk, RJ Reiser and Michael Boyd)

Digital Wallets are taking off! OS operators such as Apple are starting to support open standards for digital credentials (here). Technology disruptors (like the companies represented in this episode) are taking wallet solutions to market (here).

Public Sector

Self-Sovereign Identity – a game changer regarding privacy: The next level of identity management

After rejection of the e-ID Act in March 2021, the Swiss Federal government is working at full speed on a new proposal. The first results were published in a discussion paper on September 2. Self-Sovereign Identity (SSI) is one of three possible solutions proposed for the implementation of the future e-ID. What is SSI is and why does it bring significant added value in terms of data privacy?

Digital identities: German-Finnish cooperation agreed Bundesregierung

The content of the joint declaration is close bilateral cooperation in the development of a cross-border ecosystem of digital identities based on the principles of Self-Sovereign Identity (SSI). 

Declaration for Cooperation and Exchange of Best Practices in the Field of Self-Sovereign Identity Between the Federal Republic of Germany and the Republic of Finland theinternetofthings.eu

Fundamentals

How to Explain Public-Key Cryptography and Digital Signatures to Anyone

Here’s an easy-to-understand analogy to help your non-technical friends and customers understand public keys and private keys, and how they relate to cryptography and digital signatures.

ID Token and Access Token: What Is the Difference?

"Let’s use a token to secure this API call. Should I use the ID token or the access token? 🤔 The ID token looks nicer to me. After all, if I know who the user is, I can make better authorization decisions, right?"

Thanks for Reading!

Read more \ Subscribe: newsletter.identosphere.net

Support this publication: patreon.com/identosphere

Contact \ Submission: newsletter [at] identosphere [dot] net