Identosphere #51 • Verifiable Credentials vs ZCAP-LD • German-Finnish co-operation in SSI • Wallet Mania
The "latest" in Identity news and updates, from the feed reader to our twitter feeds. The highlights reel, all in one place.
This weekly newsletter is possible Thanks to Patrons, like yourself.
Thanks for your patience as we experience some growing pains.
We have several companies who pay $50-75 a month. MANY THANKS for “keeping the lights on” <3 We can set it up via paypal as well.
Read previous issues and Subscribe : newsletter.identosphere.net
Contact \ Content Submissions: newsletter [at] identosphere [dot] net
Events coming up
Internet Identity Workshop 33 • 10/12-14
Digital Trust World 2021 • 10/4-7 ‘the Conference for Authentication, Biometrics, Fraud & Security and Identity,’
Authenticate Virtual Summit Recap and looking forward Authenticate 2021 Fido Alliance 10/18-20
“We don’t want to be ‘big brother,’ we want to make sure that we can protect users’ privacy and the things built into the protocol that helped to do that were very attractive to us,” Hooper said. “WebAuthn is also very cheap, it is much cheaper to do a WebAuthn authentication event than it is to do SMS by several orders of magnitude.”
A short note to point folks at Seth Godin’s recent podcast about Project Debt. He covers some great topics:
Technical Debt – Seth covers it well but missed a major cause of technical debt. That being the shortcuts that are taken to meet deadlines and requirements – with the hope/fantasy that we’ll go back and do them right later (hint: we never do).
Why saying NO to those simple things may be the best thing. For some hints on how to do that see Say No With Grace.
As the Lead Developer, a big part of my role is to build Gravity’s decentralized identity protocol and blockchain architecture on Tezos.
Comparing VCs to ZCAP-LD Kyle Den Hartog
^^ technically important and relevant.
Why make the investment then to put the time and effort into ZCAPs when we’ve already got VCs? Simply put because security is hard and trying to push square pegs into round holes often times leads to bugs which are elevated to mission critical authentication/authorization bypass vulnerabilities. By designing around a fit for purpose data model with a well defined problem being solved it allows for us to be much more precise about where we believe extensibility is important versus where normative statements should be made to simplify the processing of the data models. By extension this leads to a simpler security model and likely a much more robust design with fewer vulnerabilities.
JSON is Robot Barf Windley
JSON has its place. But I think we're overusing it in places where a good notation would serve us better.
DIDComm: ECDH-1PU Implementation Identity Foundation
In short, ECDH-1PU is a key derivation process that allows for sender authenticity and enables a “Perfect Forward Secrecy” mechanism, in addition to significant performance gains over JWS message nested in a JWE envelope, as used by existign ECDH-ES aproaches.
Q&A: The Potential of Decentralized ID in Travel WebInTravel
Since February he has also been the informal chair of the Hospitality and Travel Special Interest Group (SIG), a subset within the Decentralized Identity Foundation, an organization creating technical specifications and reference implementations for decentralized identity and working with industries for commercial applications of such technologies.
OpenID trying to make play in the “trusted identities” online space
Nat describes GAIN as an overlay network on top of the Internet with all its participants identity proofed. One key benefit of the approach proposed in the white paper is that the standards required to enable this network already exist: OpenID Connect and eKYC/IDA.
DIF has launched a massive Decentralized Identity Knowledgebase, structured as a long series of frequently-asked questions and answers. This synthesizes a year of educational efforts in the interop WG, blog posts, newsletters, and many other DIF inputs in a format we hope will be helpful as a reference and onboarding document throughout the decentralized identity space.
as we move into decentralized identity management, where individuals manage credentials in their own digital wallets, we need new risk management tools designed for this paradigm
SSI Wallets are one of the essential components that make self sovereign identity possible. An increasing number of SSI Wallet apps are being released, each with slightly differing feature sets. This post is intended as an evergreen overview and comparison of SSI Wallet apps. If we discover a new one, we'll add it here. If you've developed an SSI Wallet app, feel free to make a pull request to this repository to get added to this list.
Wallet-Mania (with Mike Vesey, Dev Bharel, Adrian Doerk, RJ Reiser and Michael Boyd)
Digital Wallets are taking off! OS operators such as Apple are starting to support open standards for digital credentials (here). Technology disruptors (like the companies represented in this episode) are taking wallet solutions to market (here).
After rejection of the e-ID Act in March 2021, the Swiss Federal government is working at full speed on a new proposal. The first results were published in a discussion paper on September 2. Self-Sovereign Identity (SSI) is one of three possible solutions proposed for the implementation of the future e-ID. What is SSI is and why does it bring significant added value in terms of data privacy?
Digital identities: German-Finnish cooperation agreed Bundesregierung
The content of the joint declaration is close bilateral cooperation in the development of a cross-border ecosystem of digital identities based on the principles of Self-Sovereign Identity (SSI).
Declaration for Cooperation and Exchange of Best Practices in the Field of Self-Sovereign Identity Between the Federal Republic of Germany and the Republic of Finland theinternetofthings.eu
Here’s an easy-to-understand analogy to help your non-technical friends and customers understand public keys and private keys, and how they relate to cryptography and digital signatures.
"Let’s use a token to secure this API call. Should I use the ID token or the access token? 🤔 The ID token looks nicer to me. After all, if I know who the user is, I can make better authorization decisions, right?"
Thanks for Reading!
Read more \ Subscribe: newsletter.identosphere.net
Support this publication: patreon.com/identosphere
Contact \ Submission: newsletter [at] identosphere [dot] net