Identosphere #55 • ENS names are DID • Ontario Action Plan • VC issuer-kit PoC report
A weekly digest of stories, company news, and industry updates surrounding decentralized identity. Includes upcoming events, job opportunities, and developents in standardization.
This weekly newsletter is possible thanks to readers like you!
Read previous issues and Subscribe : newsletter.identosphere.net
Contact \ Content Submissions: newsletter [at] identosphere [dot] net
Last month, Google, Apple, and Mozilla lodged formal objections to W3C approval of the W3C Decentralized Identifiers (DIDs) 1.0 specification.
Engineering Successful IAM Projects to Support Digital Business 11/23 KuppingerCole
Self-issued OpenID Provider (SIOP) Update Kristina Yasuda – Microsoft
Software Developer in Decentralised Identity Surrey AC UK
The project is to apply a Self-Sovereign Identity framework to the development of technology for privacy-preserving management of authorship of digital assets. This is an exciting opportunity to work with emerging technologies and develop novel solutions.
You are a network Aeon
You cannot be reduced to a body, a mind or a particular social role. An emerging theory of selfhood gets this complexity
In this short article, we investigate three different approaches to how SSI concepts map on the blockchain infrastructure.
The third approach is, in a way, derived from the previous one, and is the one pursued by uPort/Serto: the blockchain has one single registry that tracks down just the revocation of credentials,
The Buzz Behind Zero Trust State of Identity
The Zero Trust model is the belief that no one should be trusted from inside or outside your network, until their identity has been verified. Zero trust refers to the alignment of maturing identity practices, an established understanding of user behaviors, and the application of least-privilege access security policy decisions to trust boundaries
Decentralized and Self-Sovereign Identity: Systematic Mapping Study Špela Čučko Muhamed Turkanović
The results suggest that validation research and solution proposals prevail, addressing decentralized identity in a general matter. Papers mainly propose systems/solutions, architectures, and frameworks, focusing on authentication, security, privacy, and trust, while there are hardly any studies researching usability, user experience, patterns, and good practices.
As the world becomes even more connected and more machines are hooked up to the internet, the ability for machines to move, trade and interact securely and efficiently becomes increasingly important to life and business. Today’s centralized networks do not enable this. Machines today exist on closed, permission-based environments which massively limit which other machines can be interacted with, what machines can do and where they can go.
Is the biggest tech change for travel since the internet and mobile the shift to self-sovereign identity tech? CAPA TV
What are some of the benefits of this new wave, such as reduced cybersecurity risk and enhanced travel experiences/personalisation?
Will this affect the way travel is distributed and paid for change?
What can players in the established travel eco-system expect?
When will we see this come about – where will we be by 2030?
A decentralized network using a blockchain-based distributed ledger means you can use Peer DIDs to move most “transactions” and their cryptographic proofing off ledger. This means that for those peer-to-peer interactions, identity blockchains don’t need to do any ledger transactions at all.
Marketplace deception is everywhere, at great cost and risk to consumers and businesses. Regulation alone won’t fix it. Can Mattereum Asset Passports and Product Information Markets help secure trust in B2B and B2C trade?
The IAM (Identity & Access Management) landscape may seem to be getting more complex, but only because we’re trying to fit a square peg in a round hole. Old methods tied strictly to AD and LDAP registries with groups and their associated roles are only a narrow keyhole from the past into which we can view a broader IAM future. These systems will continue to be used in many enterprises but form only part of the many journeys available to users within the new IAM landscape.
A vaccine passport is a physical or digital health credential to confirm a person has been vaccinated for a particular contagious disease to enable travel.
The Vaccine Certificate Experience WEBISTEMOLOGY
Version 1 of the Ontario COVID Vaccine Certificate is a cumbersome experience that needs some work
What I observed is NOT a user-friendly experience for either the customer or the business. For the experience to be improved it needs to be a single presentation operation of either a paper or digital certificate that the business can verify in one step.
The advantage of a paper and ID card presentation ritual is that it is difficult to hack. So if we are going to improve the presentation with a single credential as above, privacy and security MUST be protected.
Pramod Varma's message as India touches the 1 BN COVID Vaccination Certificates Milestone eGovernments Foundation
Pramod Varma, CTO, EkStep Foundation shares the journey of Digital Public Good- DIVOC (Digital Infrastructure for Vaccination Open Credentialing) envisioned a year back, for vaccination credentialing.
The DIVOC project is hosted and maintained by India’s eGov Foundation and is available as an MIT-licensed open source software package DIVOC is also supported by various multilateral funding institutions, as well as a community of software contributors and adopters in various geographies. DIVOC’s verifiable COVID credentials have also been tested for interoperability with several consumer-health and locker applications globally; and DIVOC’s certificates from the adopter countries can now be scanned/read/ingested by these domestic and international applications.
SSI with OpenID authentication Gimly ID
If you are a developer and want to write a DApp [...] you probably are using API-Keys in your front-end. If this is the case, then you should consider the security risk the publication of the API-Key in your front end represents and ask yourself if it would make sense to switch to a user authentication scheme.
This has two purposes:
to wrap existing ENS names as DIDs to facilitate interoperability of emerging technologies in the Decentralized Identity and Ethereum community,
to define a canonical way to augment ENS names with DID capabilities (e.g., encryption) as mentioned above.
Ontario Releases Technology and Standards for Digital Identity Ontario Newsroom
“Our Ontario Onwards: Action Plan first announced our government’s goal to make Ontario the most advanced digital jurisdiction in the world – all in the service of the people of this province,” said Peter Bethlenfalvy, Minister of Finance. “The release of Ontario’s Digital ID later this year will be an exciting step towards transforming and modernizing government services in an increasingly digital world.”
Responsive to Market Dynamics
Responsive to Industry Needs
Involvement with Governance of Networks and Registries
An incubator to help Early Adopters and their partners imagine, build and launch their EBSI pilot project(s)
Several committees promote the MyData movement in Japan in specific thematic areas. One of the most active committees is the Public Policy Committee, which has submitted expert opinions from the MyData Japan community to the Japanese government’s Public Comments.
Designed for Integrity MyDEX
Below are some of the design principles that underpin our infrastructure and services — principles designed to ensure that what we do truly does serve citizens, today and into the future.
Over the last 14 years we have built the infrastructure needed to make citizen data empowerment possible — infrastructure capable of providing every individual with their own personal data store, where they can safely and securely collect their own data, use it and share it under their own control. This infrastructure is now live and operational, officially recognised as a supplier to public services on procurement platforms in both England and Scotland and independently accredited for data management security under ISO 27001.
Identity beyond SSI
Authenticate Conference Gains Momentum in 2021 Find Biometrics
In-person attendance reached approximately 250 attendees, with good safety measures in place. No doubt we had to quickly get over the surreal nature of networking among security and identity experts while donning masks – symbology frequently used in the industry to represent the hackers! Virtual attendance was more than three-times the in-person numbers, and the tech and orchestration of the virtual speakers was very smooth.
Issues to make sure we (SSI) address
Broken access control
Software\Data Integrity Failure
Server Side Request Forgery
Multi-factor authentication takes it step further by requiring users to provide proof from two or more authentication factors (categories) before access is granted.
Access Now report holds up poster child Aadhaar as ‘Big ID’ bugbear Biometric Updates
A legal vacuum and vulnerable population allowed the creation of the world’s largest biometric digital ID project and built a myth which could be used by an entire industry to sell similar systems and dreams elsewhere, a new report argues.
Aadhaar, India’s flagship Big ID project, is a clear example of this approach. Despite all the positive propaganda in its favor, Aadhaar has had a disastrous impact, has been heavily criticized, and has been challenged in several courts across India, including the Supreme Court of India, for its serious violation of human rights.
Thanks for Reading!
Read more \ Subscribe: newsletter.identosphere.net
Support this publication: patreon.com/identosphere
Contact \ Submission: newsletter [at] identosphere [dot] net