A half-day unconference for technologists who are making alternatives to Facebook; policy makers with ideas about how to fix, regulate and/or break-up Facebook; and organizers looking for answers that address Facebook's central and toxic role in civic life.
lessons I took away from asking tech identity experts Andrew Baker (Head of EC2 Engineering at AWS), our mystery guest and Marius Mare (CEO of Sybrin), to why we need self-sovereign identity and why it has such profound implications.
despite the technological revolution we are living through, identity management is still as objectionable as ever, which is allowing criminals and companies (particularly the social media giants) to know more about you than can ever be justifiable.
In this discussion I ask Andrew Baker, AWS's Head of EC2 Engineering and a surprise guest, to share their views on whether Self Sovereign Identity management could be the solution and how likely it is
Identification is key to our success. It determines the jobs we get, the money we make, how we can manage our health, and more. The fact of the matter is that 3.4 billion people have access to legally recognized identification but still have difficulty using that identification online.
Token-based identity systems move us from talking about who, to thinking about what, so that people can operationalize their digital lives. Token-based identity systems support complex online interactions that are flexible, ad hoc, and cross-domain.
Bosch researcher Christian Borman explains how SSI will not only increase privacy but also have a positive impact on B2B interactions and supply chain management. Meanwhile, Geoff meets mentalist Thorsten Havener. Will he reveal Geoff’s true identity? Inspired by this, Shuko presents some crypto magic…
we discussed the white paper he authored on Self Sovereign Identity and IoT. To explain the opportunities SSI can provide to IoT, Michael introduces us to three profiles: Jamie (machine to person), Bob (machine to machine) and Bessie the cow (digital twin).
Are these advantages enough to disrupt surveillance capitalism? Do you think SSI is the antidote for today’s Internet identity problems and surveillance capitalism? Please share your thoughts with us.
In 2018, I was trying to open a bank account in my home town of Mutare, Zimbabwe, having just come back from the 1st world, I was under the impression it would take me at most 30 mins to an hour. I immediately realised I couldn’t provide most of the requirements such as my ‘Proof of Residence’ and many more. It turns out it took weeks and months for some to finish the entire process.
Although the blockchain has long been identified as an opportunity for driving much-needed change in the core processes of the education sector, use cases to date have been limited in scope and execution, with blockchain advocates and education policy makers seemingly disconnected on fundamental issues such as governance, self-sovereignty, interoperability, choice of blockchain platforms and overall trust in standards and the integrity of the infrastructure.
The user has one wallet where all their important documents are kept safe and secure. Since this wallet is a trusted source, when they share anything from it, it is trusted to be true and accurate without having to get another party involved.
DIDs are a critical part of a technical foundation for the products and activities of many of our members. Many of the implementations in the DID Working Group’s implementation report were developed by engineers and companies who collaborate openly at DIF on points of technical interoperability, and at ToIP on points of policy and governance.
We have a new suite of badges to encourage participation, create value for others, and reflect on that experience. Participants will be able to both earn AND award badges, so they’ll have a chance to prove that they’ve understood the theory surrounding CoPs and badges as well as put those theories into practice.
Idea One: Build out and refine “The Trust Chain”, or “chain of trust,” a PD&I industry value chain framework envisioned by Virginie.
Idea Two: Refine PD&I industry practices, optimize all of the data that mobile operators are holding on to, and ensure that appropriate technical, legal, and ethical exchange mechanisms are in place to ensure responsible use of PD&I.
Idea Three: Standardize a connected individual identity scoring scheme, i.e., a scheme for identity and transaction verification, often centralized around mobile data. This scheme is analogous to credit scoring for lending and fraud detection for credit card purchases. It would help enterprises simultaneously better serve their customers, protect PD&I, mitigate fraud, and improve their regulatory compliance efforts.
In their final recommendations, the researchers from INNOPAY and TNO argue that in view of the social value of digital data exchange, the government would do well to play a driving role in the further consolidation of the SSI playing field. That starts with creating clarity about the relationship between the Digital Government Act and the EU Digital Identity Wallet.
The intent of this DIACC Industry Survey is to identify any pain points Canadian industries have that prevent the use of trusted Digital Identity frameworks. This survey will be open indefinitely with responses monitored regularly.
Government should adopt a simple, existing standard for its digital ID system, such as the public-key infrastructure (PKI)-based system in use within many European countries. PKI offers a number of security and privacy benefits that the TDIF aims to have; however, as no central authority is involved in authentication, no entity can meaningfully track user activity.
The ID wallet for the digital driver's license is not only technically immature. Government data show: the allocation was not transparent, security checks were incomplete - and the possible direction is questionable.
Meet Alex Norta, associate professor at TalTech who talks about his project “Self-sovereign multi-factor identity authentication using smart-contract blockchain technology”, that will be carried out in collaboration with the University of Central Florida
I look forward to joining you on that journey and bringing some learnings from my previous gig along too. I expect it to be DINZ’s key focus these next few months. Stakeholder collaboration is the key to success in the case of Trust Frameworks, so you can be sure that I’ll be looking for opportunities where DINZ can play a role.
Adams will serve as the key contact for organizations seeking Kantara Trust Mark approval. She has 15 years of experience in the education and industry association fields and holds bachelor’s and master’s degrees in Education.
The development of the Data Governance Act (DGA) is exciting for MyData because it shows a clear link to the MyData Operators white paper, which describes the operations and functions of what the EU terms as “data intermediaries”.
The big question now is how to enable this to happen at scale, safely, securely and efficiently. One key element of this is useful, easy-to-use interfaces, the taps and switches that mean people can use the infrastructure without having to think much about it. .
The EFF calls out as a significant privacy risk the proposed requirement to have ecommerce platforms verify the identity, address and contact information of any third party seller who uses their services.
In particular, I explained that using WebAuthn/FIDO authenticators to sign into OpenID Providers brings phishing resistance to millions of OpenID Relying Parties without them having to do anything!
In short: you can deploy all the technological measures you want, but unless you address the human element, an attacker can defeat your defenses with a simple phone call or email.
If you haven’t read this paper before you design an authentication system you’re probably just reinventing something already created or missing a piece of the puzzle
[...]
What I’m proposing I think is a way in which we can jump this hurdle through the usage of hard data. Read on and let me know if you think this can solve this issue or if I’m just full of my own implicit biases.
SMS (Short Message Service) messaging¹, despite a number of material challenges, has broad adoption, international regulations, and support across platforms.
Magic Login Form represents a new onboarding experience for end-users, so we wanted to revamp our own onboarding experience for developers to match. Learning about auth can quickly derail any developer’s good day. Striking the balance between good UX and good security can just boggle the mind.
