Identosphere 56 • Logging off Facebook • Misframing Authentication • The Trust Chain

A weekly review of the latest stories and information pertaining to the creation of a network of decentralized identity online

This weekly newsletter is possible thanks to readers like you!

Consider paying us a small amount each month via Patreon

Upcoming

Logging off Facebook, what comes next? Planetwork 11/12

A half-day unconference for technologists who are making alternatives to Facebook; policy makers with ideas about how to fix, regulate and/or break-up Facebook; and organizers looking for answers that address Facebook's central and toxic role in civic life.

Explainer

How Decentralized Identifiers and Bitcoin Fix the Web Bitcoin Magazine

On October 4, 2021, Facebook, along with WhatsApp and Instagram, disappeared from the internet.

Their DNS names stopped resolving, and their infrastructure IPs were offline. They were completely disconnected from the internet. At the same time, it was reported that 1.5 billion people allegedly had their personal data stolen from Facebook and posted for sale.

17 Things You Should Know About Self Sovereign Identity Colin Iles

lessons I took away from asking tech identity experts Andrew Baker (Head of EC2 Engineering at AWS), our mystery guest and Marius Mare (CEO of Sybrin), to why we need self-sovereign identity and why it has such profound implications.

Is Self Sovereign Identity Going Exponential - With Andrew Baker and A Suprise Guest Colin Iles

despite the technological revolution we are living through, identity management is still as objectionable as ever, which is allowing criminals and companies (particularly the social media giants) to know more about you than can ever be justifiable.

In this discussion I ask Andrew Baker, AWS's Head of EC2 Engineering and a surprise guest, to share their views on whether Self Sovereign Identity management could be the solution and how likely it is

Digital Identity: The Trending Tech Concept Changing How We Live Forbes

Identification is key to our success. It determines the jobs we get, the money we make, how we can manage our health, and more. The fact of the matter is that 3.4 billion people have access to legally recognized identification but still have difficulty using that identification online.

Token-Based Identity Windley

Token-based identity systems move us from talking about who, to thinking about what, so that people can operationalize their digital lives. Token-based identity systems support complex online interactions that are flexible, ad hoc, and cross-domain.

Use Case

Controlling Our ID with Self-Sovereign Identities KnowHowToWow 

Bosch researcher Christian Borman explains how SSI will not only increase privacy but also have a positive impact on B2B interactions and supply chain management. Meanwhile, Geoff meets mentalist Thorsten Havener. Will he reveal Geoff’s true identity? Inspired by this, Shuko presents some crypto magic…

Ep. 146 – Self-Sovereign Identity and IoT – insights from the Sovrin Foundation Insureblocks

we discussed the white paper he authored on Self Sovereign Identity and IoT. To explain the opportunities SSI can provide to IoT, Michael introduces us to three profiles: Jamie (machine to person), Bob (machine to machine) and Bessie the cow (digital twin).

Can SSI Disrupt Surveillance Capitalism? Affinidi

Are these advantages enough to disrupt surveillance capitalism? Do you think SSI is the antidote for today’s Internet identity problems and surveillance capitalism? Please share your thoughts with us.

Digital identity can transform Africa’s economic landscape

In 2018, I was trying to open a bank account in my home town of Mutare, Zimbabwe, having just come back from the 1st world, I was under the impression it would take me at most 30 mins to an hour. I immediately realised I couldn’t provide most of the requirements such as my ‘Proof of Residence’ and many more. It turns out it took weeks and months for some to finish the entire process.

Education

Blockchain, Self-Sovereign Identity and Digital Credentials: Promise Versus Praxis in Education Alex Grech, Ira Sood and Lluís Ariño

Although the blockchain has long been identified as an opportunity for driving much-needed change in the core processes of the education sector, use cases to date have been limited in scope and execution, with blockchain advocates and education policy makers seemingly disconnected on fundamental issues such as governance, self-sovereignty, interoperability, choice of blockchain platforms and overall trust in standards and the integrity of the infrastructure.  

Blockchain and the future of education Well That’s Interesting

The user has one wallet where all their important documents are kept safe and secure. Since this wallet is a trusted source, when they share anything from it, it is trusted to be true and accurate without having to get another party involved.

Comments on META

FOR IMMEDIATE RELEASE: BEN WERDMÜLLER

we, the people who enabled several genocides around the world and a right-wing coup against American democracy, now wish to own reality itself

Standards

A  DIF & TOIP Joint Statement of Support for the Decentralized Identifiers (DIDS) V1.0 Specification Becoming A W3C Specification.

DIDs are a critical part of a technical foundation for the products and activities of many of our members. Many of the implementations in the DID Working Group’s implementation report were developed by engineers and companies who collaborate openly at DIF on points of technical interoperability, and at ToIP on points of policy and governance.

Keep Badges Weird… at the Badge Summit

We have a new suite of badges to encourage participation, create value for others, and reflect on that experience. Participants will be able to both earn AND award badges, so they’ll have a chance to prove that they’ve understood the theory surrounding CoPs and badges as well as put those theories into practice.

Self-Sovereign Identity (SSI) and Verifiable Credentials (VC) in Ocean Protocol

What already exists, more recently: fine-grained permissions 1:

  1. Marketplace-level fine-grained permissions for browsing, publishing, etc within a marketplace frontend

  2. Asset-level fine-grained permissions on consuming the asset itself

Learning from the Neighbors - Mobile Expert Interview

PD&I Exchange Models, The Trust Chain, and A Connected Individual Identity Scoring Scheme with Virginie Debris of GMS Identity Praxis

  • Idea One: Build out and refine “The Trust Chain”, or “chain of trust,” a PD&I industry value chain framework envisioned by Virginie.

  • Idea Two: Refine PD&I industry practices, optimize all of the data that mobile operators are holding on to, and ensure that appropriate technical, legal, and ethical exchange mechanisms are in place to ensure responsible use of PD&I.

  • Idea Three: Standardize a connected individual identity scoring scheme, i.e., a scheme for identity and transaction verification, often centralized around mobile data. This scheme is analogous to credit scoring for lending and fraud detection for credit card purchases. It would help enterprises simultaneously better serve their customers, protect PD&I, mitigate fraud, and improve their regulatory compliance efforts.

Public Sector

Engaging with the Ontario Digital Identity Program. TrustOverIP

  • A summary of findings from government-led public consultations on digital identity

  • An overview of Ontario’s Digital ID technology roadmap, and discussions about the technology stacks and infrastructure

  • Ontario’s proposed conceptual model for digital identity, and the principles that inform it

Control over data still a long way off according to research into Self-Sovereign Identity iBestuur

In their final recommendations, the researchers from INNOPAY and TNO argue that in view of the social value of digital data exchange, the government would do well to play a driving role in the further consolidation of the SSI playing field. That starts with creating clarity about the relationship between the Digital Government Act and the EU Digital Identity Wallet. 

DIACC Industry Survey

The intent of this DIACC Industry Survey is to identify any pain points Canadian industries have that prevent the use of trusted Digital Identity frameworks. This survey will be open indefinitely with responses monitored regularly.

Access the survey here.

More hurdles to clear as Digital Identity Bill enters [Australian] Parliament FST

Government should adopt a simple, existing standard for its digital ID system, such as the public-key infrastructure (PKI)-based system in use within many European countries. PKI offers a number of security and privacy benefits that the TDIF aims to have; however, as no central authority is involved in authentication, no entity can meaningfully track user activity.

"Irresponsible and Dangerous" Spigel

The ID wallet for the digital driver's license is not only technically immature. Government data show: the allocation was not transparent, security checks were incomplete - and the possible direction is questionable.

Organization

Bonifii increases financial inclusion with GlobaliD digital wallet and Indicio Network

CULedger is now Bonifii! Delivering a trusted peer-to-peer services network of verifiable exchange for financial cooperatives.

Alex Norta | NGI Explorers Third Expedition: meet the Explorers

Meet Alex Norta, associate professor at TalTech who talks about his project “Self-sovereign multi-factor identity authentication using smart-contract blockchain technology”, that will be carried out in collaboration with the University of Central Florida

Industry Personal Changes in industry orgs.

The emerging framework of digital identity in NZ  Collin Wallis (first letter as ED) 

I look forward to joining you on that journey and bringing some learnings from my previous gig along too. I expect it to be DINZ’s key focus these next few months. Stakeholder collaboration is the key to success in the case of Trust Frameworks, so you can be sure that I’ll be looking for opportunities where DINZ can play a role.

Adams Named Kantara Initiative Identity Assurance Framework Program Manager

Adams will serve as the key contact for organizations seeking Kantara Trust Mark approval. She has 15 years of experience in the education and industry association fields and holds bachelor’s and master’s degrees in Education.

MyData

MyData and the European Union’s Latest Data Developments

The development of the Data Governance Act (DGA) is exciting for MyData because it shows a clear link to the MyData Operators white paper, which describes the operations and functions of what the EU terms as “data intermediaries”. 

Deploying Personal Data Stores at Scale MyDex

The big question now is how to enable this to happen at scale, safely, securely and efficiently. One key element of this is useful, easy-to-use interfaces, the taps and switches that mean people can use the infrastructure without having to think much about it. . 

Identity but not SSI

SHOP SAFE Act, if Passed, Presents Major Privacy Risk, says EFF Anonyme

The EFF calls out as a significant privacy risk the proposed requirement to have ecommerce platforms verify the identity, address and contact information of any third party seller who uses their services.

OpenID and FIDO Presentation at October 2021 FIDO Plenary SelfIssued.Info (preso)

In particular, I explained that using WebAuthn/FIDO authenticators to sign into OpenID Providers brings phishing resistance to millions of OpenID Relying Parties without them having to do anything!

How Social Engineering Has (And Hasn’t) Evolved Over Time auth0

In short: you can deploy all the technological measures you want, but unless you address the human element, an attacker can defeat your defenses with a simple phone call or email.

My Take on the Misframing of the Authentication Problem Kyle Den Hartog

If you haven’t read this paper before you design an authentication system you’re probably just reinventing something already created or missing a piece of the puzzle

[...]

What I’m proposing I think is a way in which we can jump this hurdle through the usage of hard data. Read on and let me know if you think this can solve this issue or if I’m just full of my own implicit biases. 

Developers: SMS Authentication is Challenging Magic Labs

SMS (Short Message Service) messaging¹, despite a number of material challenges, has broad adoption, international regulations, and support across platforms.

The Things to Keep in Mind about Auth Okta

Building a low-code, opinionated approach to plug & play login Magic Labs

Magic Login Form represents a new onboarding experience for end-users, so we wanted to revamp our own onboarding experience for developers to match. Learning about auth can quickly derail any developer’s good day. Striking the balance between good UX and good security can just boggle the mind.

Thanks for Reading!

Read more \ Subscribe: newsletter.identosphere.net

Support this publication: patreon.com/identosphere

Contact \ Submission: newsletter [at] identosphere [dot] net