Identosphere 56 • Logging off Facebook • Misframing Authentication • The Trust Chain
A weekly review of the latest stories and information pertaining to the creation of a network of decentralized identity online
This weekly newsletter is possible thanks to readers like you!
Read previous issues and Subscribe : newsletter.identosphere.net
Contact \ Content Submissions: newsletter [at] identosphere [dot] net
NL Research Seminars | Self-Sovereign Identity and Storage Nomadic Labs 11/2
The Nomadic Labs Research Seminars series is dedicated to promoting and discussing the extensive list of Tezos research and development projects.
Last month, Google, Apple, and Mozilla lodged formal objections to W3C approval of the W3C Decentralized Identifiers (DIDs) 1.0 specification.
Engineering Successful IAM Projects to Support Digital Business 11/23 KuppingerCole
Self-issued OpenID Provider (SIOP) Update Kristina Yasuda – Microsoft
Logging off Facebook, what comes next? Planetwork 11/12
A half-day unconference for technologists who are making alternatives to Facebook; policy makers with ideas about how to fix, regulate and/or break-up Facebook; and organizers looking for answers that address Facebook's central and toxic role in civic life.
How Decentralized Identifiers and Bitcoin Fix the Web Bitcoin Magazine
On October 4, 2021, Facebook, along with WhatsApp and Instagram, disappeared from the internet.
Their DNS names stopped resolving, and their infrastructure IPs were offline. They were completely disconnected from the internet. At the same time, it was reported that 1.5 billion people allegedly had their personal data stolen from Facebook and posted for sale.
lessons I took away from asking tech identity experts Andrew Baker (Head of EC2 Engineering at AWS), our mystery guest and Marius Mare (CEO of Sybrin), to why we need self-sovereign identity and why it has such profound implications.
despite the technological revolution we are living through, identity management is still as objectionable as ever, which is allowing criminals and companies (particularly the social media giants) to know more about you than can ever be justifiable.
In this discussion I ask Andrew Baker, AWS's Head of EC2 Engineering and a surprise guest, to share their views on whether Self Sovereign Identity management could be the solution and how likely it is
Identification is key to our success. It determines the jobs we get, the money we make, how we can manage our health, and more. The fact of the matter is that 3.4 billion people have access to legally recognized identification but still have difficulty using that identification online.
Token-Based Identity Windley
Token-based identity systems move us from talking about who, to thinking about what, so that people can operationalize their digital lives. Token-based identity systems support complex online interactions that are flexible, ad hoc, and cross-domain.
Controlling Our ID with Self-Sovereign Identities KnowHowToWow
Bosch researcher Christian Borman explains how SSI will not only increase privacy but also have a positive impact on B2B interactions and supply chain management. Meanwhile, Geoff meets mentalist Thorsten Havener. Will he reveal Geoff’s true identity? Inspired by this, Shuko presents some crypto magic…
we discussed the white paper he authored on Self Sovereign Identity and IoT. To explain the opportunities SSI can provide to IoT, Michael introduces us to three profiles: Jamie (machine to person), Bob (machine to machine) and Bessie the cow (digital twin).
Are these advantages enough to disrupt surveillance capitalism? Do you think SSI is the antidote for today’s Internet identity problems and surveillance capitalism? Please share your thoughts with us.
In 2018, I was trying to open a bank account in my home town of Mutare, Zimbabwe, having just come back from the 1st world, I was under the impression it would take me at most 30 mins to an hour. I immediately realised I couldn’t provide most of the requirements such as my ‘Proof of Residence’ and many more. It turns out it took weeks and months for some to finish the entire process.
Blockchain, Self-Sovereign Identity and Digital Credentials: Promise Versus Praxis in Education Alex Grech, Ira Sood and Lluís Ariño
Although the blockchain has long been identified as an opportunity for driving much-needed change in the core processes of the education sector, use cases to date have been limited in scope and execution, with blockchain advocates and education policy makers seemingly disconnected on fundamental issues such as governance, self-sovereignty, interoperability, choice of blockchain platforms and overall trust in standards and the integrity of the infrastructure.
Blockchain and the future of education Well That’s Interesting
The user has one wallet where all their important documents are kept safe and secure. Since this wallet is a trusted source, when they share anything from it, it is trusted to be true and accurate without having to get another party involved.
Comments on META
FOR IMMEDIATE RELEASE: BEN WERDMÜLLER
we, the people who enabled several genocides around the world and a right-wing coup against American democracy, now wish to own reality itself
A DIF & TOIP Joint Statement of Support for the Decentralized Identifiers (DIDS) V1.0 Specification Becoming A W3C Specification.
DIDs are a critical part of a technical foundation for the products and activities of many of our members. Many of the implementations in the DID Working Group’s implementation report were developed by engineers and companies who collaborate openly at DIF on points of technical interoperability, and at ToIP on points of policy and governance.
Keep Badges Weird… at the Badge Summit
We have a new suite of badges to encourage participation, create value for others, and reflect on that experience. Participants will be able to both earn AND award badges, so they’ll have a chance to prove that they’ve understood the theory surrounding CoPs and badges as well as put those theories into practice.
What already exists, more recently: fine-grained permissions 1:
Marketplace-level fine-grained permissions for browsing, publishing, etc within a marketplace frontend
Asset-level fine-grained permissions on consuming the asset itself
Learning from the Neighbors - Mobile Expert Interview
PD&I Exchange Models, The Trust Chain, and A Connected Individual Identity Scoring Scheme with Virginie Debris of GMS Identity Praxis
Idea One: Build out and refine “The Trust Chain”, or “chain of trust,” a PD&I industry value chain framework envisioned by Virginie.
Idea Two: Refine PD&I industry practices, optimize all of the data that mobile operators are holding on to, and ensure that appropriate technical, legal, and ethical exchange mechanisms are in place to ensure responsible use of PD&I.
Idea Three: Standardize a connected individual identity scoring scheme, i.e., a scheme for identity and transaction verification, often centralized around mobile data. This scheme is analogous to credit scoring for lending and fraud detection for credit card purchases. It would help enterprises simultaneously better serve their customers, protect PD&I, mitigate fraud, and improve their regulatory compliance efforts.
A summary of findings from government-led public consultations on digital identity
An overview of Ontario’s Digital ID technology roadmap, and discussions about the technology stacks and infrastructure
Ontario’s proposed conceptual model for digital identity, and the principles that inform it
In their final recommendations, the researchers from INNOPAY and TNO argue that in view of the social value of digital data exchange, the government would do well to play a driving role in the further consolidation of the SSI playing field. That starts with creating clarity about the relationship between the Digital Government Act and the EU Digital Identity Wallet.
The intent of this DIACC Industry Survey is to identify any pain points Canadian industries have that prevent the use of trusted Digital Identity frameworks. This survey will be open indefinitely with responses monitored regularly.
Access the survey here.
Government should adopt a simple, existing standard for its digital ID system, such as the public-key infrastructure (PKI)-based system in use within many European countries. PKI offers a number of security and privacy benefits that the TDIF aims to have; however, as no central authority is involved in authentication, no entity can meaningfully track user activity.
The ID wallet for the digital driver's license is not only technically immature. Government data show: the allocation was not transparent, security checks were incomplete - and the possible direction is questionable.
CULedger is now Bonifii! Delivering a trusted peer-to-peer services network of verifiable exchange for financial cooperatives.
Meet Alex Norta, associate professor at TalTech who talks about his project “Self-sovereign multi-factor identity authentication using smart-contract blockchain technology”, that will be carried out in collaboration with the University of Central Florida
Industry Personal Changes in industry orgs.
The emerging framework of digital identity in NZ Collin Wallis (first letter as ED)
I look forward to joining you on that journey and bringing some learnings from my previous gig along too. I expect it to be DINZ’s key focus these next few months. Stakeholder collaboration is the key to success in the case of Trust Frameworks, so you can be sure that I’ll be looking for opportunities where DINZ can play a role.
Adams will serve as the key contact for organizations seeking Kantara Trust Mark approval. She has 15 years of experience in the education and industry association fields and holds bachelor’s and master’s degrees in Education.
The development of the Data Governance Act (DGA) is exciting for MyData because it shows a clear link to the MyData Operators white paper, which describes the operations and functions of what the EU terms as “data intermediaries”.
The big question now is how to enable this to happen at scale, safely, securely and efficiently. One key element of this is useful, easy-to-use interfaces, the taps and switches that mean people can use the infrastructure without having to think much about it. .
Identity but not SSI
The EFF calls out as a significant privacy risk the proposed requirement to have ecommerce platforms verify the identity, address and contact information of any third party seller who uses their services.
OpenID and FIDO Presentation at October 2021 FIDO Plenary SelfIssued.Info (preso)
In particular, I explained that using WebAuthn/FIDO authenticators to sign into OpenID Providers brings phishing resistance to millions of OpenID Relying Parties without them having to do anything!
In short: you can deploy all the technological measures you want, but unless you address the human element, an attacker can defeat your defenses with a simple phone call or email.
My Take on the Misframing of the Authentication Problem Kyle Den Hartog
If you haven’t read this paper before you design an authentication system you’re probably just reinventing something already created or missing a piece of the puzzle
What I’m proposing I think is a way in which we can jump this hurdle through the usage of hard data. Read on and let me know if you think this can solve this issue or if I’m just full of my own implicit biases.
SMS (Short Message Service) messaging¹, despite a number of material challenges, has broad adoption, international regulations, and support across platforms.
Magic Login Form represents a new onboarding experience for end-users, so we wanted to revamp our own onboarding experience for developers to match. Learning about auth can quickly derail any developer’s good day. Striking the balance between good UX and good security can just boggle the mind.
Thanks for Reading!
Read more \ Subscribe: newsletter.identosphere.net
Support this publication: patreon.com/identosphere
Contact \ Submission: newsletter [at] identosphere [dot] net