Identosphere Weekly #14 - VCs for QiqoChat • SSI Architecture Stack • Peak Paradox

Now the new year has truly kicked off, and we're back in full swing with plenty of interesting developments and useful content.

Thanks for joining us for another edition of Identosphere’s Weekly Update!
A special thanks to our Patrons, who keep the wheels turning!

Feel free to share this publication with your friends and colleagues, who can sign up\read previous editions at

Support this weekly newsletter with a monthly contribution of your choice by visiting

Upcoming Events

PIDapalooza 2021

The idea behind PIDapalooza is that our organizations (CDL, Crossref, DataCite, NISO & ORCID) have a shared love of persistent identifiers and the metadata that connects them. That's what connects us!

Open festival of persistent identifiers January 27-28 2021

Markus Sabadello attended, in 2019, and wrote DIDs are PIDs: Report from PIDapalooza

three of us DID people (Pam Dingle, Kaliya Young, and myself) independently submitted proposals to present on DIDs at the PIDapalooza conference in Dublin. Kaliya’s talk titled “DIDs are PIDs” was chosen by the organizers, but for logistical reasons I ended up going there instead. And I’m happy I had this opportunity!

KCLive: Unlocking Decentralized Identity

Feb 3, 2021 - 4:00 pm CET, 10:00 am EST, 7:00 am PST

Join prominent speakers across domains for a deep dive into the latest trends in the decentralized identity space and get insights into exciting concepts such as reusable identity and a credential-exchange economy

Decentralised Identity: What’s at Stake?

The debate discussion will focus on the INATBA Position Paper on Decentralised Identity […] contribute to identifying next steps and understanding political/regulatory buy-in to the idea and potential barriers

January 21st • Registration Link

Thoughtful Biometrics Workshop

1st week of February: Monday, Wednesday, and Friday, 9am-1pm PST Noon-5 EST.

creating a space to dialogue about critical emerging issues surrounding biometric and digital identity technologies.

Register on EventBrite!


IdRamp and QiqoChat Announce Verifiable Credentials for Online Collaboration

QiqoChat has really stepped up in this time of need to provide an incredible online event user-experience, enabling a re-creation of the IIW experience throughout our Covid travel restrictions. This week they announced the launch of a Verifiable Credentials integration with the QiqoChat platform.

The community of professionals working on data privacy & consumer protection has been an early adopter of QiqoChat. During regional and global conferences, they have used the platform to share ideas and deliberate about the future of user-centric identity. Through these conferences, we’ve learned how solutions like IdRamp can be tremendously empowering for Internet users.

Spruce Developer Update #5

This is so exciting to see what Wayne and his team are building. 

At Spruce, we’re building a product suite to manage all aspects of the data supply chain.

  • Tezos DID Method - Specifies VC compatible DID creation and management

  • DIDKit - cross-platform toolkit for working with DIDs and VCs.

  • Credible - Spruce’s credential wallet.

  • Intake - onboarding tool \ secure document collection and processing.

IBM Digital Health Pass

IBM is pitching the Digital Health Pass to support re-opening. 

the digital wallet can allow individuals to maintain control of their personal health information and share it in a way that is secured, verifiable, and trusted.  Individuals can share their health pass to return to the activities and things they love, without requiring exposure of the underlying personal data used to generate the credential.

TNO shares verify the verifier use-case

COVID-19 urgency: coercion of health credentials is bad for society

In practice, the issue of countermeasures against coercion has so become more prominent and urgent in the context of the COVID-19 crisis. Here the 800-pound gorillas may be employers demanding health information that they are not entitled to, or even shops and restaurants, if the sharing of health data has become low friction thanks to verifiable credentials.

The article proposes including coercion countermeasures in governance frameworks:

  • Require authoritative verifier.

  • Require evidence collection. 

  • Require enabling anonymous complaints.

  • Require remote/proxy verification.

  • Require complying holder agent.

IATA unveils key design elements of travel pass

The IATA Travel Pass three critical design elements:

  • The IATA Travel Pass stores encrypted data including verified test or vaccination results on the mobile device of the traveler. The traveler controls what information is shared from their phone with airlines and authorities. No central database or data repository is storing the information. By keeping travelers 100% in control of their information, the highest standards for data privacy are ensured. IATA Travel Pass is also built on the highest standards of data protection laws, including General Data Protection Regulation (EU GDPR).

  • Global standards recognized by governments to ensure verified identity and test/vaccine information.

  • Convenience and biosafety will be enhanced with integration into contactless travel processes. The ICAO CART recommendations for biosafety include the use of contactless travel processes to reduce the risk of virus transmission when documents need to be exchanged in the travel process.

InfoCert adheres to the GLEIF International Foundation's program for promoting vLEI

The vLEI is a cryptographically verifiable credential according to W3C standards and containing the LEI ( Legal Entity Identifiers ), the identification code of legal entities made mandatory by Mifid II in order to operate on the financial markets: InfoCert, formerly LOU ( Local Operating Unit ) authorized by GLEIF will adopt vLEI as an identification standard within its DIZME ecosystem , the blockchain-based decentralized digital identity platform.

Ayanworks open sources

Aries Mobile Agent SDK for Google Flutter

Exactly a year ago in Jan 2020, we announced ARNIMA — first ever Aries React Native Mobile Agent SDK that we made open source for the Self-Sovereign Identity ecosystem.

[...] We are very excited to announce one more small open-source contribution from AyanWorks to the Aries community.

Distributed Open Identity: Self-Sovereign OpenID: A Status Report

follow up of the Identiverse 2019 session “SSO: Self-sovereign OpenID Connect – a ToDo list”. (Decentralized Identity, Mobile, Verified Claims & Credentials, Standards, Preeti Rastogi, Nat Sakimura)

Indian Data Legislation

Revisiting the non-personal data governance framework

In July 2020, an expert committee established by the Ministry of Electronics and Information Technology (MEITY) released a report on the Non-Personal Data (NPD) governance framework for India. The document is well-intentioned in that it recognises the public value of data, and the need to democratise its use.

Potential Impacts of Draft India Personal Data Protection Bill (PDPB) (Deloitte)

Capitalizing on Self-Sovereign Identity for Machines [Part One]

By providing a means to globally define an indisputable link between a machine and its machine identity across different sites, networks and businesses, we can secure IoT like never before.

The filancore integration for Verifiable Credentials is available now. You can learn more from the Venafi Marketplace.


How Exactly Are Verifiable Credentials Making the World Better?

This post shares 6 stories of how verifiable credentials can improve the lives of every day people:

Ajay is an Uber driver in San Francisco. He wants to try various temporary jobs while he’s studying but joining Lyft, Postmates and other platforms requires going through a long and tedious background verification and car certification process over and over again. 

Peak Paradox

Tony Fish follows up on an article he wrote with Kaliya about reconciling the differences between the rules and our principles.

This article explores how to look for a paradox within our known cognitive bias and how to identify and manage differences.

Ben Werdmuller blogs

And he encourages us to also blog,

I've lost any fear of looking stupid, mostly through enough repetitive practice of absolutely being stupid online.

After you’ve gotten your blog up, be sure and submit its RSS feed to our blogroll

Building decentralized social media

People, in general, want convenience from their technology, not morality. So instead of building a more ethical version of the past, we need to build a more suitable version of the future.

Whatever we're building, we never absolve ourselves from the need to understand our users as people and meet their needs.

The new age of privacy

Privacy is a human right. Surveillance has a chilling effect on free speech and freedom of association, which we consider to be fundamental tenets of democracy. Sure, you can make a bunch of money by learning everything you can about an individual and selling access to their attention. But not everything that is profitable should be permissible.


Kaliya on Ubisecure

The Domains of Identity and SSI with “Identity Woman”, Kaliya Young 

Kaliya and Oscar discuss the long-running Internet Identity Workshop (IIW) that she co-founded, the effects of moving to virtual identity conferences in 2020, insights from Kaliya’s books – ‘The Domains of Identity’, newly published in 2020, and ‘A Comprehensive Guide to Self Sovereign Identity’ – plus some great tips for all business leaders on how to view the role of identity in their organisation.

Hygiene for a computing pandemic 

This episode of FOSS and Crafts features Christopher Lemmer Webber discussing the object capability security approach. Its a generalization not specific to VCs, continuing from the conversation on the CCG mailinglist, Hygiene for a computing pandemic: separation of VCs and ocaps/zcaps, we shared last month. 

The podcast show-notes include an epic list of references supporting the discussion.

GlobalID starts a podcast!

EPISODE 01—The SEC’s crypto turf war and why XRP isn’t a security

We’re thrilled to start the new year by sharing the (impromptu) premier episode of The GlobaliD Podcast with Greg Kidd. We’ll have new episodes every two weeks.

Organization News

2021 OpenID Foundation Individual Community Board Members Election

The OpenID Foundation plays an important role in the interoperability of Internet identity. This is to announce the OpenID Foundation individual community board members 2021 election schedule. Those elected will help determine the role the Foundation plays in facilitating the creation and adoption of open identity standards.

The Value of the Pan-Canadian Trust Framework

Kaliya wrote a great article with Joni Brennan of DIACC about how to re-open our economy while protecting privacy.

Without transparent operational guidance, people’s privacy and personal freedoms may be compromised. By having a set of operational rules, decision makers will have the capacity to make better decisions that will enable the public to trust that the tools being implemented have been designed to respect their best interests.

Lissi shares:

#SSI Architecture Stack & Communication efforts - by Rouven Heck - presented at #IIW30 @idworkshop and updated by #DIF @DecentralizedID


Torus: DKMS and Login for Web3

Leonard Tan & Yong Zhen Yu recently appeared on Epicenter Podcast to discuss their decentralized key management system, leveraging OAuth2 and WebAuthN to bring improved log-in and recovery for blockchain\DeFi applications. 

Did you know that California has a Data Broker Registry?

California law requires a data broker, as that term is defined in California Civil Code § 1798.99.80, to register with the Attorney General on its internet website that is accessible to the public, on or before January 31 following each year in which a business meets the definition of a data broker.

Thanks again, for stopping by!

Support this weekly newsletter with a monthly contribution of your choice by visiting