Identosphere Weekly #19 • The Flavors of Verifiable Credentials • Intaba Roundtable • Mydata on DGA
⑲ The cream off of the weekly news cycle: Upcoming Webinars, Videos, Podcasts, & other News on Verifiable Credentials, Decentralized Identity and Personal Data ⑲
Welcome to another issue of identity highlights!
Much thanks to our Patrons who support this publication.
If you haven’t already, consider making a contribution of your choice at https://patreon.com/identosphere/.
Upcoming EVENTS
Digital Sovereignty in eID-Solutions – Self-sovereign, Centralised or Privatised? Part 2
NGI Forward Salon • 24 February (free)
Internet Identity Workshop XXXII (#32)
If you are new to the SSI space this is the place to be. Take advantage of the virtual event this April 20 - 22, 2021 it is our 3rd Virtual Event via QiqoChat. We are planning to be in person (if possible) for IIW #33 in Mountain View, October the 12-14th, 2021.
Thoughtful Biometrics is March 8,10,12
creating a space to dialogue about critical emerging issues surrounding biometric and digital identity technologies.
Company News
Meeco is Hiring
Graduate or Junior UX/UI Designer for our Australian team, where you can help shape the API-of-Me.
Technical Team Lead for our Australian team, where you can help shape the API-of-Me.
From Trinsic
New Tools to Support Production Deployments
View historical uptime: Using the status page, you can see the last 90 days of uptime of all our externally-facing services. You can also inspect individual incidents and view incident reports.
Be notified of incidents: By clicking the “subscribe” button in the upper-left of the screen, you can have any downtime or incidents trigger a notification to your email or Slack workspace.
As Trinsic has grown in popularity among the SSI developer community, several Trinsic User Groups have started organically. While we encourage this, we also want to give these communities an official home. That’s why we’ve created a Slack workspace just for the Trinsic community.
Company Culture & Trinsineers
Trinsineers are people who’ve agreed to take the journey to make the world more accessible to people everywhere. We’re a team of people who happen to be working together inside a legal entity called Trinsic. This journey is not a casual stroll, but an expedition. As Trinsineers, we’re developing a culture that is not only helping us accomplish our goals but bringing fulfillment and enjoyment along the way.
SSI and Music in Web 3.0
while our primary goals of financial disintermediation and inclusion are being realized in our existing projects, a greater long-term goal remains: to return to musicians and artists the control of their own data. Music publishing companies, record labels, performance rights organizations, and other industry intermediaries have had too much power for too long.
Ditto Music developing Opulous on Algorand
More on the company who wants to bring SSI (and DeFi) to independent artists.
we’ve helped more than 250,000 artists get their music out to the world independently.
Our business has expanded from distribution to providing record label, publishing and management services. Every move we’ve made has been based on our mission to help artists take control of their own music careers.
That’s why I’m so excited about our latest product Opulous, which we’re developing with Algorand. It’s our first step into the world of DeFi.
If you read nothing else this week get these 2 papers
Critical in understanding interoperability issues with Verifiable Credentials Formats.
The Flavors of Verifiable Credentials
is complete and published on the Linux Foundation Public Health Blog.
The differences between the different flavors of VCs for technically inclined readers. It elaborated on the differences between JSON and JSON-LD and articulated differences between the two different implementations of ZKP style credentials. The ‘Journey of a VC’ section articulated all steps where VCs are active and highlighted the differences in how different VC flavors ’behave’.
Decentralized identity discussed: An INATBA roundtable round-up
We pointed to this before it happened. It was great. Here is a round up from Jolocom. It is highly recommended.
The paper Decentralised Identity: What’s at Stake?. Answering the paper’s core question of what’s at stake, it gives three essential scenarios:
Ideal – full convergence of SSI technology with interoperability by default.
Functional – partial convergence resulting in detached ecosystems.
Dysfunctional – no convergence and isolated, locked-in ecosystems.
Blogs
A Unified Theory of Decentralization
The good news is that centralization isn’t the only source of convenience. As you will see in the discussion farther down, decentralized solutions for the problems of distributed systems are more robust and designed to operate in the worst of conditions.
Windley Writes
Passwords are Ruining the Web
Passwords are ruining the web with awful, lengthy, and inconsistent user experiences. They're insecure and lead to data breaches. The good news is there are good ways for web sites to be passwordless. If you hate passwords, build the world you want to live in.
Persistence, Programming, and Picos -
Picos show that image-based development can be done in a manner consistent with the best practices we use today without losing the important benefits it brings.
About: PICOS
The project name, PICOS, is an abbreviation of “Privacy and Identity Management for Community Services”. The objective of the project is to advance the state of the art in technologies that provide privacy-enhanced identity and trust management features within complex community-supporting services that are built on Next Generation Networks and delivered by multiple communication service providers. The approach taken by the project is to research, develop, build trial and evaluate an open, privacy-respecting, trust-enabling identity management platform that supports the provision of community services by mobile communication service providers.
Learn more about the motivation, the objectives, tasks and achievements of PICOS, and get to know the PICOS exemplary communities.
Kaliya has two cool new jobs.
Working as the Ecosystems Director at Covid Credentials Initiative and heading the Verifiable Credentials Policy Committee of the Blockchain Advocacy Committee.
Organization News
Jolocom’s latest contributions to DIF
Over the course of 2020,
Jolocom added support for an off-chain element based on KERI. This is in addition to the Jolocom DID method (did:jolo and did:keri), which supports the Jolocom-Lib, our own SDK and the Jolocom SmartWallet.
Jolocom focused on the Rust KERI implementation, which we donated to DIF last fall
An example of the KERI DID registrar/resolver integrated in our library can be found here. This is also included in the Jolocom SmartWallet via the SDK integration. (KERI is currently being worked on in the Decentralized Identity Foundation’s Identifiers and Discovery Working Group,)
We at Jolocom strongly believe that DIDComm is a crucial infrastructure element for the broader and future-proof SSI stack, and current work on DIDComm v2 includes Jolocom’s implementation of the specification with authcrypt (authenticated encrypted) and most of the low level of the protocol.
DIF F2FJan21 - DIDComm Demo Session with Ivan Temchenko, Tobias Looker, and Oliver Terbu
During the live demo he showed the message lifecycle in various setups using the new, open source didcomm-rs library on GitHub
Sovrin ANN: Compliance & Inclusive Finance Working Group (CIFWG)
Since 2019, Sovrin has hosted the Compliance and Payments Task Force (CPTF), an open group of traditional bank and non-bank financial institutions, regulators, policymakers, technologists, ethicists, and legal experts. The CPTF has developed and promoted the Rulebook, an innovative best practices framework that extends traditional banking compliance and payments guidance to emerging fintech and VASP processes.
MyData Global response to Data Governance Act, Feb 8th 2021
Towards interconnected and human-centric data intermediaries
We believe that the Data Governance Act can influence global norms on sustainable data governance in the same way as the GDPR pushed the data protection norms beyond the EU.
Our top picks for potential improvements are:
1. Explicitly include individuals as active participants in the definitions
2. Clear and comprehensive scope
3. Moderate requirements
4. Interoperability between the data sharing services
LFPH Calls for Coordination of Digital Vaccination Records Using Open Standards
The CCI community collaborated with Linux Foundation Public Health to write a letter to the Biden Administration about how Verifiable Credentials could be used to support re-opening the economy.
Some states and other countries have started to pilot this approach, as have various industries like film and aviation. But, the inconsistent use of standards and varying implementations have already led to confusion and public concern. An effort coordinated at the federal level would lead most quickly to uniform adoption and true inter-state and cross-domain interoperability.
LFPH and our partner organizations are ready to collaborate with you on this.
Covid Vaccinations ‘Data Donor’ Program – A Proposal for the Scottish Government
“The Scottish Government must invest in data, digital and technology in health and social care to help Scotland recover from Covid-19. Closing the data gap in the sector could be worth £800m a year and deliver savings of £5.4bn to NHS Scotland. SCD said better data would help to build resilience against future public health challenges, which in turn will drive a healthy economy.” - Scottish Council for Development and Industry
Our solution provides a platform for achieving exactly this, both in terms of equipping Scotland with a powerful integrated data environment and also through a framework where developers can further build on this with other apps for a myriad of other use cases. It could be tied in with the vaccination scheduling system as an immediate step for example.
On Tuesday, the Good Health Pass Collaborative (GHPC) launched.
ID2020 announced the launch of the Good Health Pass Collaborative along with more than 25 leading individual companies and organizations in the technology, health, and travel sectors — including the Airports Council International (ACI), Commons Project Foundation, Covid Credentials Initiative, Evernym, Hyperledger, IBM, International Chamber of Commerce (ICC), Linux Foundation Public Health, Lumedic, Mastercard, Trust Over IP Foundation, and others.
Working Together on What “Good” Looks Like - Hyperledger
This initiative is intended to define, in the context of test results and vaccination records for opening up borders for travel and commerce, a high bar for implementations of identity and credentialing systems to meet with regards to privacy, ethics and portability. They will also work with the implementers of such systems to converge towards common standards and governance.
DID Method Onion Specification
🧅 part of the torgap technology family
DIDs that target a distributed ledger face significant practical challenges in bootstrapping enough meaningful trusted data around identities to incentivize mass adoption. We propose using a new DID method that allows them to bootstrap trust using a Tor Hidden Service's existing reputation.
we'd like to review more with our community how close we want to keep
did:onion
todid:web
, and if we want to incorporate some elements ofdid:peer
or KERI or to leverage services like Open Time Stamps.
Torgap architecture & products
Torgap is the Blockchain Commons security and privacy architecture model for creating gaps between connected apps and microservices. It supports privacy, service anonymity, identity psuedonymity, non-correlation, censorship-resistance, and seperation-of-interests and reduces single-points-of-failure. This emerging architecture is supported by QuickConnect and Blockchain Commons' Gordian system, while our Airgapped Wallet community and our research papers are charting its future.
PodCasts
Self-Sovereign Identity Authors Alex Preukschat & Shannon Appelcline Discussing
Decentralized digital identity and verifiable credentials explain what Self-Sovereign Identity (SSI) is, why it’s important, and provide examples of practical applications for individuals and organizations.
Kaliya appeared on the Mint and Burn
An academic nerdy podcast, out of RMIT, Australia
Episode 6: 'Digital Identity & Blockchain' with Kaliya Young, Prof. Jason Potts, & Prof. Ellie Rennie
PSA Today #33: Kaliya & Seth talk Synthetic Data with Harry Keen, CEO and co-founder of Hazy.com
Originally a UCL AI spin out, London-based Hazy was initially incubated by Post Urban Ventures and CyLon cybersecurity accelerator. Our startup began trying to fix the flaws of traditional data redaction and then data anonymisation. We soon discovered anonymised data will always pose a risk to re-identification.
NOT SSI BUT IDENTITY
The OpenID Foundation (OIDF), the international standards development organization which maintains the OpenID Connect for Identity Assurance (OIDC4IDA) standard, and the Japanese Government’s Ministry of Economy, Trade and Industry (METI) have signed a liaison agreement to work together.
Under the agreement, METI will lead policy efforts to implement identity assurance frameworks for legal entities in Japanese Government and private sector while the OIDF’s eKYC & Identity Assurance (eKYC & IDA) Working Group continues to advance the technical standards that enable many digital identity solutions. The agreement:
Provides a mechanism to collaborate “about Authentication and Identity Assurance for Legal Entity”, mutually approved white papers, workshops, podcasts and other outreach activities;
Allows participation of each party’s staff and members in the other party’s meetings, as mutually agreed;
Provides for direct communications to communicate (without obligation and only to the extent each party chooses) about new work and upcoming meetings;
Supports common goals, including where appropriate and mutually agreed, to Specifications of Authentication and Identity Assurance for Legal Entity.
2021 OpenID Foundation Board Update
Nat Sakimura and John Bradley were re-elected to new two-year terms as community member representatives. Nat and John’s well-known technical expertise and global thought leadership ensures continuity across working groups and as the Foundation transitions to new leadership in 2021.
What's New in Passwordless Standards, 2021 edition! (Microsoft)
The Web Authentication API (WebAuthn) Level 2 specification is currently a Candidate Recommendation at the W3C. "Level 2" essentially means major version number 2.
The version 2.1 of theClient to Authenticator Protocol (CTAP) specification is a Release Draft at the FIDO Alliance. This means the spec is in a public review period before final publication.
We think you might want to hear about what we think is especially fun about WebAuthn L2 and CTAP 2.1.
Identity Ownership and Security in the Wake of the Pandemic
Highlights from Ping Identity’s Andre Durand, and Richard Bird on an episode of Ping’s new podast Hello User
we explore how the pandemic has opened up an opportunity to shape the future of personal identity.
Takeaway #1: We digitized much of our economy during the pandemic but neglected one important aspect: identity.
Takeaway #2: Third parties have much more control over digital identity than individuals.
Takeaway #3: We’re on the cusp of a tectonic shift in the notion of digital identity.
Takeaway #4: The pandemic has accelerated the changes needed to shape the future of digital identity security.
Takeaway #5: Moving control of digital identity to the individual will dramatically change our current identity and access management systems.
Thanks for Reading
We’ll be back next week with the latest news and developments.
In the meantime, you can read previous issues, share and subscribe via newsletter.identosphere.net.
If you are interested in getting a corporate subscription please contact us.
We ask you to consider supporting this publication with a monthly contribution of your choice at https://patreon.com/identosphere.