The Domains of Identity & Self-Sovereign Identity MyData 2018

Kaliya Young
Self-Sovereign Identity
Domains of Identity
+
@ Aug 29, 2018
This presentation includes
slides from the following
Community members:
* Drummond Reed
* Manu Sporny
* Timothy Ruff
* John Jordan & BC Team

Kaliya Young
Domains of Identity
+
@ Aug 29, 2018
1. The MyData —> Identity Connection
2. How did I begin in Identity?
3. The Domains of Identity - My Masters Report
4. An Overview of Self-Sovereign Identity
5. Conclusion —> Creating Alignment

Identity is
socially constructed
& contextual

Who you see
yourself to be.
Who you preset
yourself to be.
How you are
seen.

Groups
Identity Contexts Are Social
with People Family
https://www.flickr.com/photos/houseoflim/409869608https://www.flickr.com/photos/twiga_swala/2286910386/ https://www.flickr.com/photos/genista/346236490/

Identity Contexts are also
Institutional Organizational
https://www.ﬂickr.com/photos/tomsaint/33022263665 https://www.ﬂickr.com/photos/usdagov/9583705941/

Increasingly Contexts
Involve Devices
https://www.ﬂickr.com/photos/medithit/41538066141

Key aspects of “identity” in these
contexts are the identiﬁers that
come with those contexts.

Sports Association Number
Identiﬁers of many types
Student Numbers
Customer Numbers
Airline Points numbers
Patient Numbers
Government ID Number
Passport
Names

In the Digital World we have
even more identiﬁers.

…in someone else’s name space
ORGYOU
Account

They can be your “Identity Provider”
ORGIDPYOU

MYURL.COM
…but we really rent them…
some identiﬁers we can pick…

#…and we rent our
phone numbers

There are no digital identiﬁers
we really own.

Without control of our identiﬁers
we can’t have control
over our personal data.
How do we own our own digital
identiﬁers?
The quest for this is one I have
been on for 15 years

Global Ecology and
Information Technology
2000
The Link Tank

Building Identity and
Trust into the Next
Generation Internet

Underlying this report is the
assumption that every individual ought
to have the right to control his or
her own online identity. You should be
able to decide what information about
yourself is collected as part of your
digital profile, and of that
information, who has access to
different aspects of it.

Certainly, you should be able to read
the complete contents of your own
digital profile at any time. An online
identity should be maintained as a
capability that gives the user many
forms of control. Without flexible
access and control, trust in the
system of federated network identity
will be minimal.

A digital profile is not treated [by
corporations who host them] as the
formal extension of the person it
represents. But if this crucial data
about you is not owned by you, what
right do you have to manage its use?
A civil society approach to persistent
identity is a cornerstone of the
Augmented Social Network project.

Organizations would have identities
People would have identities
OPEN STANDARDS FOR IDENTIFIERS & DATA EXCHANGE

They would be able to connect on their own terms
Each being ﬁrst class nodes on the network.

Internet Identity Workshop 2005

First I need to share the
Domains of Identity

Its Everyone,
Everywhere
https://www.ﬂickr.com/photos/nasamarshall/3945024874

Master of Science in
Identity Management
and Security
Identity and Security Class

Master of Science in
Identity Management
and Security
What are all the diﬀerent
places that PII ends
up in databases?

1. Me and My Identity
User-Centric Digital Identity

Indie Web Eﬀorts

Quantiﬁed Self Movement

2. You and My Identity
Delegated Relationships

These are the source of data in the
interactions with the next 12 domains.

2
1 REGISTRATION
IDENTIFICATION
Government Registration
3. Government Registration

Government Transactions
2
1 IDENTIFICATION
SERVICES
4. Government Transactions

Civil Society
Health Care
Education Union Membership
Religious Institutions
Sports Teams
Civic Participation
Professional

Associations

2
1 REGISTRATION
CREDENTIALS
Civil Society Registration
5. Civil Society Registration

Civil Society Transactions
CREDENTIALS
SERVICES
1
2
6. Civil Society Transaction

Commercial Registration
2
1
REGISTRATION
CREDENTIALS
7. Commercial Registration

Commercial Transactions
1
CREDENTIALS
GOODS & SERVICES
2
3
PAYMENT
8. Commercial Transaction

1
2
4
3
Employment Registration
APPLICATION
CREDENTIALS
ENROLLMENT
12. Employment Registration

1
2
3
Employment Transaction
WORK TRANSACTION
CREDENTIALS
13. Employment Transactions

1) Voluntary Known
Surveillance

1) Voluntary Known
2) Involuntary Known
Surveillance

Surveillance
1) Voluntary Known
2) Involuntary Known
3) Involuntary Unknown

Government Surveillance
9. Government Surveillance

Civial Society Surveillance
10. Civil Society Surveillance

Commercial Surveillance
11. Commercial Surveillance

Employment Surveillance
WORK
14. Employment Surveillance

15. Data Broker Industry
1
2
3
DATA
PUBLIC DATA
DIGITAL DOSSIERS
DA
T
A
DATA
4
6
5
5

Surveillance
Sousveillance
Sousveillance

Self-Sovereign
Identity
Domains of 
Identity
https://medium.com/evernym/the-three-models-of-digital-identity-relationships-ca0727cb5186

ISSUER WALLET VERIFIER
Shared Ledger or other Immutable Data Store
Agent/Hub
PEERYOU

Decentralized IDentiﬁer - DID
did:sov:3k9dg356wdcj5gf2k9bw8kfg7a
Method
Scheme
Method-Specific Identifier
Slide credit: Drummond Reed, Sovrin Foundation

047d599d4521480d9e1919481b024f29d2693f2
72d19473dbef971d7d529f6e9
Private 
Key
Public
Key
cc2cd0ffde594d278c2d9b432f4748506a7f9f2
5141e485eb84bc188382019b6

047d599d4521480d9e1919481b024f29d2693f2
72d19473dbef971d7d529f6e9
Private 
Key
Public
Key
cc2cd0ffde594d278c2d9b432f4748506a7f9f2
5141e485eb84bc188382019b6
HELD IN A WALLET

{ “Key”: “Value” }
DID
Decentralized
Identifier
DID Document
JSON-LD document
describing the
entity identified by
the DID

1. DID (for self-description)
2. Set of public keys (for verification)
3. Set of auth protocols (for authentication)
4. Set of service endpoints (for interaction)
5. Timestamp (for audit history)
6. Signature (for integrity)
!88
The standard elements of a DID doc

Example DID Document (Part 1)
!89
{
"@context": "https://w3id.org/did/v1",
"id": "did:example:123456789abcdefghi",
"publicKey": [{
"id": "did:example:123456789abcdefghi#keys-1",
"type": "RsaSigningKey2018",
"owner": "did:example:123456789abcdefghi",
"publicKeyPem": "-----BEGIN PUBLIC KEY...END PUBLIC KEY-----rn"
}],
"authentication": [{
"type": "RsaSignatureAuthentication2018",
"publicKey": "did:example:123456789abcdefghi#keys-1"
}],
"service": [{
"type": "ExampleService",
"serviceEndpoint": "https://example.com/endpoint/8377464"
}],

Example DID Document (Part 2)
!90
"created": "2002-10-10T17:00:00Z",
"updated": "2016-10-17T02:41:00Z",
"signature": {
"type": "RsaSignature2016",
"created": "2016-02-08T16:02:20Z",
"creator": "did:sov:8uQhQMGzWxR8vw5P3UWH1j#key/1",
"signatureValue": "IOmA4R7TfhkYTYW87z640O3GYFldw0
yqie9Wl1kZ5OBYNAKOwG5uOsPRK8/2C4STOWF+83cMcbZ3CBMq2/
gi25s="
}
}

Agent/Hub
Shared Ledgers
BTCR IPFS

!92
Method DID prefix
Sovrin did:sov:
Bitcoin Reference did:btcr:
Ethereum uPort did:uport:
Blockstack did:stack:
Veres One did:v1:
IPFS did:ipld:
Active DID Method Specs

1. The syntax of the method-specific identifier
2. Any method-specific elements of a  
DID document
3. The CRUD (Create, Read, Update, Delete)
operations on DIDs and DID documents for
the target system
!93
A DID Method spec defines…

Agent/Hub
S
Identiﬁer Owners
Edge Layer
Cloud Layer
Agent/HubAgent/Hub
WALLET WALLET
IPFS
BTCR
Secure Communication Channel with PKI

Who cares about really long numbers?

HOLDERHOLDER VERIFIERVERIFIER
When a credential is shown to a veriﬁer with a
proof of ID, veriﬁcation is highly fallible.

Fancy print gimmicks might make a credential seem
authentic but these are easy to forge these days.

How do you know its true?
Without…
THE CENTRALIZED DATABASE

Veriﬁcation systems
are overly complex …
PORTAL
and create
privacy problem.

Agent/Hub

A Verifiable Credential has a standard format.
110
Slide credit: Manu Sporny Veres One

No PII
ends up on the shared ledgers

2
1
REGISTRATION
IDENTIFICATION
GovernmentRegistration
3.GovernmentRegistration
WALLET
Agent/Hub

GovernmentTransactions
2
1
IDENTIFICATION
SERVICES
4.GovernmentTransactions
2
1
REGISTRATION
IDENTIFICATION
WALLET
Agent/Hub

2
1
IDENTIFICATION
SERVICES
2
1
REGIST
RATION
CRED
ENTIALS
CivilSociety
Registration
2
1
REGISTRATION
IDENTIFICATION
5.CivilSocietyRegistration
WALLET
Agent/Hub

2
1
IDENTIFICATION
SERVICES
CivilSocietyTransactions
CRED
ENTIALS
SERVICES1
2
2
1
REGIST
RATION
CRED
ENTIALS
CivilSociety
Registration
2
1
REGISTRATION
IDENTIFICATION
WALLET
Agent/Hub

2
1
IDENTIFICATION
SERVICES
CRED
ENTIALS
SERVICES1
2
2
1
REGIST
RATION
CRED
ENTIALS
CivilSociety
Registration
1
2
4
3
APPLICATION
CREDENTIALS
ENROLLMENT
2
1
REGISTRATION
IDENTIFICATION
13.EmploymentRegistration
WALLET
Agent/Hub

2
1
IDENTIFICATION
SERVICES
CRED
ENTIALS
SERVICES1
2
1
2
3
Em
ploym
entTransaction
WORKTRANSAC
TION
CREDENTIA
LS
2
1
REGIST
RATION
CRED
ENTIALS
CivilSociety
Registration
1
2
4
3
APPLICATION
CREDENTIALS
ENROLLMENT
2
1
REGISTRATION
IDENTIFICATION
WALLET
Agent/Hub

2
1
IDENTIFICATION
SERVICES
CRED
ENTIALS
SERVICES1
2
1
2
3
Em
ploym
entTransaction
WORKTRANSAC
TION
CREDENTIA
LS
2
1
REGIST
RATION
CRED
ENTIALS
CivilSociety
Registration
1
2
4
3
APPLICATION
CREDENTIALS
ENROLLMENT
2
1
REGISTRATION
IDENTIFICATION
CommercialRegistration
2
1
REGISTRATION
CREDENTIA
LS
7.Com
m
ercialRegistration
WALLET
Agent/Hub

2
1
IDENTIFICATION
SERVICES
CRED
ENTIALS
SERVICES1
2
Commercial Transactions
1
CRE
D
ENTIALS
GOODS & SERVICE
S
2
3
PAYM
ENT
8.Com
m
ercialTransaction
1
2
3
Em
ploym
entTransaction
WORKTRANSAC
TION
CREDENTIA
LS
2
1
REGIST
RATION
CRED
ENTIALS
CivilSociety
Registration
1
2
4
3
APPLICATION
CREDENTIALS
ENROLLMENT
2
1
REGISTRATION
IDENTIFICATION
CommercialRegistration
2
1
REGISTRATION
CREDENTIA
LS
7.Com
m
ercialRegistration
WALLET
Agent/Hub

Agent/Hub
PEERYOU

Individuals have their own Identities

Veriﬁable Organizations Network

Paper documents are cumbersome as
proof of legal compliance and permission.
REGISTERED
PERATING
PERMIT QUALIFICATION
Certificate of
PERMIT
en
CONFIRMATION
LETTER
REGISTERED
PERATING
PERMIT QUALIFICATION
Certificate of
PERMIT
en
CONFIRMATION
LETTER

PROVINCE
INCORPORATION
REGIONAL HEALTH
AUTHORITY
PERMIT
MUNICIPALITY
BUSINESS
LICENSE
Mary requires a variety of documents
in order to establish her bakery.
Some requirements are not obvious,
so she’ll have to do her homework.

This journey involves
multiple sources …
PROVINCE
INCORPORATION
REGIONAL HEALTHAUTHORITY
PERMIT
MUNICIPALITY
BUSINESS
LICENSE
… and modes of
service delivery.

STEP 12
All of this activity
is a major burden
for all involved.

What if … businesses could provide verifiable proofs
about qualifications when transacting online?
Mary owns this proof-of status for her business
Certificate
issued
Certificate
shared
Certificate
verified

The credential deﬁnition is created and published
on the blockchain (ledger) by an issuer.
DEFINITIONDEFINITION LEDGERLEDGERISSUERISSUER

Open registry of
decentralized identiﬁers.
PERMIT
ISSUERS
HOLDER
VERIFIERS

We have a chicken-or-egg dilemma.
How do we kickstart one side of the market?

What can services plug into to get things rolling?

Welcome to
British Columbia’s
veriﬁable organizations.
search
TheOrgBook ﬁlls that role and unlocks
the hidden value of BC Registries data.
Registration, permit, and license services
can plug into incorporated businesses.

Welcome to
British Columbia’s
veriﬁable organizations.
search
Digitally signed and sealed veriﬁable claims
A global, open
blockchain
registry

MARY OLIVIERA
The new enrollment experience
is more convenient …
… with a global, open
blockchain registry.

Mary can own her proof-of-status and
store them in her digital wallet …
… which opens up more
service possibilities …

A decentralized veriﬁable credential is carried by
the holder on a smart phone or other computing
device.
The phone does
a lot of the work
as the holder’s
agent.

Organizations now have identities

People now have identities

People now have identities
OPEN STANDARDS FOR IDENTIFIERS & DATA EXCHANGE

Protocol is a language that regulates ﬂow,
directs netspace, codes relationships, and
connects life forms. It is etiquette for
autonomous agents. -Alexander Gallway, Protocol

We must make it right.
We must make it happen.
…but who is we?
…and how do we do it?

Decentralized

Identity

Foundation
We is….

We must Practice Systems Leadership

Phase 1:

See the Larger System

Have an Ecosystem Map
^
upto date

Phase 1:

Phase 2:

Reﬂective and Generative
Conversation

EMPLOY Systems Leaders
Build Self-Organizing Capacity
We must
Hire good community “managers”catalysts

Phase 1:

Phase 2:

Reﬂective and Generative
Conversation
Phase 3:

Co-Create the Future

Coordinate development of
common building blocks:
Code, Infrastructure, Protocols….
Ship Interoperable Products

Coordinate development of
common building blocks:
Code, Infrastructure, Protocols….
Ship Interoperable Products
Work towards alignment,
not control.

Ask and listen ﬁrst.
Write it down.
Put a stake in the ground.
Create real-time feedback loops.
What does it take to Build Alignment?
Remind each other what we’re doing and why.

Alignment is a process.
We must set our expectations
accordingly, and celebrate
each victory along the way.

We will make it right.
We will make it happen.
Together!

ssiscoop.com
Kaliya Young
identitywoman.net
Internet Identity Workshop

The Domains of Identity & Self-Sovereign Identity MyData 2018

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to The Domains of Identity & Self-Sovereign Identity MyData 2018

Similar to The Domains of Identity & Self-Sovereign Identity MyData 2018 (20)

More from Kaliya "Identity Woman" Young

More from Kaliya "Identity Woman" Young (16)

Recently uploaded

Recently uploaded (20)

The Domains of Identity & Self-Sovereign Identity MyData 2018