2. • Heather Vescent, @heathervescent
CEO, The Purple Tornado & Author of Comprehensive Guide to SSI
• Karyl Fowler, @TheKaryl
CEO, Transmute
• Lucas Tétreault, @Ltetreault
VP, R&D Vivvo
Who are we?
+ How we got into Decentralized Identity
4. The Vision: A Global Digital Rail
• Technology standards for interoperability
• Trans-National, goes beyond borders
• Governments supported development of new infrastructure by
private sector
• Government of Canada
• DHS investments
• Citizens access Government services without being tracked or
correlated
• Identity issuance and verification
• Digitally native identity and credentials
• What else is possible?
12. Today’s problems
• Data collected to create detailed profiles
• User doesn’t own data or decides how it’s used
• Difficult to delegate access and share data
• Users can’t control how their data is secured
(or how notified if there is a breach)
• + UN/PW databases are an attack surface
21. Interoperable standards to
implement a common
technology stack.
• DID Spec
• DID Methods
• Universal Resolver
• DID Auth
• Verifiable Credentials
Standards & Specs
22. What is a Decentralized Identifier?
• New type of identifier for verifiable, "self-sovereign" digital identity
• Fully under the control of the DID subject, enabling independence
from any specific:
– centralized registry
– identity provider
– certificate authority
• URL enabling trustable interactions with DID subject
23. DIDs resolve to DID Documents
• DIDs resolve to DID Documents
• DID Documents contain verification methods and service endpoints for interacting with
the DID subject
• A verification method is a way of verifying a particular type of DID interaction, such as:
– Performing authentication
– Secure service endpoint
30. DID Methods
Active DID Method Specs
Method DID Prefix
Bitcoin did:btcr
Blockstack did:stack
Element - Sidetree did:elem
Ethereum uPort did:ethr
Github DID did:github
IPFS did:ipld
Sovrin did:soc
Veres One did:v1
31. • Syntax
• CRUD (Create, Read, Update, Delete) operations
• Applies to DIDs and DID documents
• Specifies distributed ledger (or blockchain)
• Any method-specific elements
DID Method Spec Defines
32. • Different use cases
• Different capabilities
• Different economic model
Results in different
implementation choices
~25 Different registered DID Methods
on a different ledgers
• Ethereum, Bitcoin
• IPFS
• Fit-for-purpose: Sovrin, Veres One
• No blockchain: Github DID
• Ledger agnostic + scalable:
Sidetree (Element, ION)
• Thought experiments
DID Methods
41. GitHub DID
BLOCKCHAIN NOT REQUIRED
41
• Development tool for working with DIDs that
leverages, github for easy setup without the need
to run a ledger.
• Supports fast development of DID Verifiable
credentials, and new signature suites
• Supports a CLI, Web App, API and standard
Library Providing useful templates for getting
started with DIDs.
• Supports OpenPGP Signature Suite, enabling
integration with Yubikey, and legacy mail systems
that use OpenPGP / GPG.
• Interest from GitHub and HyperLedger for use in
interoperable documentation.
• Supports demo’s for sign, verify, encrypt and
decrypt with DIDs.
• Supports a standard wallet file, with
interoperability with Element and Transmute ID.
42. Interop Project
TRANSMUTE LEADS THE
42
• Demonstrate Interoperability across DID
Methods, Websites, Agents, Hubs, Identity
Wallets and Verifiable Credentials
• Provides insight into gaps and opportunities for
partnership in the ecosystem.
• Transmute is the leader of this initiative, and
assists the working groups in providing clarity
around interoperability.
44. OUR PROBLEM
44
The Enterprise Identity Crisis
describes today’s environment where
as companies grow, their risk grows
disproportionately.
45. Collaborate Without Compromise
Transmute ID integrates with your existing infrastructure, grows with your business
and minimizes friction between you and your customers – the fastest path to new
revenue.
45
THE SSI-ENABLED ENTERPRISE
46. THE SOLUTION
Scalability of Cloud +
Security of Decentralized Public Key Cryptography
+ Automated Tracking on Blockchain
46
47. Enterprise IDP
Architecture
Transmute Workflow Engine: Open and Closed Source Components
Integrations
Enterprise Storage Decentralized Infrastructure
+ Add your
own
Major enterprise systems like… Major cloud providers like… Leading DLT solutions like…
+ Add you
own
+ Add your
own
47
49. FRAMEWORK FOR ADOPTION
1. Is selective disclosure or privacy a priority?
2. Is there high coordination burden?
3. Is traceability or auditability important?
Application Areas
Chains of Custody
Commercial + Defense Supply Chain Logistics
Cold Chain (pharma to agriculture)
Contract Management (Legal, HR, Real Estate)
Software
Data Infrastructure &
Governance_
Cloud roles + access management_
Microservices monitoring_
Telco
5G + IoT Enablement
Identity/Data-as-a-Service
Anti-Fraud (verification + roaming)
Healthcare_
Insurance + Billing_
Patient-centric data sharing + management_
49
50. LOGISTICS APPLICATION
Transmute ID combines the security advantages of user-
managed access and verified credentials to safely manage
identities across your enterprise ecosystem.
50
51. Kantara Initiative
PARTNERSHIPS
51
• Transmute engages with the
Kantara member network to
demonstrate implementations of
the mutual Consent Receipt
standard, which supports
emergent data and privacy
regulations like GDPR.
• Kantara’s Trust Services
Interoperability groups work “at
the intersection of digital identity,
personal data agency and
usability.”
CONSENT RECEIPT FLOW EXAMPLE
52. Ledger agnostic protocol for anchoring
batches of signed JSON Patch
Operations resulting in a DPKI CRDT.
Batching supports higher throughput &
lower cost, but paranoid users can still
anchor themselves.
Open Source Apache-2
Implementations for Bitcoin & Ethereum
supported by the Linux Foundation.
Sidetree Protocol
SCALABILITY
52
A javascript library implementing the
Sidetree Protocol on Ethereum and
IPFS.
Modular, portable and extendable with
support for both in browser (light client)
and full nodes (REST API).
Open Source Apache-2, Created by
Transmute, supported by Microsoft &
the Linux Foundation.
Scalable DPKI is the foundation of
enterprise security applications.
Element
S I D E T R E E
52
53. RESOLUTION
A kind of reverse anchoring:
ledger -> anchor -> batch -> operation
=> did document
Data Poisoning, Spam and Errors:
How do trusted nodes handle bad data?
Why resolve a DID?
Signature Verification, Service
Endpoints and the Future of SSI.
WALLET
Hardware, Mobile, Web, API, Trusted
Execution Environment?
JWS vs JSON-LD Signatures, the case
for JSON-LD.
Shamir, Recovery and Usability.
Not all keys need to be in the same
place!
57. Vivvo + SSI
• eGovernment platform that includes identity federation (SP and
IdP), identity proofing, consent and policy management, etc.
• Started hearing rumblings about SSI from Government of Canada
contacts in 2017
• Started investing in SSI in 2018 from a research perspective
• Came to IIW in the fall of 2018 with a pretty early prototype of DID-
Auth and collecting verifiable credentials in a wallet
58. SSI Use Case: Vivvo + ISED
Business Connect:
- In production with the province of
Saskatchewan since spring 2018
- Identity, business and relationship to
business proofing
- Access government services on behalf
of a business
63. Vivvo: What has worked well?
“I love the idea of authentication with my phone for all government services
not only for businesses.”
“I liked how the phone app notified me quickly about creating the
credentials in my digital wallet –it was almost instantaneous.”
“What I liked about the functionality tested - no remembering of usernames
and passcodes, information reusable with my consent, the digital wallet
concept.”
64. Vivvo: Industry Response
• Use of verified identity information on mobile device (i.e. digital wallet) is a
key enabler to easy and secure sharing of business identity among service
providers
• Need for common / standard technology platform to enable re-use of
verified identity information across digital identity providers and
applications.
• Need for education and paradigm shift to increase trust/confidence for
using mobile device for higher risk transactions.
• Perception that mobile device technology is not mature enough (at least in
North America) for digital wallet/payme
65. Vivvo: Outstanding Challenges
• did:vvo method backed by rest service / relational database
• Our PoC with ISED was more about passwordless auth and
portability of VCs than proving out a DID method and/or DLT
• We are betting big time on interoperability and standardization
68. Many Proof of Concepts
Proof of Concept Use Case Who’s Involved
VON Business Credentials British Columbia Government
CU Ledger Credit Union Banking
Security
Sovrin + Credit Union National
Association
Building Blocks Food Aid World Food Programme
(Syrian Refugee Aid)
Dutch Digital ID Digital ID TU Delft + Dutch Gov + Others
Walmart Supply Chain Food Supply Tracking Walmart + Hyperledger Fabric
TradeLens Shipping Shipping + Tracking IBM + Maersk
69. Novartis Pharmaceuticals
• Innovative Medicine Initiative Blockchain Enabled Healthcare
• Experimenting with DIDs & Verifiable Credentials since 2016
• Third party risk
– Qualified suppliers: environmental & labor practices + auditing
– IoT: temperature monitoring for data integrity
– Digitized documents: materials certifications, trade documents
• Sharing patient data
– Drug trials
– Patient experience w/ doctors, researchers, and companies
70. Government Support
• DHS SBIR & SVIP Grants
– Improve Supply Chain Management
– Combat Counterfeit Goods
• Canadian Government Innovation Challenge:
– https://www.ic.gc.ca/eic/site/101.nsf/eng/00068.html
Source: DHS Science and
Technology Directorate's
Testimony before the US House
of Representatives, May 8, 2018
72. SSI improves user experience
• Assert an identity or credential digitally
– Could be verified or not
• User collects, shares, controls their own data
– Fine toothed control, read, save, edit the data
– Share verified data anonymously
• Increases privacy, while enabling data sharing
73. SSI improves Business & Government
• Potential to reduce/eliminate database security risk
• More control over credentials issued, revocation
• Streamline onboarding, increase business efficiency
– Reduce fraud by confirming multiple data points
– Streamline confirmation of compliance data/documentation
• Increase trust of any verified data that must be shared
downstream
– Drug trials
– Compliance documents
– Provenance data
74. In conclusion
• Users control their identities & data
• Emerging technology for IoT identity
• Business opportunities for digitally native
credentials
• Opportunity to build interoperable infrastructure
• Many companies, governments & communities
are building & investing in it today
75. Resources
Guide to SSI: https://ssiscoop.com/
W3C Credentials Community Group
https://w3c-ccg.github.io/
W3C DID WG: https://www.w3.org/2019/did-wg/
DIF: http://identity.foundation/
IIW: https://www.internetidentityworkshop.com
SSI Meetup: http://ssimeetup.org
RWOT: https://www.weboftrust.info/