Self-Sovereign Identity technology has enormous potential to empower individuals and address privacy challenges globally. It uses shared ledgers (blockchain) to give individuals the power to create and manage their own identifiers, collect verified claims and interact with others on the network on their terms. This lighting talk by one of the pioneers working on this new emerging layer of the internet for 15 years will give a high level picture of how it works covering the core standards and technologies along with outlining some potential use-cases.
2. Long Time Ago in a Far Far away
Planetwork convened 50
Environmental Groups
at the Presidio in SF in1999
They asked how can we use the internet
to work together to solve
our environmentalcrises.
9. Underlying this report is the assumption that every individual ought
to have the right to control his or her own online identity. You should
be able to decide what information about yourself is collected as part
of your digital profile, and of that information, who has access to
different aspects of it. Certainly, you should be able to read the
complete contents of your own digital profile at any time. An online
identity should be maintained as a capability that gives the user many
forms of control. Without flexible access and control, trust in the
system of federated network identity will be minimal.
10. A digital profile is not treated [by corporations who host
them] as the formal extension of the person it represents.
But if this crucial data about you is not owned by you,
what right do you have to manage its use?
A civil society approach to persistent identity is a
cornerstone of the Augmented Social Network project.
37. 37
{ “Key”: “Value” }
DID
Decentralized
Identifier
DID Document
JSON-LD document
describing the
entity identified by
the DID
Slide credit: Drummond Reed, Sovrin Foundation
38. 1. DID (for self-description)
2. Set of public keys (for verification)
3. Set of auth protocols (for authentication)
4. Set of service endpoints (for interaction)
5. Timestamp (for audit history)
6. Signature (for integrity)
38
The standard elements of a DID doc
Slide credit: Drummond Reed, Sovrin Foundation
39. Where does it go?
How can I find it if its Decentralized?
41. 41
Method DID prefix
Sovrin did:sov:
Bitcoin Reference did:btcr:
Ethereum uPort did:uport:
Blockstack did:stack:
Veres One did:v1:
IPFS did:ipld:
Active DID Method Specs
Slide credit: Drummond Reed, Sovrin Foundation
42. 1. The syntax of the method-specific identifier
2. Any method-specific elements of a
DID document
3. The CRUD (Create, Read, Update, Delete)
operations on DIDs and DID documents for
the target system
42
A DID Method spec defines…
Slide credit: Drummond Reed, Sovrin Foundation
43. In summary, a DID is…
1. A permanent (persistent) identifier
– It never needs to change
2. A resolvable identifier
– You can look it up to get metadata
3. A cryptographically-verifiable identifier
– You can prove ownership using cryptography
4. A decentralized identifier
– No centralized registration authority is required
43Slide credit: Drummond Reed, Sovrin Foundation
55. The mission of the W3C Verifiable Claims Working Group:
Express credentials on the Web in
a way that is cryptographically
secure, privacy respecting, and
automatically verifiable.
Slide credit: Manu Sporny Veres One
57. Anatomy of a Verifiable Credential
Verifiable Credential
Issuer Signature
ClaimsClaimsClaims
Credential Identifier
Credential MetadataCredential MetadataCredential Metadata
57
Slide credit: Manu Sporny Veres One
58. Slide credit: Manu Sporny Veres One
Issuer
(Website)
Government, Employer,
etc.
Holder
(Digital Wallet /
Personal Data Store)
Citizen, Employee, etc.
Issue
Credentials
Verifiable Credentials Ecosystem
59. Slide credit: Manu Sporny Veres One
Issuer
(Website)
Government, Employer,
etc.
Verifier
(Website)
Company, Bank, etc.
Holder
(Digital Wallet /
Personal Data Store)
Citizen, Employee, etc.
Issue
Credentials
Present
Profiles
Verifiable Credentials Ecosystem
60. Slide credit: Manu Sporny Veres One
Decentralized Identifiers
(Identifiers are owned by individuals)
Issuer
(Website)
Government, Employer,
etc.
Verifier
(Website)
Company, Bank, etc.
Holder
(Digital Wallet /
Personal Data Store)
Citizen, Employee, etc.
Issue
Credentials
Present
Profiles
Verifiable Credentials Ecosystem
62. Slide credit: Manu Sporny Veres One
Decentralized Identifiers
(Identifiers are owned by individuals)
Blockchains / DHTs
(Decentralized Ledger)
Veres One, Sovrin, Bitcoin, Ethereum, etc.
Issuer
(Website)
Government, Employer,
etc.
Verifier
(Website)
Company, Bank, etc.
Holder
(Digital Wallet /
Personal Data Store)
Citizen, Employee, etc.
Issue
Credentials
Present
Profiles
Verifiable Credentials Ecosystem
67. 67
A simple standard way for a
DID owner to authenticate by
proving control of a
private key
DID Auth is…
Slide credit: Drummond Reed, Sovrin Foundation
68. DID Layer
The decentralized identity “stack”
Identity Owners
Cloud Layer
Cloud Wallet Cloud Wallet
Cloud Agent Cloud Agent
Edge Layer
Edge Wallet Edge Wallet
Edge Agent Edge Agent
DID Auth
Slide credit: Drummond Reed, Sovrin Foundation
71. Bitcoin,
Ethereum, IOTA,
Veres One
Permissionless Permissioned
Public
Private
Validation
Access
Hyperledger Sawtooth*
Sovrin,
IPDB
Hyperledger (Fabric,
Sawtooth, Iroha),
R3 Corda,
CU Ledger
Blockchain Types / Governance
* in permissionless mode
71Slide credit: Drummond Reed, Sovrin Foundation
72. Four Emerging Open Standards for SSI
DID (Decentralized Identifier)
DKMS (Decentralized Key Management
System)
DID Auth
Verifiable Credentials
Slide credit: Drummond Reed, Sovrin Foundation