The document discusses IBM's Trusted Identity solution for self-sovereign identity. It proposes establishing a decentralized identity network based on principles of user consent, privacy, and interoperability. This network would provide convenience and security for individuals, businesses, and governments by enabling trusted digital identity verification and management across domains. Technical components include decentralized identifiers (DIDs), verifiable credential schemas, and an open-source Sovrin identity framework using distributed ledger technology.
2. 2 5/21/18
Inclusive of principles from
• NIST's Trusted Identities Group
• A Blueprint for Digital Identity: The Role of Financial Institutions in Building
Digital Identity, World Economic Forum, 2016
• http://www.coindesk.com/path-self-sovereign-identity/
Key Elements of a Trusted Digital Identity Framework
• The user is the ultimate authority
over his/her identity (Self-Sovereign)
• Privacy-enhancing and voluntary
• Decentralized/Distributed Trust
• Trusted Identity for Individuals,
Enterprises and Things
• Open and flexible
• Interoperable and portable
• Viable and sustainable
3. 3 5/21/18
Trusted Digital Identity Network: Benefits
INDIVIDUALS BUSINESSES GOVERNMENTS
•Convenience and simplified
experience for identity
verification
•Full control and consent
over identity usage and monetization
•Reduced costs, and risk of data
breach/theft
•Efficient compliance
management and monitoring
•New revenue streams
•Rapid on-boarding
•Better personalized
customer services
•Distributed trust and increased
protection of identity data
•Reduced counterfeiting, alteration,
and theft
•Reduced risk and cost of identity
issuance and management
•Increased efficiency in compliance
control, monitoring, and quality
4. 4 5/21/18
Trusted Digital Identity Use Cases
The benefits of blockchain technology include almost everything from more secure
financial transactions, improved access to personal healthcare information, and
more efficient and effective government and private-sector services -
MIT Summit Commission For Enhancing National Security – July 2016
Know Your Customer
(KYC)
Government Identity for
citizens and services
Identity Verification Network
across Industries
6. Open Solution Architectures: Independent identity on
distributed ledgers
Hyperledger Indy is a distributed ledger purpose-built for decentralized
identity. It provides tools, libraries and reusable components for providing
independent digital identities rooted on blockchains or other distributed
ledgers so that they are interoperable across administrative domains,
applications, and any other “silo”.
18. Sovrin Claims
Real-time claims verification
– without direct connections to issuers
Revocable (anonymously)
▪ Multi-Issuer
– credit score + mortgage balance + income
▪ Predicates
– over 18: false vs. birthdate: 16 Jan 2001
Privacy-respecting
– Anonymous, Anti-correlation, Selective disclosure
19. What is written to the Ledger?
• Only uncorrelated data → Never PII
– When public ledgers are broken, they are broken forever
Types of data:
• Decentralized IDs
• Public keys
• Service Endpoints
• Accumulators and Anchoring Hashes
20. Sovrin Token
•Every exchange of verifiable claims reduces risk for the verifier
and reduces friction for the owner
•This reduction has value
•Sovrin Token provides a way to monetize this value by
supporting a flow either from verifiers to issuers—or indirectly
from verifiers to owners to issuers.
For example, your mobile carrier could help you prove
your location at any point in time—and be paid for it
21. Fully open architecture
Open Standards (under development)
W3C Decentralized ID
W3C Verifiable Claims
https://www.w3.org/TR/verifiable-claims-data-model/
Decentralized Key Management (DKMS) http://bit.ly/2FpQZJL
Open Source Projects
Decentralized Identity Foundation (DIF) http://identity.foundation
Hyperledger Indy https://github.com/hyperledger/indy-sdk
22. IBM Announcements / Participation
• DIF Member (http://identity.foundation)
• Sovrin Foundation Members (http://sovrin.org)
• Hyperledger Founding Member (Fabric and Indy)
• W3C Member
23. Recommended Reading
Sovrin White Paper – Published in January 2018
A Protocol and Token for Self-Sovereign Identity and
Decentralized Trust
https://sovrin.org/wp-content/uploads/Sovrin-Protocol-and-Token-White-Paper.pdf
25. Schemas and Semantics
Schemas can be published to the ledger for use in claims and
proofs as well as for supporting the extensible APIs of agents.
Allows the identity ledger to function as a marketplace for
semantic meaning and a basis for reputation combining
identity, schema and code.
26. DIDs (Decentralized Identifiers)
• DIDs are a new type of digital identifier
• DIDs were invented to enable a new type of long-term digital
identity that does not require centralized registry services
• DIDs can also be verified using cryptography, enabling a digital
“web of trust”
27. Schema and Service Discovery
Service endpoints with the DID Descriptors service block
API enumeration service at a well-known URL that responds
based on mutual authentication of DIDs
OpenAPI (fka Swagger) with an EventedAPI extension (based
on eventedapi spec) being defined and developed now.