Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy and the Edge
1. June 10, 2019 / ricardo@samsungnext.com
@ArgesRic
https://mastodon.social/@ricardojmendez/
Identity, Privacy and
the Edge
Ricardo J. Méndez
2. @argesric @samsungnext
• Give a small taxonomy of useful labels and categories;
• Walk you through what a layered conceptual model for identity could be like;
• Talk about the privacy implications for how we go about implementing things;
• Hopefully convince you that the closer to the edge we process things, the better
it is for the user…
• … but that the edge does not guarantee privacy.
Goals!
3. @argesric @samsungnext
●Justine Humenansky
●Ricardo J. Méndez
●Gus Warren
●David Crocker(BBW)
●WesleyDunnington (Ping Identity)
●JacobyThwaites (OnFido)
●PG, DJ, AL (*)
Work in progress…
Samsung NEXT Internet Identity Workshop XXVIII
* Didn’t hear back about naming them.
Privacy and GDPR, y’all!
8. @argesric @samsungnext
• Specific details about an individual.
• Personally-identifying information, such as:
• Your name…
• Username/password pairs…
• Shipping addresses…
• Phone and passport numbers.
• Facts are involved in verification and authentication.
Facts
12. @argesric @samsungnext
• Characteristics emerge from your daily activities, can be scried from the data
exhaust:
• Personal interests, tastes, habits;
• What you avoid;
• How you react to things;
• Can change through the years;
Characteristics are unstructured
17. @argesric @samsungnext
Layer Name Description Examples
7 Application
User- or system-levelflow sthat involve identities and other
systems
Sign-in account recovery, payment, w allet app on smartphone
6 Workflow
Protocol flow s between connected identities only (external
choreography)
DID routing (cf. Sam's talk), REST over TCP/IP, SMS & associated data
formats/ encryption
5 Transaction
How runtime capabilities of an identity are defined and
invoked (internal orchestration)
Retrieval of attributes including PII, derived PII and their computation,
attestations, plug-in capabilities
4 Connection
How identities accept connections fromother identities and
systems
Evernym w allet connection w ith verifier, REST endpoint, DNS janedoe.me
3 Reference How an identity is referenced externally foo@bar.com, did:foo:bar, +1650112332, Evernym connection, QR Code
2 Validation What trust systemvalidates an identity ICANN, Bitcoin, PKI, self-signed certs
* WIP. Created during two sessions at the MV Internet Identity Workshop, May2019
7-Layer Conceptual Model of Identity*
18. @argesric @samsungnext
Layer Name Description Examples
7 Application
User- or system-levelflow sthat involve identities and other
systems
Sign-in account recovery, payment, w allet app on smartphone
6 Workflow
Protocol flow s between connected identities only (external
choreography)
DID routing (cf. Sam's talk), REST over TCP/IP, SMS & associated data
formats/ encryption
5 Transaction
How runtime capabilities of an identity are defined and
invoked (internal orchestration)
Retrieval of attributes including PII, derived PII and their computation,
attestations, plug-in capabilities
4 Connection
How identities accept connections fromother identities and
systems
Evernym w allet connection w ith verifier, REST endpoint, DNS janedoe.me
3 Reference How an identity is referenced externally foo@bar.com, did:foo:bar, +1650112332, Evernym connection, QR Code
2 Validation What trust systemvalidates an identity ICANN, Bitcoin, PKI, self-signed certs
7-Layer Conceptual Model of Identity*
* WIP. Created during two sessions at the MV Internet Identity Workshop, May2019
19. @argesric @samsungnext
Layer Name Description Examples
7 Application
User- or system-levelflow sthat involve identities and other
systems
Sign-in account recovery, payment, w allet app on smartphone
6 Workflow
Protocol flow s between connected identities only (external
choreography)
DID routing (cf. Sam's talk), REST over TCP/IP, SMS & associated data
formats/ encryption
5 Transaction
How runtime capabilities of an identity are defined and
invoked (internal orchestration)
Retrieval of attributes including PII, derived PII and their computation,
attestations, plug-in capabilities
4 Connection
How identities accept connections fromother identities and
systems
Evernym w allet connection w ith verifier, REST endpoint, DNS janedoe.me
3 Reference How an identity is referenced externally foo@bar.com, did:foo:bar, +1650112332, Evernym connection, QR Code
2 Validation What trust systemvalidates an identity ICANN, Bitcoin, PKI, self-signed certs
7-Layer Conceptual Model of Identity*
* WIP. Created during two sessions at the MV Internet Identity Workshop, May2019
20. @argesric @samsungnext
Layer Name Description Examples
7 Application
User- or system-levelflow sthat involve identities and other
systems
Sign-in account recovery, payment, w allet app on smartphone
6 Workflow
Protocol flow s between connected identities only (external
choreography)
DID routing (cf. Sam's talk), REST over TCP/IP, SMS & associated data
formats/ encryption
5 Transaction
How runtime capabilities of an identity are defined and
invoked (internal orchestration)
Retrieval of attributes including PII, derived PII and their computation,
attestations, plug-in capabilities
4 Connection
How identities accept connections fromother identities and
systems
Evernym w allet connection w ith verifier, REST endpoint, DNS janedoe.me
3 Reference How an identity is referenced externally foo@bar.com, did:foo:bar, +1650112332, Evernym connection, QR Code
2 Validation What trust systemvalidates an identity ICANN, Bitcoin, PKI, self-signed certs
7-Layer Conceptual Model of Identity*
* WIP. Created during two sessions at the MV Internet Identity Workshop, May2019
21. @argesric @samsungnext
Layer Name Description Examples
7 Application
User- or system-levelflow sthat involve identities and other
systems
Sign-in account recovery, payment, w allet app on smartphone
6 Workflow
Protocol flow s between connected identities only (external
choreography)
DID routing (cf. Sam's talk), REST over TCP/IP, SMS & associated data
formats/ encryption
5 Transaction
How runtime capabilities of an identity are defined and
invoked (internal orchestration)
Retrieval of attributes including PII, derived PII and their computation,
attestations, plug-in capabilities
4 Connection
How identities accept connections fromother identities and
systems
Evernym w allet connection w ith verifier, REST endpoint, DNS janedoe.me
3 Reference How an identity is referenced externally foo@bar.com, did:foo:bar, +1650112332, Evernym connection, QR Code
2 Validation What trust systemvalidates an identity ICANN, Bitcoin, PKI, self-signed certs
7-Layer Conceptual Model of Identity*
* WIP. Created during two sessions at the MV Internet Identity Workshop, May2019
28. @argesric @samsungnext
• If you trust…
• Their pinky-swear promise of not being evil;
• They will properly implement controls so that no employees can abuse their
power;
• They are infallible engineers whose data will never leak;
• Not like, say, people who keep passwords in cleartext…
• … for over 14 years. *
• Then that’s fine, I guess.
Pinky-swear privacy involves trust
* https://www.businessinsider.com/google-g-suite-passwords-stored-plaintext-2019-5
30. @argesric @samsungnext
• I am online usually in a specific time zone,
• Which IP addresses my connections come from,
• That I got served ads that skew towards movies and anime,
• That I click on ads about cat food every 3-4 weeks,
• That I never click on ads about nearby KFCs.
Encryption != Privacy
Five data points…
33. @argesric @samsungnext
Facebook announced a $3-5Bn fine.
Their valuation shot up by $40Bn.
https://www.washingtonpost.com/technology/2019/04/24/facebook-sets-aside-billions-dollars-potential-ftc-fine/
34. @argesric @samsungnext
• Regulation and fines aren't going to get us out of this mess;
• People won't leave because of scandals or screw-ups (or they'd have done it
already);
• People won't switch because your solution is more ethical - we already have
those, and people don't use them.
If you’re working on identity
37. @argesric @samsungnext
“Government must come to be
the place where the most basic
online identity will be grounded
in the long term.”
Jaron Lanier, Who Owns the Future?
39. @argesric @samsungnext
Online identity must be self-
sovereign.
Christopher Allen, The Path to Self-sovereign Identity
https://www.lifewithalacrity.com/2016/04/the-path-to-self-soverereign-identity.html