Webinar: Identity and the quest for Self-Sovereign Identity
Daniel Hardman
Chief Architect Evernym and Secretary of the Technical Governance Board Sovrin Foundation
@dhh128
18 June 2018
SSIMeetup.org
SSIMeetup objectives
Alex Preukschat @SSIMeetup @AlexPreukschat
Coordinating Node SSIMeetup.org
18 June 2018
SSIMeetup.org
What is “identity”?
SSIMeetup.org
Aspects of Identity: Relationships
You are
who you know
Relationships
you
you to Acme as employee
you to UKGov as citizen
you to Bob as friend
you to Carol as sibling
From ideas first articulated by Jason Law (private communication).
SSIMeetup.org
Aspects of Identity: Attributes
You are
your data
Attributes
your credit history
your health records
your facts of birth
you
your education
From ideas first articulated by Jason Law (private communication).
SSIMeetup.org
Aspects of Identity: Agents
You are
your agents
Agents
your realtor
your iPhone app
your lawyer
you
your cloud service
From ideas first articulated by Jason Law (private communication).
SSIMeetup.org
You are
all of these
you
Relationships
Attributes
Agents
From ideas first articulated by Jason Law (private communication).
SSIMeetup.org
Who knows what about me?
you
Relationships
Attributes
relationship~attribute
Agents
From ideas first articulated by Jason Law (private communication).
SSIMeetup.org
you
Agents
Relationships
Attributes
agent~relationship
Which proxy represents me
where?
From ideas first articulated by Jason Law (private communication).
SSIMeetup.org
you
Agents
Relationships
Attributes
agent-attribute
Which proxy can share what about me?
From ideas first articulated by Jason Law (private communication).
SSIMeetup.org
What is “self-sovereign identity”?
Why is it decentralized?
SSIMeetup.org
Traditional / Siloed Identity (Centralized)
From ideas first articulated by Timothy Ruff; see http://bit.ly/2rB180M
SSIMeetup.org
Third-Party IDP (Federated)
From ideas first articulated by Timothy Ruff; see http://bit.ly/2rB180M
SSIMeetup.org
Decentralized
From ideas first articulated by Timothy Ruff; see http://bit.ly/2rB180M
SSIMeetup.org
Defining Characteristics of Self-Sovereign Identity
SSIMeetup.org
SSI (Decentralized+)
DKMS
SSIMeetup.org
Approaches to SSI
SSIMeetup.org
The Great Enabler
A source of truth not under central control, that all parties can trust. Can’t be gamed. Gives same answer to everyone. Anyone can write.
SSIMeetup.org
Different Ledgers, All Decentralized
public unpermissioned
Bitcoin, VeresOne
public permissioned
Sovrin (Indy)
private unpermissioned
Enterprise Ethereum Alliance
private permissioned
R3, CULedger
governed by code(rs)
governed by constitution
owned
championed
SSIMeetup.org
Unpermissioned -- Governed by Code(rs)
public unpermissioned
Bitcoin, VeresOne
public permissioned
Sovrin (Indy)
private unpermissioned
Enterprise Ethereum Alliance
private permissioned
R3, CULedger
governed by code(rs)
governed by constitution
owned
championed
Usually use proof of work -- an expensive, pre-agreed mathematical computation to prevent gaming system. Challenges = scale, latency, volatility of cryptocurrency, regulation.
SSIMeetup.org
Permissioned -- Governed by Constitution
public unpermissioned
Bitcoin, VeresOne
public permissioned
Sovrin (Indy)
private unpermissioned
Enterprise Ethereum Alliance
private permissioned
R3, CULedger
governed by code(rs)
governed by constitution
owned
championed
Consensus algorithm: faster, more scalable. May not be censorship-resistant. Can accommodate regulation--but what if you don’t like the constitution?
SSIMeetup.org
Challenges to Sovereignty - Control
SSIMeetup.org
Challenges to Sovereignty - Privacy
SSIMeetup.org
Challenges to Sovereignty - Regulation
SSIMeetup.org
More Challenges
Cost
Ease of Use
Divergent Standards
Indy = Independent Identity
SSIMeetup.org
What can you do with Indy?
To do this, all you need is an Indy client. You can build one for free with the Indy SDK.
SSIMeetup.org
Code
https://github.com/hyperledger/indy-sdk (for writing clients)
https://github.com/hyperledger/indy-node (the ledger code itself)
SSIMeetup.org
Instances of Indy
Sovrin Live Network
Sovrin Test Network
Your Own Network -- see http://bit.ly/indy-in-docker
Sovrin adds a formal, legal constitution, called a “Trust Framework”, to Indy. It is a global public utility for identity.
SSIMeetup.org
Artifacts
SSIMeetup.org
Appendix
SSIMeetup.org
Core Concept - DIDs
A DID (decentralized identifier) is like a uuid for your identity.
DIDs are 128-bit nums written in Base58: did:sov:AKRMugEbG3ez24K2xnqqrm
A DID is controlled by one or more Ed25519 pub/priv key pairs. Pub key is called a “verkey” (verification key); priv key is called a “signing key”.
DIDs can be created on many different blockchains; right now, Indy only supports Sovrin-style DIDs (would love PR for did:BTC, did:ETH, etc…)
More info: the DID spec at W3C (https://w3c-ccg.github.io/did-spec/) and here
case-sensitive
SSIMeetup.org
Core Concepts - Byzantine Consensus
Instead of proof of work, many nodes confer and reach consensus to prevent double-spend.
3f + 1 = total nodes, out of which f can be exhibiting faults
SSIMeetup.org
Core Concept - Ledger Roles
Most work on indy can be done by any identity, but a few operations are special:
In Sovrin, there is a trust framework that governs who can be a trustee or steward; requires signing pledge to support SSI principles. In your own indy network, you can assign these roles to anybody.
SSIMeetup.org
Core Concept - Genesis Transactions
SSIMeetup.org
Core Concept - Wallets
DIDs and their keys are stored in an identity wallet.
Identity wallets are like cryptocurrency wallets, but store additional types of data. More info here.
Indy SDK includes a default implementation of a wallet that works out of the box.
SSIMeetup.org
Safe handling of secrets in an API
photo by UNMEER
SSIMeetup.org
Core Concepts - Credentials
Credentials are JSON docs, digitally signed in a special way by an issuer.
Credentials can be used by their holder to generate cryptographic zero-knowledge proofs that can be checked by a verifier.
SSIMeetup.org
Submitting a Transaction to an Indy Ledger
SSIMeetup.org
Next Steps
Try the Getting Started Guide
Explore the How-Tos
Ask questions: #global-digital-id or #indy, or #indy-sdk on chat.hyperledger.org
Daniel Hardman, github @dhh1128, daniel.hardman@evernym.com
SSIMeetup.org
Gartner on Siloed Identity
“Organizations require these digital identities before they can offer their services or allow any access to their resources. It is common for people to lose track of their siloed digital identities or not even have the ability to control their identity profile in many of these organizations. Both people and organizations increasingly feel the pain, and learn that this model is neither scalable nor sustainable as the use of digital services become more pervasive.”
December 2017 Gartner report, Blockchain: Evolving Decentralized Identity Design
SSIMeetup.org
4 Trillion = Annual Cost of Fraud
https://www.croweclarkwhitehill.co.uk/wp-content/uploads/sites/2/2017/02/crowe-the-financial-cost-of-fraud-2017.pdf
SSIMeetup.org
Webinar: Identity and the quest for Self-Sovereign Identity
18 June 2018
SSIMeetup.org