Decentralized Identifiers


This post is by Phil Windley's Technometria from Phil Windley's Technometria


Click here to view on the original site: Original Post




Summary: Decentralized identifiers are one of the foundational ideas for supporting self-sovereign identity. This post describes how decentralized identifiers work.

Key and Label

Decentralized identifiers are one of several foundational technologies for building a metasystem for self-sovereign identity. I wrote about verifiable credentials and their exchange previously. Just like the Web required not only URLs, but also a specification for web page formats and how web pages could be formatted, self-sovereign identity needs DIDs, a protocol for creating DID-based relationships, and a specification and protocol for verifiable credential exchange.

Identifiers label things. Computer systems are full of identifiers. Variable names are identifiers. Usernames are identifiers. Filenames are identifiers. IP numbers are identifiers. Domain names are identifiers. Email addresses are identifiers. URLs are identifiers.1 Any time we use a unique (within some context) string to label something for quick reference, we're giving it an identifier. A computer system uses identifiers to correlate all

DID Syntax
Continue reading "Decentralized Identifiers"

The Laws of Identity


This post is by Phil Windley's Technometria from Phil Windley's Technometria


Click here to view on the original site: Original Post




Summary: In this post, I make a case that Sovrin not only conforms to Kim Cameron's Seven Laws of Identity, but constitutes the identity metasystem he envisioned in 2004.

Law Books

In 2005, Microsoft's Chief Identity Architect, Kim Cameron wrote an influential paper called The Laws of Identity (PDF). Kim had been talking about and formulating these laws in 2004 and throughout 2005. It's no coincidence that Internet Identity Workshop got started in 2005. Many people were talking about user-centric identity and developing ideas about how we might be able to create an identity layer for the Internet. Fifteen years later, we're still at it, but getting closer and closer all the time.

The Internet was created without any way to identify the people who used it. The Internet was a network of machines. Consequently, all the identity in Internet protocols is designed to identify machines and services. People used the Internet

Credential Flow for Alice Obtaining a Loan
Continue reading "The Laws of Identity"

Verifiable Credential Exchange


This post is by Phil Windley's Technometria from Phil Windley's Technometria


Click here to view on the original site: Original Post




Summary: Verifiable credential exchange is the foundation of decentralized, online identity. This post describes how it works.

I realized last week that I'd never explained verifiable credential exchange as a stand-alone topic—it was always buried in something else.

Multi-source identity (MSI) depends on issuing, exchanging, and verifying digital credentials. The specification for verifiable credentials is being formulated by the World Wide Web Consortium’s Verifiable Credentials Working Group. Verifiable credentials provide a standard way to express credentials in a way that is cryptographically secure, privacy respecting, and automatically verifiable.

Credentials are defined by their issuer in a credential definition. The credential definition links the public decentralized identifier (DID) of the issuer, the schema for the credential, and a revocation registry for the credential. The definition, public DID, schema, and revocation registry are all stored on a distributed ledger that is used for decentralized discovery. (See What Goes on the Ledger (PDF)

Credential Flow for Alice Obtaining a Loan
Continue reading "Verifiable Credential Exchange"

The Sovrin Ecosystem


This post is by Phil Windley's Technometria from Phil Windley's Technometria


Click here to view on the original site: Original Post




Summary: Sovrin is a vibrant ecosystem with many players. This post talks about the relationships of some of those players.

People often ask me how Sovrin relates to Evernym or Hyperledger Indy. It can be confusing, so I created a diagram that seems to help. First a few definitions:

  • Sovrin Foundation—The Sovrin Foundation is an international non-profit organization supporting self-sovereign identity through a global, decentralized network. I've discussed the Foundation, it's mission, and organization at some length in a previous blog post.
  • Evernym, Inc.—Evernym is a commercial software vendor that developed the initial technology for Sovrin and continues to be a large contributor to the open source code that Sovrin is based on.
  • Hyperledger Indy—Indy is one of the open source code projects in Hyperledger, an open source code effort sponsored by the Linux Foundation.
  • Sovrin Community—The community is the heart of what makes Sovrin work
    Relationship between Sovrin Foundation, Evernym, and Hyperledger
    Continue reading "The Sovrin Ecosystem"

Decentralization in Sovrin


This post is by Phil Windley's Technometria from Phil Windley's Technometria


Click here to view on the original site: Original Post




Summary: Sovrin is more than a ledger and its claim to being a decentralized identity system rests on more than that. Sovrin comprises three layers, each of which promotes and strengthens decentralization and self-sovereign identity. This post discusses each layer and the decentralized features that underpin it.

Queen and Attendents

Decentralized architectures require that care is taken in each component or layer to ensure that the resulting system will not contain hidden weaknesses. That doesn't just apply to the system itself, but also to the ways it is governed. And all decentralized systems are governed. The governing might be ad hoc or hidden, but it's there.

I've written a lot about distributed ledgers, Sovrin, governance, and decentralization over the past several years. Here's a partial list:

Multi-Source and Self-Sovereign Identity


This post is by Phil Windley's Technometria from Phil Windley's Technometria


Click here to view on the original site: Original Post




Summary: Self-sovereign identity is multi-source, but not all multi-source identity systems are self-sovereign. Self-sovereignty requires that people and organizations have control of their credentials and interact as peers.

A Wallet Holding Credentials

The world is full of credentials. Some, like a driving license, an employee ID card, a passport, or a university diploma are widely recognized as such. But many other things are also credentials: a store receipt, a boarding pass, or a credit score, for example. Credentials, designed properly, allow verifiable data to be employed in workflows without centralized hubs, point-to-point integrations, or real-time communication between the various players. Credentials enable decentralized, asynchronous workflows.

The Issuer/Holder/Verifier Trust Triangle
The Issuer/Holder/Verifier Trust Triangle

Multi-source identity (MSI) allows multiple credentials from multiple providers to be brought to bear, flexibly and conveniently, in a situation where trusted attestations are needed for the participants in a workflow to make progress. In MSI, there are three players: credential issuers, credential holders, and Continue reading "Multi-Source and Self-Sovereign Identity"

You’ve Had an Automobile Accident: Multi-Source Identity to the Rescue


This post is by Phil Windley's Technometria from Phil Windley's Technometria


Click here to view on the original site: Original Post




Summary: The real world is messy and unpredictable. Creating an identity system that is flexible enough to support the various ad hoc scenarios that the world presents us with can only be done using a decentralized system like Sovrin that allows multiple credentials from various authorities to be shared in the ways the scenario demands.

Car crash scene with police nobody hurt

Earlier I wrote about the idea of multi-source identity that allows multiple authorities to make assertions about people, organizations, and things that can be verified. Multi-source identity becomes self-sovereign identity when the individual is able to control those assertions and use them in a privacy-preserving manner whenever and where ever they want.

Recently Joe Andrieu gave a presentation about the role of multiple assertions in a real-life situation—an automobile accident. As I listened, I thought it was an excellent example because it showed clearly the power of being able to bring multiple, independent credentials to

Credential Uses in a Car Accident
Continue reading "You’ve Had an Automobile Accident: Multi-Source Identity to the Rescue"

The Sovrin Foundation


This post is by Phil Windley's Technometria from Phil Windley's Technometria


Click here to view on the original site: Original Post




Summary: This article describes the role that the Sovrin Foundation and associated groups play in governing, operating, and using the Sovrin Network. The Sovrin Network is designed and intended to be decentralized so understanding the key influence points and community groups is important.

Freifunk Mesh

In Decentralized Governance in Sovrin, I wrote:

The Sovrin Network is a global public utility for identity that we all own, collectively, just like we all own the Internet.

When I say Sovrin is "public," I mean that it is a public good that anyone can use so long as they adhere to the proper protocols, just like the Internet. Sovrin is created through the cooperation of many people and organizations. Enabling that cooperation requires more than luck. In Coherence and Decentralized Systems, I wrote:

Public spaces require coherence. Coherence in Sovrin springs from the ledger, the protocols, the trust framework, standards, and market incentives.

Continue reading "The Sovrin Foundation"

Exploring Self-Sovereign Identity in India


This post is by Phil Windley's Technometria from Phil Windley's Technometria


Click here to view on the original site: Original Post




Summary: I spent almost two weeks talking with people about self-sovereign identity in Switzerland and India. I'm more excouraged than ever that self-sovereign identity holds the key to real change in how we live our digital lives with security, privacy, and dignity.

Visiting a fertilizer distribution center near Vijayawada to see Aadhaar in action

I'm just finishing up my travel to Switzerland and India to talk about self-sovereign identity. The trip was amazing and full of interesting and important conversatons.

The TechCrunch event in Zug was very good. I was skeptical of a one-day conference with so much happening in a short time, but thanks to great preparation by those running the show and all the participants, it exceeded my expectations in every way. I spoke on a panel with Sam Cassatt of and Guy Zyskind from Enigma. Samantha Rosestein was the moderator.

But it was the conversations I had with people at the event that really made it interesting. Self-sovereign identity Continue reading "Exploring Self-Sovereign Identity in India"

Identity and India


This post is by Phil Windley's Technometria from Phil Windley's Technometria


Click here to view on the original site: Original Post




Summary: In July I'll be circling the globe to talk about self-sovereign identity and learn about how others are approaching and using it.

Aadhaar enrollment drive ar Bareilly, UP, India

The first half of July I'm going to be on the road speaking about self-sovereign identity in Switzerland and at two events in India. This is my first time in Switzerland and India, so I'm looking forward to the trip and meeting lots of interesting people.

The event in Zug is the TC Sessions: Blockchain 2018 event on July 6th. I'll be speaking on self-sovereign identity in an afternoon session.

There are two events the following week in India. The first is the IEEE-SA InDITA Conference in Bangalore on July 10-11. DITA stands for "Digital Inclusion through Trust and Agency" and I like that theme. The Internet Identity Workshop organizers, Kaliya Young, Doc Searls, Heidi Saul, and myself, are helping organize this event, so it will be Continue reading "Identity and India"

Multi-Source Identity


This post is by Phil Windley's Technometria from Phil Windley's Technometria


Click here to view on the original site: Original Post




Summary: Multi-source identity systems like Sovrin enabled richer digital identity transactions that mirror the decentralized, ad hoc nature of identity in the physical world.

Audio Mixer

In the physical world, people collect and manage identity credentials1 from various sources including governments, financial institutions, schools, businesses, family, colleagues, and friends. They also assert information themselves. These various credentials serve different purposes. People collect them and present them in various contexts. When presented, the credential verifier is free to determine whether to trust the credential or not.

Online, identity doesn't work that way. Online identity has traditionally been single-source and built for specific purposes. Online, various, so-called "identity providers" authenticate people using usernames and passwords and provide a fixed, usually limited set of attributes about the subject of the identity transaction. The identity information from these systems is usually used within a specific, limited context. Social login allows it to be used across Continue reading "Multi-Source Identity"

Coherence and Decentralized Systems


This post is by Phil Windley's Technometria from Phil Windley's Technometria


Click here to view on the original site: Original Post




Summary: Building decentralized systems requires more than defining a few specifications and hoping for the best. In order to thrive, decentralized systems need coherence, the social organization necessary to get otherwise independent actors to cooperate.

Coherence in Chaos

We take the Internet for granted, not realizing that such a global, decentralized system is a rare thing. Protocols, rightly, get credit, but they alone are insufficient. TCP/IP did not create the Internet. The Internet is not just a set of protocols, but rather a real thing. People and organizations created the Internet by hooking real hardware and communication lines together. To understand the importance of this, we need to understand what's necessary to create social systems like the Internet.

Social systems that are enduring, scalable, and generative require coherence among participants. Coherence allows us to manage complexity. Coherence is necessary for any group of people to cooperate. The coherence necessary to create the Internet Continue reading "Coherence and Decentralized Systems"

Building Your Business on Sovrin: Domain-Specific Trust Frameworks


This post is by Phil Windley's Technometria from Phil Windley's Technometria


Click here to view on the original site: Original Post




Summary: A domain-specific trust framework is a collection of policies, legal agreements and technologies that provides the context for claims in a given domain. Sovrin Foundation provides a structure and supporting systems for groups defining trust frameworks. This post describes how domain-specific trust frameworks function.

Working in a Framework

In Decentralized Governance in Sovrin, I described how the Sovrin Network is governed. The centerpiece of that discussion is the Sovrin Trust Framework. The trust framework serves as the constitution for Sovrin, laying out the principles upon which Sovrin is governed and the specific requirements for various players in the Sovrin Ecosystem.

In A Universal Trust Framework, I say “a trust framework provides the structure necessary to leap between the known and unknown.” The idea is that online we often lack the necessary context to reduce the risk around the decisions we make. A trust framework defines that context using agreement, process,

Claim Issuing and Presenting
Continue reading "Building Your Business on Sovrin: Domain-Specific Trust Frameworks"

What We Learn about Self-Sovereignty from CryptoKitties


This post is by Phil Windley's Technometria from Phil Windley's Technometria


Click here to view on the original site: Original Post




Summary: CryptoKitties are a useful example of digital ownership and self-sovereignty except for one small flaw.

Late last year CryptoKitties burst into the blockchain world. If you haven't been paying attention, CryptoKitties is a Web site that uses a browser-based wallet (MetaMask) to sell (for Ether) little virtual kitties. Once you have a kittie, you can breed it with others, to create new kitties. Each one is a unique individual created with some genetic algorithm. Some Gen 0 or Gen 1 kitties have sold for ridiculous amounts of money. If you were around in the 90's when the Web was taking off, think Beanie Babies meets Blockchain and you'll get the idea1.

Except it's a little more interesting than Beanie Babies ever were because each CryptoKittie is really a non-fungible token on the Ethreum blockchain. This means each kittie has some interesting properties:

Sovrin Foundation Welcomes Nathan George


This post is by Phil Windley's Technometria from Phil Windley's Technometria


Click here to view on the original site: Original Post




Summary: Hiring a full time CTO is a big step for the Sovrin Foundation. I'm excited Nathan is joining us.

The Sovrin Foundation is excited to announce that we have hired of Nathan George as our Chief Technology Officer. Nathan was previously Chief Architect at Evernym, Inc. He has been instrumental in maintaining the Hyperledger open-source Project Indy, which is sponsored by the Sovrin Foundation. Nathan comes with a wealth of experience that will help Sovrin thrive and reach its full potential.

I’m very excited to have Nathan join the foundation. The Sovrin Foundation is much more than an advocacy organization for self-sovereign identity. As I wrote in Decentralized Governance in the Sovrin Foundation, the foundation exists to administer the Sovrin Trust Framework and a significant aspect of that entails designing and implementing protocols, managing Project Indy, and supporting the Sovrin Stewards in their operation of the network nodes. These Continue reading "Sovrin Foundation Welcomes Nathan George"

Decentralized Governance in Sovrin


This post is by Phil Windley's Technometria from Phil Windley's Technometria


Click here to view on the original site: Original Post




Summary: Decentralized systems require governance to function well. Ideally this governance should be clear, open, and effective without impacting the decentralized nature of the system. This post describes the governance of the Sovrin network. Our approach is a constitutional model based on an agreement we call the Sovrin Trust Framework that informs and guides everything from code development to the responsibilities of the various actors in the system. The Sovrin Trust Framework enables decentralized governance of the Sovrin network.

Marc Hulty defines governance as "the processes of interaction and decision-making among the actors involved in a collective problem that lead to the creation, reinforcement, or reproduction of social norms and institutions." From this we can conclude that everything gets governed, the question is whether governance is ad hoc or formal, explicit or implicit.

One of the ironies of decentralized systems is that they require better governance than most centralized Continue reading "Decentralized Governance in Sovrin"

Decentralized Governance


This post is by Phil Windley's Technometria from Phil Windley's Technometria


Click here to view on the original site: Original Post




Summary: Decentralized systems require governance to function well. Ideally this governance should be clear, open, and effective without impacting the decentralized nature of the system. This post describes the governance of the Sovrin network. Our approach is a constitutional model based on an agreement we call the Sovrin Turst Framework that informs and guides everything from code development to the responsibilities of the various actors in the system.

Marc Hulty defines governance as "the processes of interaction and decision-making among the actors involved in a collective problem that lead to the creation, reinforcement, or reproduction of social norms and institutions." From this we can conclude that everything gets governed, the question is whether governance is ad hoc or formal, explicit or implicit.

One of the ironies of decentralized systems is that they require better governance than most centralized systems. Centralized systems are often governed in an ad hoc way Continue reading "Decentralized Governance"

Announcing the Sovrin Whitepaper


This post is by Phil Windley's Technometria from Phil Windley's Technometria


Click here to view on the original site: Original Post




Summary: The Sovrin whitepaper is now available. Identity in real life is much richer than online identity, flexibly and conveniently solving all kinds of thorny problems. Now with Sovrin, we can bring those rich identity transactions online. This paper shows how that happens and why it will impact every sector of the Internet in significant ways. I hope you'll spend some time reading it.

Sovrin Logo

I'm very pleased to announce that the Sovrin whitepaper is now available. The whitepaper pulls together in one place detailed information about why Sovrin exists, what Sovrin is, and how it will impact nearly every aspect of your online life. Here's the abstract:

Digital identity is one of the oldest and hardest problems on the Internet. There is still no way to use digital credentials to prove our online identity the same way we do in the offline world. This is finally changing. First, the World Continue reading "Announcing the Sovrin Whitepaper"

Secure Pico Channels with DIDs


This post is by Phil Windley's Technometria from Phil Windley's Technometria


Click here to view on the original site: Original Post




Summary: Decentralized identifiers are a perfect complement to the event channels in picos and provide the means of performing secure messaging between picos with little effort on the developer's part.

Encryption Flow

Picos are Internet-first actors that are well suited for use in building decentralized soutions on the Internet of Things. See this description of picos for more details.

Picos send an receive messages over channels. Each channel has a non-correlatable identifier, called an ECI. Because picos can have as many channels as they like, you can use them to prevent correlation of the pico's identity without the pico's participation.

When two picos exchange ECIs to create a relationship, we call that a subscription. Wrangler, the pico operating system, supports creating and using subscriptions. Subscriptions allow picos to use peer-to-peer, graph-based interaction patterns. From a given pico's perspective, it has an inbound channel to receive messages (the Rx channel) and an outbound Continue reading "Secure Pico Channels with DIDs"

Fixing the Five Problems of Internet Identity


This post is by Phil Windley's Technometria from Phil Windley's Technometria


Click here to view on the original site: Original Post




Summary: Sovrin capitalizes on decades of cryptographic research and the now widespread availability of decentralized ledger technology to rethink identity solutions so that we can have scalable, flexible, private interactions with consent despite the issues that distance introduces.

Credential Exchange

Andy Tobin has a great presentation that describes five problems of Internet identity. Our claim is that self-sovereign identity, and Sovrin in particular, solve these five problems:

The Proximity Problem—The proximity problem is as old as the familiar cartoon with the caption "On the Internet, nobody knows you're a dog." Because we're not interacting with people physically, our traditional means of knowing who we're dealing with are useless. In their place we've substituted username-password-based authentication schemes. The result is that people's identity information is replicated in multiple identity silos around the Internet.

The Scale Problem—Digital identity currently relies on hubs of identity information. We login using Facebook or Google—huge Continue reading "Fixing the Five Problems of Internet Identity"