Launching the Sovrin Network

Summary: The Sovrin network for identity is now live and accepting transactions. Sovrin provides a global identity infrastructure that supports self-sovereign identity and verifiable claims. This blog post describes the launch ceremony that we conducted. This is the beginning of Identity for All.

This morning I participated in the launch of the Sovrin Network. About six weeks ago, we set up the Alpha network for testing. Validators participated in exercises to ensure the network was stable and could achieve consensus under a variety of circumstances.

This morning we transitioned from the Alpha network to the Provisional network. There are several important differences between the Alpha network and the Provisional network:

Everybody should have a surprise birthday party as surreal and wonderful as this one

2017_07_29_70th_birthday_002 The scene above is what greeted me when I arrived at what I expected to be a small family dinner last night: dozens of relatives and old friends, all with of my face. For one tiny moment, I thought I might be dead, and loved ones were gathered to greet me. But the gates weren’t pearly. They were the back doors of Rosys at the Beach in Morgan Hill last night. Rosy is one of my five sisters in law. She and most of her sibs, including their two additional brothers, their kids and grandkids were there, along with many friends, including ones I’ve known since North Carolina in the early ’70s. More about it all later (since I’m busy with continuing festivities). In the meantime I want to thank everybody, starting with my wife, who did such a great job of making the whole evening wonderful. Also for operating in complete Continue reading "Everybody should have a surprise birthday party as surreal and wonderful as this one"

A milepost in an increasingly exclusive demographic club

Because I’m busy today, I’ll re-post what I wrote about my birthday five years ago. Here goes… 65plusI worked in retailing, wholesaling, journalism and radio when I was 18-24. I co-founded an advertising agency when I was 25-34. Among the things I studied while working in that age bracket were Nielsen and Arbitron ratings for radio and TV. Everything those companies had to say was fractioned into age brackets. The radio station I did most of that work for was WQDR in Raleigh, one of the world’s first album rock stations. Its target demographic was 18-34. It’s a country station now, aimed at 25-54. Other “desirable” demographics for commercial media are 18-49 and 25-49. The demographic I entered between the last sentence and this one, 65+, is the last in the usual demographic series and the least desirable to marketers, regardless of the size of the population in it, and Continue reading "A milepost in an increasingly exclusive demographic club"

Identity, Sovrin, and the Internet of Things

Summary: Building the Internet of Things securely requires that we look to non-hierarchical models for managing trust. Sovrin provides a Web of Trust model for securing the Internet of Things that increases security and availability while giving device owners more control.
<a href="https://blogs.harvard.edu/doc/">Doc Searls</a> put me onto this report from Cable Labs: <a href="http://www.cablelabs.com/vision-secure-iot/">A Vision for Secure IoT</a>. Not bad stuff as far as it goes. The executive summary states:
IoT therefore represents the next major axis of growth for the Internet. But, without a significant change in how the IoT industry approaches security, this explosion of devices increases the risk to consumers and the Internet. To reduce these risks, the IoT industry and the broader Internet ecosystem must work together to mitigate the risks of insecure devices and ensure future devices are more secure by developing and adopting robust security standards for IoT devices. Industry-led standards represent the most promising approach Continue reading "Identity, Sovrin, and the Internet of Things"

Initial working group draft of JSON Web Token Best Current Practices

OAuth logoI’m happy to announce that the OAuth working group adopted the JSON Web Token Best Current Practices (JWT BCP) draft that Yaron Sheffer, Dick Hardt, and I had worked on, following discussions at IETF 99 in Prague and on the working group mailing list. The specification is available at: An HTML-formatted version is also available at:

A Mesh for Picos

Summary: This post describes some changes we're making to the pico engine to better support a decentralized mesh for running picos.

Picos are Internet-first actors that are well suited for use in building decentralized soutions on the Internet of Things. Here are a few resources for exploring the idea of picos and our ideas about they enable a decentralized IoT if you’re unfamiliar with the idea:

  • Picos: Persistent Compute Objects—This brief introduction to picos and the components that make up the pico ecosystem is designed to make clear the high-level concepts necessary for understanding picos and how they are programmed. Over the last year, we've been replacing KRE, the engine picos run on, with a new, Node-based engine that is smaller and more flexible.
  • Reactive Programming with Picos—This is an introduction to picos as a method for doing reactive programming. The article contains many links to other, more Continue reading "A Mesh for Picos"

Dear Apple, please make exporting “unmodified originals” easier. Thanks.

2017_05_09_eic_30-sm If you shoot photos with an iOS device (iPhone or iPad), you’re kinda trapped in Apple’s photography silos: the Camera and Photos apps on your device, and the Photos app on your computer. (At least on a Mac… I dunno what the choices are for Windows, but I’m sure they’re no less silo’d. For Linux you’ll need an Android device, which is off-topic here.) Now, if you’re serious about photography with an iThing, you’ll want to organize and improve your photos in a more sophisticated and less silo’d app than Photos.app—especially if you want to have the EXIF data that says, for example, exactly when and where a photo was shot: exifexample This tells me I shot the photo at 4:54 in the afternoon in Unterschleißheim, München: at Kuppinger Cole’s EIC (European Identity and Cloud) Conference, not long after I gave a keynote there. (Here’s video proof of that.) Here
screen-shot-2017-07-25-at-10-09-11-am
screen-shot-2017-07-25-at-2-14-29-pm
screen-shot-2017-07-25-at-2-16-32-pm
Continue reading "Dear Apple, please make exporting “unmodified originals” easier. Thanks."

Using Herb Vaporizers with Tobacco

Fact that most if not all herb vaporizers are designed for vaporizing cannabis made it difficult to get reliable information for tobacco use.

Tobacco Types

I tried three types: RYO is closest to tobacco used in cigarettes. I found it best for daily use. Pipe tobacco is very rich taste, too rich for frequent use. I typically use it before sleep, best with a glass of finest. I found Cigar tobacco to be the most difficult to use with herb vaporizer because they taste best when properly humidified but many vaporizers are not designed to vaporize wet herbs. And dry cigar tobacco is brittle, shedding tobacco particles when you vape. Best parts are cost and variety.

Vaporization Methods

Continue reading "Using Herb Vaporizers with Tobacco"

of graveyards and golf courses: A perspective on perspective

When I was a child, I loved seeing photographs of everyday things from not-everyday perspectives. I think the first such thing I remember marvelling about was what a human hair looked like under a powerful microscope. It looked a bit like this image from “Long Hair Community” via Google: I’m still fascinated by such out-of-normal-perspective … Continue reading "of graveyards and golf courses: A perspective on perspective"

Making new mistakes

This is part of a map of Calcutta published in 1842. It’s the city I was born in, the city I grew up in, the city that was my home for the first twenty-three years of my life. A city I remember with fond memories and one I visit with joy in my heart. [Incidentally, … Continue reading "Making new mistakes"

JSON Web Token Best Current Practices draft describing Explicit Typing

OAuth logoThe JWT BCP draft has been updated to describe the use of explicit typing of JWTs as one of the ways to prevent confusion among different kinds of JWTs. This is accomplished by including an explicit type for the JWT in the “typ” header parameter. For instance, the Security Event Token (SET) specification now uses the “application/secevent+jwt” content type to explicitly type SETs. The specification is available at: An HTML-formatted version is also available at:

Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs) spec addressing review comments

IETF logoThe Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs) specification has been updated to address comments received since its initial publication. Changes were:
  • Tracked CBOR Web Token (CWT) Claims Registry updates.
  • Addressed review comments by Michael Richardson and Jim Schaad.
  • Added co-authors Ludwig Seitz, Göran Selander, Erik Wahlström, Samuel Erdtman, and Hannes Tschofenig.
Thanks for the feedback received to date! The specification is available at: An HTML-formatted version is also available at:

Security Event Token (SET) specification preventing token confusion

IETF logoA new version of the Security Event Token (SET) specification has been published containing measures that prevent any possibility of confusion between ID Tokens and SETs. Preventing confusion between SETs, access tokens, and other kinds of JWTs is also covered. Changes were:
  • Added the Requirements for SET Profiles section.
  • Expanded the Security Considerations section to describe how to prevent confusion of SETs with ID Tokens, access tokens, and other kinds of JWTs.
  • Registered the application/secevent+jwt media type and defined how to use it for explicit typing of SETs.
  • Clarified the misleading statement that used to say that a SET conveys a single security event.
  • Added a note explicitly acknowledging that some SET profiles may choose to convey event subject information in the event payload.
  • Corrected an encoded claims set example.
  • Applied grammar corrections.
This draft is intended to provide solutions to the issues that had been discussed in IETF 98 Continue reading "Security Event Token (SET) specification preventing token confusion"

Great Coffee vs. Meh Marketing

favorite-peets My loyalty to Peet’s Coffee is absolute. I have loved Peet’s since it was a single store in Berkeley. I told my wife in 2001 that I wouldn’t move anywhere outside the Bay Area unless there was a Peet’s nearby. That pre-qualified Santa Barbara, where we live now. When we travel to where Peets has retail stores, we buy bags of our favorite beans (which tend to be one of the above) to take to our New York apartment, because there are no Peets stores near there. When we’re in New York and not traveling, we look for stores that sell bags of one of the bean bags above. Since our car died and we haven’t replaced it yet, we have also taken to ordering beans through Peet’s website. Alas, we’re done with that now. Here’s why: screen-shot-2017-06-22-at-11-34-17-pm I ordered those beans (Garuda and New Guinea) two Thursdays ago, June 16, at 7:45am. A couple Continue reading "Great Coffee vs. Meh Marketing"

Sovrin Status: Alpha Network Is Live

Summary: The Sovrin Network is live and undergoing testing. This Alpha Stage will allow us to ensure the network is stable and the distributed nodes function as planned. Sunrise
Sovrin is based on a permissioned distributed ledger. Permissioned means that there are known validators that achieve consensus on the distributed ledger. The validators are configured so as to achieve <a href="https://en.wikipedia.org/wiki/Byzantine_fault_tolerance">Byzantine fault tolerance</a> but because they are known, the network doesn't have to deal with <a href="https://en.wikipedia.org/wiki/Sybil_attack">Sybil attacks</a>. This has several implications:
  1. The nodes are individually unable to commit transactions, but collectively they work together to create a single record of truth. Individual nodes are run by organizations called "Sovrin Stewards."
  2. Someone or something has to chose and govern the Stewards. In the case of Sovrin, that is the Sovrin Foundation. The nodes are governed according to the Sovrin Trust Framework.
The Sovrin Network has launched in alpha. The purpose of the <!--more--> Network is to allow Founding Stewards to do everything necessary to install and test their validator nodes before we collectively launch the Provisional Network. It’s our chance to do a dry-run to work out any kinks that we may find before the initial launch. 

Here’s what we want to accomplish as part of this test run:
  • Verify technical readiness of the validator nodes
  • Verify security protocols and procedures for the network
  • Test emergency response protocols and procedures
  • Test the distributed, coordinated upgrade of the network
  • Get some experience running the network as a community
  • Work out any kinks and bugs we may find.
With these steps complete, Sovrin will become a technical reality. It’s an exciting step. We currently have nine stewards running validators nodes and expect more to come online over the next few weeks. Because the Alpha Network is for conducting tests, we anticipate that the genesis blocks on the ledger will be reset once the testing is complete. 



Once the Alpha Network has achieved it's goals, it will transition to the Provisional Network. The Sovrin Technical Governance Board (TGB) chose to operate the network in a provisional stage as a beta period where all transactions were real and permanent, but still operating under a limited load. This will enable the development team and Founding Stewards to do performance, load, and security testing against a live network before the Board of Trustees declares it generally availabile.
After many months of planning and working for the network to go live, we're finally on our way. Congratulations and gratitude to the team at Evernym doing the heavy lifting, the Founding Stewards who are leading the way, and the many volunteers who sacrifice their time to build a new reality for online identity.
Photo Credit: Sunrise from dannymoore1973 (CC0 Public Domain) Tags:

“Using RSA Algorithms with COSE Messages” specification approved for publication

IETF logoThe IESG approved the “Using RSA Algorithms with COSE Messages” specification for publication as an RFC today. A new version was published incorporating the IESG feedback. Thanks to Ben Campbell, Eric Rescorla, and Adam Roach for their review comments. No normative changes were made. The specification is available at: An HTML-formatted version is also available at:

On cryptocurrencies, blockchain and all that

Take a look at this chart:

CryptoCurrency Market Capitalizations

screen-shot-2017-06-21-at-10-37-51-pm As Neo said, Whoa. To help me get my head fully around all that’s going on behind that surge, or mania, or whatever it is, I’ve composed a lexicon-in-process that I’m publishing here so I can find it again. Here goes::: Bitcoin. “A cryptocurrency and a digital payment system invented by an unknown programmer, or a group of programmers, under the name Satoshi Nakamoto. It was released as open-source software in 2009. The system is peer-to-peer, and transactions take place between users directly, without an intermediary. These transactions are verified by network nodes and recorded in a public distributed ledger called a blockchain. Since the system works without a central repository or single administrator, bitcoin is called the first decentralized digital currency.” (Wikipedia.) Cryptocurrency. “A digital asset designed to work as a medium of exchange using cryptography to secure the Continue reading "On cryptocurrencies, blockchain and all that"