Multi-Source and Self-Sovereign Identity

Summary: Self-sovereign identity is multi-source, but not all multi-source identity systems are self-sovereign. Self-sovereignty requires that people and organizations have control of their credentials and interact as peers.

A Wallet Holding Credentials

The world is full of credentials. Some, like a driving license, an employee ID card, a passport, or a university diploma are widely recognized as such. But many other things are also credentials: a store receipt, a boarding pass, or a credit score, for example. Credentials, designed properly, allow verifiable data to be employed in workflows without centralized hubs, point-to-point integrations, or real-time communication between the various players. Credentials enable decentralized, asynchronous workflows.

The Issuer/Holder/Verifier Trust Triangle
The Issuer/Holder/Verifier Trust Triangle

Multi-source identity (MSI) allows multiple credentials from multiple providers to be brought to bear, flexibly and conveniently, in a situation where trusted attestations are needed for the participants in a workflow to make progress. In MSI, there are three players: credential issuers, credential holders, and Continue reading "Multi-Source and Self-Sovereign Identity"

The Sovrin Foundation

Summary: This article describes the role that the Sovrin Foundation and associated groups play in governing, operating, and using the Sovrin Network. The Sovrin Network is designed and intended to be decentralized so understanding the key influence points and community groups is important.

Freifunk Mesh

In Decentralized Governance in Sovrin, I wrote:

The Sovrin Network is a global public utility for identity that we all own, collectively, just like we all own the Internet.

When I say Sovrin is "public," I mean that it is a public good that anyone can use so long as they adhere to the proper protocols, just like the Internet. Sovrin is created through the cooperation of many people and organizations. Enabling that cooperation requires more than luck. In Coherence and Decentralized Systems, I wrote:

Public spaces require coherence. Coherence in Sovrin springs from the ledger, the protocols, the trust framework, standards, and market incentives.

Continue reading "The Sovrin Foundation"

Multi-Source Identity

Summary: Multi-source identity systems like Sovrin enabled richer digital identity transactions that mirror the decentralized, ad hoc nature of identity in the physical world.

Audio Mixer

In the physical world, people collect and manage identity credentials1 from various sources including governments, financial institutions, schools, businesses, family, colleagues, and friends. They also assert information themselves. These various credentials serve different purposes. People collect them and present them in various contexts. When presented, the credential verifier is free to determine whether to trust the credential or not.

Online, identity doesn't work that way. Online identity has traditionally been single-source and built for specific purposes. Online, various, so-called "identity providers" authenticate people using usernames and passwords and provide a fixed, usually limited set of attributes about the subject of the identity transaction. The identity information from these systems is usually used within a specific, limited context. Social login allows it to be used across Continue reading "Multi-Source Identity"

Coherence and Decentralized Systems

Summary: Building decentralized systems requires more than defining a few specifications and hoping for the best. In order to thrive, decentralized systems need coherence, the social organization necessary to get otherwise independent actors to cooperate.

Coherence in Chaos

We take the Internet for granted, not realizing that such a global, decentralized system is a rare thing. Protocols, rightly, get credit, but they alone are insufficient. TCP/IP did not create the Internet. The Internet is not just a set of protocols, but rather a real thing. People and organizations created the Internet by hooking real hardware and communication lines together. To understand the importance of this, we need to understand what's necessary to create social systems like the Internet.

Social systems that are enduring, scalable, and generative require coherence among participants. Coherence allows us to manage complexity. Coherence is necessary for any group of people to cooperate. The coherence necessary to create the Internet Continue reading "Coherence and Decentralized Systems"

Decentralized Governance in Sovrin

Summary: Decentralized systems require governance to function well. Ideally this governance should be clear, open, and effective without impacting the decentralized nature of the system. This post describes the governance of the Sovrin network. Our approach is a constitutional model based on an agreement we call the Sovrin Trust Framework that informs and guides everything from code development to the responsibilities of the various actors in the system. The Sovrin Trust Framework enables decentralized governance of the Sovrin network.

Marc Hulty defines governance as "the processes of interaction and decision-making among the actors involved in a collective problem that lead to the creation, reinforcement, or reproduction of social norms and institutions." From this we can conclude that everything gets governed, the question is whether governance is ad hoc or formal, explicit or implicit.

One of the ironies of decentralized systems is that they require better governance than most centralized Continue reading "Decentralized Governance in Sovrin"

Decentralized Governance

Summary: Decentralized systems require governance to function well. Ideally this governance should be clear, open, and effective without impacting the decentralized nature of the system. This post describes the governance of the Sovrin network. Our approach is a constitutional model based on an agreement we call the Sovrin Turst Framework that informs and guides everything from code development to the responsibilities of the various actors in the system.

Marc Hulty defines governance as "the processes of interaction and decision-making among the actors involved in a collective problem that lead to the creation, reinforcement, or reproduction of social norms and institutions." From this we can conclude that everything gets governed, the question is whether governance is ad hoc or formal, explicit or implicit.

One of the ironies of decentralized systems is that they require better governance than most centralized systems. Centralized systems are often governed in an ad hoc way Continue reading "Decentralized Governance"

Is Sovrin Decentralized?

Summary: To determine whether Sovrin is decentralized, we have to ask questions about the purpose of decentralization and how Sovrin supports those purposes.

People sometimes ask "Is Sovrin decentralized?" given that it relies on a permissioned ledger. Of course, the question is raised in an attempt to determine whether or not an identity system based on a permissioned ledger can make a legitimate claim that it's self-sovereign. But whether or not a specific system is decentralized is just shorthand for the real questions. To answer the legitimacy question, we have to examine the reasons for decentralization and whether or not the system in question adequately addresses those reasons.

This excellent article from Vitalik Buterin discusses the meaning of decentralization. Vitalik gives a great breakdown of different types of decentralization, listing architectural decentralization, political decentralization, and logical decentralization.

Of these, logically decentralized systems are the most rare. Bitcoin and other Continue reading "Is Sovrin Decentralized?"

The Case for Decentralized Identity

Summary: We cannot decentralize many interesting systems without also decentralizing the identity systems upon which they rely. We're finally in a position to create truly decentralized systems for digital identity.

I go back and forth between thinking decentralization is inevitable and thinking it's just too hard. Lately, I'm optimistic because I think there's a good answer for one of the sticking points in building decentralized systems: decentralized identity.

Most interesting systems have an identity component. As Joe Andrieu says, "Identity is how we keep track of people and things and, in turn, how they keep track of us." The identity component is responsible for managing the identifiers and attributes that the system needs to function, authenticating the party making a request, and determining whether that party is authorized to make the request. But building an identity system that is usable, secure, maximizes privacy is difficult—much harder than most Continue reading "The Case for Decentralized Identity"

Launching the Sovrin Network

Summary: The Sovrin network for identity is now live and accepting transactions. Sovrin provides a global identity infrastructure that supports self-sovereign identity and verifiable claims. This blog post describes the launch ceremony that we conducted. This is the beginning of Identity for All.

This morning I participated in the launch of the Sovrin Network. About six weeks ago, we set up the Alpha network for testing. Validators participated in exercises to ensure the network was stable and could achieve consensus under a variety of circumstances.

This morning we transitioned from the Alpha network to the Provisional network. There are several important differences between the Alpha network and the Provisional network:

A Mesh for Picos

Summary: This post describes some changes we're making to the pico engine to better support a decentralized mesh for running picos.

Picos are Internet-first actors that are well suited for use in building decentralized soutions on the Internet of Things. Here are a few resources for exploring the idea of picos and our ideas about they enable a decentralized IoT if you’re unfamiliar with the idea:

  • Picos: Persistent Compute Objects—This brief introduction to picos and the components that make up the pico ecosystem is designed to make clear the high-level concepts necessary for understanding picos and how they are programmed. Over the last year, we've been replacing KRE, the engine picos run on, with a new, Node-based engine that is smaller and more flexible.
  • Reactive Programming with Picos—This is an introduction to picos as a method for doing reactive programming. The article contains many links to other, more Continue reading "A Mesh for Picos"

Sovrin Web of Trust

Summary: Sovrin uses a heterarchical, decentralized Web of Trust model to build trust in identifiers and give people clues about what and who to trust.

The Web of Trust model for Sovrin is still being developed, but differs markedly from the trust model used by the Web.

The Web (specifically TLS/SSL) depends on a hierarchical certificate authority model called the Public Key Infrastructure (PKI) to determine which certificates can be trusted. When your browser determines that the domain name of the site you're on is associated with the public key being used to encrypt HTTP transmissions (and maybe that they’re controlled by a specific organization), it uses a certificate it downloads from the Website itself. How then can this certificate be trusted? Because it was cryptographically signed by some other organization who issued the public key and presumably checked the credentials of the company buying the certificate for the domain.

Continue reading "Sovrin Web of Trust"

The most important event, ever

IIW XX, IIW_XX_logothe 20th Internet Identity Workshop, comes at a critical inflection point in the history of VRM: Vendor Relationship Management, the only business movement working toward giving you both
  1. independence from the silos and walled gardens of the world; and
  2. better means for engaging with every business in the world.
If you’re looking for a point of leverage on the future of customer liberation, independence and empowerment, IIW is it. Wall Street-sized companies around the world are beginning to grok what Main Street ones have always known: customers aren’t just “targets” to be “acquired,” “managed,” “controlled” and “locked in.” In other words, Cluetrain was right when it said this, in 1999:

if you only have time for one clue this year, this is the one to get…

Now it is finally becoming clear that free customers are more valuable than captive ones: to themselves, to the companies they deal with, and to the marketplace.

But how, exactly? That’s what we’ll be working on at IIW, which runs from April 7 to 9 at the Computer History Museum, in the heart of Silicon Valley: the best venue ever created for a get-stuff-done unconference. Focusing our work is a VRM maturity framework that gives every company, analyst and journalist a list of VRM competencies, and every VRM developer a context in which to show which of those competencies they provide, and how far along they are along the maturity path. This will start paving the paths along which individuals, tool and service providers and corporate systems (e.g. CRM) can finally begin to fit their pieces together. It will also help legitimize VRM as a category. If you have a VRM or related company, now is the time to jump in and participate in the conversation. Literally. Here are some of the VRM topics and technology categories that we’ll be talking about, and placing in context in the VRM maturity framework: Note: Another version of this post appeared first on the ProjectVRM blog. I’m doing a rare cross-posting here because it that important.

Silo-Busting MyWord Editor is Now Public

Summary: The MyWord Editor and nodeStorage system are a perfect example of what I call a personal cloud application architecture. unhosted_web_architecture I've written before about Dave Winer's nodeStorage project and his MyWord blogging tool. Yesterday Dave released the MyWord editor for creating blog posts. I can see you yawning. You're thinking "Another blogging tool? Spare me! What's all the excitement?!?" The excitement over a few simple ideas:
  • First, MyWord is a silo-buster. Dave's not launching a company or trying to suck you onto his platform so he can sell ads. Rather, he's happy to have you take his software and run it yourself. (Yes, there are other blogging platforms you can self-host, the monster-of-them-all Wordpress included. Read on.)
  • Second, the architecture of MyWord is based on Dave's open-source nodeStorage system. Dave's philosophy for nodeStorage is simple and matches my own ideas about user's owning and controlling their own data, instead of having that data stored in some company's database to serve its ambitions. I've called this the Personal Cloud Application Architecture (PCAA).
A PCAA separates the application data from the application. This has significant implications for how Web applications are built and used. I set up an instance of nodeStorage for myself at Now when I use the MyWord editor (regardless of where it's hosted) I can configure it to use my storage node and the data is stored under my control. This is significant because I'm using Dave's application and my storage. I'm not hosting the application (although I can do that, if I like, since it's open source). I'm simply hosting data. Here's my first post using the MyWord editor with my nodeStorage. Making this work, obviously, requires that the storage system respond in certain ways so that the application knows what to expect. The nodeStorage system provides that. But not just for MyWord, for any application that needs identity (provided through Twitter) and storage (provided by Amazon S3). Dave's provided several of these applications and I'm sure more are in the works. If more people have access to nodeStorage-based systems, application developers could ignore the features it provides and focus on the app. I recognize that's a big "if", but I think it's a goal worth working toward. Tags:

IBM’s ADEPT Project: Rebooting the Internet of Things

Summary: The Internet of Things, only a few years old, needs a reboot. So says Paul Brody of IBM. The IBM Adept project is a proof of concept for an open, decentralized Internet of Things. IBM Think D100 Test I recently spent some time learning about IBM's ADEPT project. ADEPT is a proof of concept for a completely decentralized Internet of Things. ADEPT is based on Telehash for peer-to-peer messaging, BitTorrent for decentralized file sharing, and the blockchain (via Ethereum) for smart contracts (this video from Primavera De Filippi on Ethereum is a good discussion of that concept). The ideas and motivations behind the project as presented at IBM's Device Democracy align nicely many of the concerns I have raised about the Internet of Things. To get a feel for that, watch this video from Paul Brody, vice president and global electronics industry leader for IBM Global Business Services. Brody, speaking at the Smart Home session of the IFA+ Summit, says “I come not to praise the smart home, but to bury it.” Its worth watching the whole thing: Note: the video doesn't show Brody's slides. I couldn't find these exact slides, but this presentation to Facebook looks like it's close if you want to see some of the visuals. The project has a couple of white papers:

Building a Universal Silo

Summary: The Internet is being ruined by corporate silos that take away our personal freedom in exchange for services. Some think what we need is a universal silo that we can all be part of. There are different approaches to achieving that goal that will have very different outcomes. Silos de Trigueros In a recent discussion about silos and that lack of "open" in "open APIs" that followed from Aral Balkan's superb How Web 2.0 killed the Internet, there was talk of a "universal silo." Let's consider how we might build such a universal silo. One approach uses a centralized silo, like Facebook or Google, but presumably controlled by some benevolent authority. People usually resort to a centralized approach to solve problems cause we are just a lot more comfortable with it. We believe that if we can just make the rules right, then we’ll all be OK. All command-control systems are founded on this belief. It’s not always bad, but it comes at a huge cost: the loss of personal autonomy. (As an aside, the second step in this path is to find an organization with a monopoly on violence [i.e. a government] to enforce the rules for you.) The other approach, the one the Internet taught us, is to use a decentralized system to accomplish the goal. This is much harder for humans to wrap their minds around and a lot less satisfying cause it requires surrendering authority and the ability to control the results. Humans so love to control outcomes. We could build a “universal silo” using either approach. In the centralized approach, I think we’d end up with the UN/ITU fiasco in control (or something equally as heinous). In the decentralized approach we’d get the Internet. Yeah, the Internet is the one big silo we’re after. It’s not perfect. In particular, we need to weed out some of the centralization that has crept in (e.g. DNS, Root Certificate Authorities). But it’s the one big silo we all can be a part of without everyone subjecting themselves to a single administrative authority. In Doc’s piece on End User License Agreements, he says the Interent is just “A”, an agreement. There are no end users, there’s no licensing. Just agreements. This is the universal silo we can all live with. Bonus link: Read Ben Werdmüller's How we're on the verge of an amazing new open web #indieweb for a positive spin on all this. Tags:

The CompuServe of Things

Summary: On the Net today we face a choice between freedom and captivity, independence and dependence. How we build the Internet of Things has far-reaching consequences for the humans who will use—or be used by—it. Will we push forward, connecting things using forests of silos that are reminiscent the online services of the 1980's, or will we learn the lessons of the Internet and build a true Internet of Things?


On the Net today we face a choice between freedom and captivity, independence and dependence.

You may view that statement as melodramatic, but the near future will incorporate computers into more facets of our lives than we can imagine. If we are to trust those computers and avoid giving up autonomy to centralized authorities, we have to create an open Internet of Things. I don’t think it’s going too far to say that our natural rights as human beings are based on a world that is heterarchical by nature—and that we are fooling ourselves if we think we can maintain those rights using only hierarchies and centralized systems. Building the CompuServe of Things instead of a true Internet of Things is a real threat to personal freedom and autonomy, and will halt progress for decades to come, unless we do the right thing now.

Online Services

Back in the day, some of us were lucky enough to be at a university and use the Internet. I started using the Internet in 1986 when I entered graduate school at UC Davis. If you weren't one of the chosen few with an Internet connection and wanted to communicate with friends, you used CompuServe, Prodigy, AOL or some other "online service." Each of these offered a way to send email, but only to people on the same service. They had forums where you could discuss various topics. And they all had what we'd call "apps" today. Sounds kind of like Facebook, actually. These services were silos. Each was an island that didn't interoperate with the others.

In the mid-90's, interest in the Web caused a number of companies to get into the dial-up Internet service business. Once connected to the Internet, you could email anyone, participate in forums anywhere, look at any Web site, shop from any store, and so on. AOL successfully made the transition from online service business to ISP, the rest did not.

Online 2.0: Return of the Silos

Each of these online service businesses sought to offer a complete soup-to-nuts experience and capitalized on their captive audiences in order to get businesses to pay for access. In fact, you don't have to look very hard to see that much of what's popular on the Internet today looks a lot like sophisticated versions of these online service businesses. Web 2.0 isn't so much about the Web as it is about recreating the online business models of the 80's and early 90's. Maybe we should call it Online 2.0 instead.

To understand the difference, consider GMail vs. Facebook Messaging. Because GMail is really just a massive Web-client on top of Internet mail protocols like SMTP, IMAP, and POP, you can use your GMail account to send email to any account on any email system on the Internet. And, if you decide you don't like GMail, you can switch to another email provider (at least if you have your own domain).

Facebook messaging, on the other hand, can only be used to talk to other Facebook users inside Facebook. Not only that, but I only get to use the clients that Facebook chooses for me. Facebook is going to make those choices based on what's best for Facebook. And most Web 2.0 business models ensure that the interests of Web 2.0 companies are not necessarily aligned with those of their users. Decisions to be non-interoperable aren't done out of ignorance, but on purpose. For example, WhatsApp uses an open protocol (XMPP), but chooses to be a silo.

Note: I'm not making a "Google good, Facebook bad" argument. I'm merely comparing GMail to Facebook messaging. Google has its own forms of lock-in in many of its products and is every bit as much a re-creation of the 1980's "online service" business model as Facebook.

Which brings us to the Internet of Things. The Internet of Things envisioned today isn’t a real Internet. It’s a forest of silos, built by well-meaning companies repeating the errors of history, giving us the modern equivalents of isolated mainframes, non-compatible LANs and incompatible networks like those of AOL, Compuserve and Prodigy. What we're building ought to be called the CompuServe of Things.

A Real, Open Internet of Things

If we were really building the Internet of Things, with all that that term implies, there'd be open, decentralized, heterarchical systems at its core, just like the Internet itself. There aren't. Sure, we're using TCP/IP and HTTP, but we're doing it in a way that is closed, centralized, and hierarchical with only a minimal nod to interoperability using APIs.

We need the Internet of Things to be the next step in the series that began with the general purpose PC and continued with the Internet and general purpose protocols—systems that support personal autonomy and choice. The coming Internet of Things envisions computing devices that will intermediate every aspect of our lives. I strongly believe that this will only provide the envisioned benefits or even be tolerable if we build an Internet of Things rather than a CompuServe of Things.

When we say the Internet is "open," we're using that as a key word for the three key concepts that underlie the Internet:

  1. Decentralization
  2. Heterarchy (what some call peer-to-peer connectivity)
  3. Interoperability

You might be thinking, aren't decentralization and heterarchy more or less the same? No. To see how they differ, consider two examples: DNS, the domain name service, and Facebook. DNS is decentralized, but hierarchical. Zone administrators update their zone files and determine in a completely decentralized manner which sub domains inside their domain correspond to which IP addresses (among other things). But the way DNS achieves global consensus about what these mappings mean is hierarchical. A few well-known servers for each top-level domain (TLD) point to the servers for the various domains inside the TLD, which in turn point to servers for sub domains inside them, and so on. There's exactly one, hierarchical copy of the mapping.

Facebook, on the other hand, is heterarchical, but centralized. The Facebook Open Graph relates people to each other in a heterarchical fashion—peer-to-peer. But of course, it's completely centralized. The entire graph resides on Facebook's servers under Facebook's control.

Interoperability allows independently developed systems to interact. Interoperability provides for substitutability, allowing one system or service to be substituted for another without loss of basic functionality. As noted above, even though I use GMail as my email provider, I can talk to people who use Hotmail (i.e. they're interoperable) and I can, if I'm unhappy with GMail, substitute another email provider.

Decentralization, heterarchy, and interoperability are supported by protocol, the standards that govern interaction. One of the ironies of open systems like the Internet is that rules are more important than in closed systems. In a closed system, the hierarchical, centralized authority imposes standards that create order. In an open, decentralized, heterarchical system, the order must be agreed to ahead of time in the form of protocol.

These three concepts aren't optional. We won’t get the real Internet of Things unless we develop open systems that support decentralization, heterarchy, and interoperability. We might well ask "where are the protocols underlying the Internet of Things?" TCP/IP, HTTP, MQTT, etc. aren't enough because they work at a level below where the things will need to interoperate. Put another way, they leave unspecified many important processes (like discovery).

Personal Autonomy and Freedom

My point isn't a narrow technical one. I'm not arguing for an open Internet of Things because of perceived technical benefits. Rather, this is about personal autonomy and ultimately human rights. As I said above, the Internet of Things will put computers with connectivity into everything. And I really mean "every thing." They will intermediate every aspect of our lives. Our autonomy and freedom as humans depend on how we build the Internet of Things. Unless we put these connected things under the control of the individuals they serve without an intervening administrative authority, we will end up building something that undermines the quality of life it's meant to bolster.

What is an "intervening administrative authority?" Take your Fitbit as an example. You pay $99 for the device, but cannot use it without also creating an account at Fitbit and having all the data from the device flow through Fitbit's servers. In this case, Fitbit is the "intervening administrative authority." Whenever you create an account at Fitbit or anywhere else, you're being "administered" and giving up some amount of control. That's not necessarily a bad thing, but it does, taken in aggregate, place real and significant restrictions on personal autonomy.

If Fitbit decides to revoke my account, I will probably survive. But what if, in some future world, the root certificate authority of the identity documents I use for banking, shopping, travel, and a host of other things decides to revoke my identity for some reason? Or if my car stops running because Ford shuts off my account? People must have autonomy and be in control of the connected things in their life. There will be systems and services provided by others and they will, of necessity, be administered. But those administering authorities need not have control of people and their lives. We know how to solve this problem. Interoperability takes "intervening" out of "administrative authority."

The only way we get an open Internet of Things is to build it. That means we have to do the hard work of figuring out the protocols—and business models—that support it. I'm heartened by developments like Bitcoin's blockchain algorithm, the #indieweb movement, Telehash, XDI Discovery, MaidSafe, and others. And, of course, I've got my own work on KRL, CloudOS, and Fuse. But there is still much to do.

We are at a crossroads, with a decision to make about what kind of future we want. We can build the world we want to live in or we can do what's easy, and profitable, in the short run. The choice is ours.

Update: After posting this, I found that Adam McEwen used the term "CompuServe of Things" in a talk he gave in 2013: Risking a Compuserve of Things


Networks vs Hierarchies

Summary: Good talk from Fred Wilson on how networked systems are changing business and how we all interact with one another.

This talk from Fred Wilson discusses the transition from hierarchical, bureaucratic systems to networked systems and the effect that has on business models. Well work watching.

At one point he says, "We are all a node on the network." My take: This is still imperfectly realized. Actually, we're all a collection of uncollated nodes on the network. The problem is that all my apps and services are silo'd. Big data won't solve this problem. APIs won't solve this problem. Personal clouds will.