Summary: The Sovrin whitepaper is now available. Identity in real life is much richer than online identity, flexibly and conveniently solving all kinds of thorny problems. Now with Sovrin, we can bring those rich identity transactions online. This paper shows how that happens and why it will impact every sector of the Internet in significant ways. I hope you'll spend some time reading it.
I'm very pleased to announce that the Sovrin whitepaper is now available. The whitepaper pulls together in one place detailed information about why Sovrin exists, what Sovrin is, and how it will impact nearly every aspect of your online life. Here's the abstract:
Digital identity is one of the oldest and hardest problems on the Internet. There is
still no way to use digital credentials to prove our online identity the same way we do
in the offline world. This is finally changing. First, the World Continue reading "Announcing the Sovrin Whitepaper"
Summary: Decentralized identifiers are a perfect complement to the event channels in picos and provide the means of performing secure messaging between picos with little effort on the developer's part.
Picos are Internet-first actors that are well suited for use in building decentralized soutions on the Internet of Things. See this description of picos for more details.
Picos send an receive messages over channels. Each channel has a non-correlatable identifier, called an ECI. Because picos can have as many channels as they like, you can use them to prevent correlation of the pico's identity without the pico's participation.
When two picos exchange ECIs to create a relationship, we call that a subscription. Wrangler, the pico operating system, supports creating and using subscriptions. Subscriptions allow picos to use peer-to-peer, graph-based interaction patterns. From a given pico's perspective, it has an inbound channel to receive messages (the Rx channel) and an outbound Continue reading "Secure Pico Channels with DIDs"
Summary: Sovrin capitalizes on decades of cryptographic research and the now widespread availability of decentralized ledger technology to rethink identity solutions so that we can have scalable, flexible, private interactions with consent despite the issues that distance introduces.
Andy Tobin has a great presentation that describes five problems of Internet identity. Our claim is that self-sovereign identity, and Sovrin in particular, solve these five problems:
The Proximity Problem—The proximity problem is as old as the familiar cartoon with the caption "On the Internet, nobody knows you're a dog." Because we're not interacting with people physically, our traditional means of knowing who we're dealing with are useless. In their place we've substituted username-password-based authentication schemes. The result is that people's identity information is replicated in multiple identity silos around the Internet.
The Scale Problem—Digital identity currently relies on hubs of identity information. We login using Facebook or Google—huge Continue reading "Fixing the Five Problems of Internet Identity"
Summary: To determine whether Sovrin is decentralized, we have to ask questions about the purpose of decentralization and how Sovrin supports those purposes.
People sometimes ask "Is Sovrin decentralized?" given that it relies on a permissioned ledger. Of course, the question is raised in an attempt to determine whether or not an identity system based on a permissioned ledger can make a legitimate claim that it's self-sovereign. But whether or not a specific system is decentralized is just shorthand for the real questions. To answer the legitimacy question, we have to examine the reasons for decentralization and whether or not the system in question adequately addresses those reasons.
This excellent article from Vitalik Buterin discusses the meaning of decentralization. Vitalik gives a great breakdown of different types of decentralization, listing architectural decentralization, political decentralization, and logical decentralization.
Of these, logically decentralized systems are the most rare. Bitcoin and other Continue reading "Is Sovrin Decentralized?"
Summary: We can avoid security breachs that result in the loss of huge amounts of private data by creating systems that don't rely on correlatable identifiers. Sovrin is built to use non-correlatable identifiers by default while still providing all the necessary functionality we expect from an identity system.
Yesterday word broke that Equifax had suffered a data breach that resulted in 143 million identities being stolen. This is a huge deal, but not really too shocking given the rash of data breaches that have filled the news in recent years.
The typical response when we hear about these security problems is "why was their security so bad?" While I don't know any specifics about Equifax's security, it's likely that their security was pretty good. But the breach still occurred. Why? Because of Sutton's Law. When Willie Sutton was asked why he robbed banks, he reputedly said "cause that's where Continue reading "Equifax and Correlatable Identifiers"
Summary: For Sovrin to become a global, public utility that helps everyone create and manage self-sovereign identities, it must be independent and self-sustaining. This post outlines four idependence milestones for Sovrin Foundation.
The Sovrin Foundation began life about a year ago. We launched the Sovrin Network just last month. For Sovrin to achieve its goal of providing self-sovereign identity for all, the Foundation and the Network have to be independent and self-sustaining.
The idea for Sovrin-style identity and the technology behind it was developed by Evernym. To their credit, Evernym’s founders, Jason Law and Timothy Ruff, recognized that for their dream of a global identity system to become reality, they’d have to make Sovrin independent of Evernym. At present, Evernym continues to make huge contributions to Sovrin in time, code, money, and people. Our goal is to reduce these contributions, at least as a percentage of the total, over time.
Continue reading "Sovrin Self-Sustainability"
Summary: We cannot decentralize many interesting systems without also decentralizing the identity systems upon which they rely. We're finally in a position to create truly decentralized systems for digital identity.
I go back and forth between thinking decentralization is inevitable and thinking it's just too hard. Lately, I'm optimistic because I think there's a good answer for one of the sticking points in building decentralized systems: decentralized identity.
Most interesting systems have an identity component. As Joe Andrieu says, "Identity is how we keep track of people and things and, in turn, how they keep track of us." The identity component is responsible for managing the identifiers and attributes that the system needs to function, authenticating the party making a request, and determining whether that party is authorized to make the request. But building an identity system that is usable, secure, maximizes privacy is difficult—much harder than most Continue reading "The Case for Decentralized Identity"
Summary: Building the Internet of Things securely requires that we look to non-hierarchical models for managing trust. Sovrin provides a Web of Trust model for securing the Internet of Things that increases security and availability while giving device owners more control.
<a href="https://blogs.harvard.edu/doc/">Doc Searls</a> put me onto this report from Cable Labs: <a href="http://www.cablelabs.com/vision-secure-iot/">A Vision for Secure IoT</a>. Not bad stuff as far as it goes. The executive summary states:
IoT therefore represents the next major axis of growth for the Internet. But, without a significant change in how the IoT industry approaches security, this explosion of devices increases the risk to consumers and the Internet. To reduce these risks, the IoT industry and the broader Internet ecosystem must work together to mitigate the risks of insecure devices and ensure future devices are more secure by developing and adopting robust security standards for IoT devices. Industry-led standards represent the most promising approach Continue reading "Identity, Sovrin, and the Internet of Things"
Summary: Sovrin uses a heterarchical, decentralized Web of Trust model to build trust in identifiers and give people clues about what and who to trust.
The Web of Trust model for Sovrin is still being developed, but differs markedly from the trust model used by the Web.
The Web (specifically TLS/SSL) depends on a hierarchical certificate authority model called the Public Key Infrastructure (PKI) to determine which certificates can be trusted. When your browser determines that the domain name of the site you're on is associated with the public key being used to encrypt HTTP transmissions (and maybe that they’re controlled by a specific organization), it uses a certificate it downloads from the Website itself. How then can this certificate be trusted? Because it was cryptographically signed by some other organization who issued the public key and presumably checked the credentials of the company buying the certificate for the domain.
Continue reading "Sovrin Web of Trust"
Summary: Sovrin Foundation has engaged Engage Identity to perform a security review of Sovrin's technology and processes. Results will be available later this summer.
The <a href="http://sovrin.org/">Sovrin Foundation</a> and <a href="http://engageidentity.com/">Engage Identity</a> announced a new partnership today. Security experts from Engage Identity will be completing an in-depth technical review of the Sovrin Foundation’s entire security architecture.
Sovrin Foundation is very concerned that the advanced technology utilized by everyone depending on Sovrin is secure. That technology protects many valuable assets including private personal information and essential business data. As a result, we wanted to be fully aware of the risks and vulnerabilities in Sovrin. In addition, The Sovrin Foundation will benefit from having a roadmap for future security investment opportunities.
We're very happy to be working with Engage Identity, a leader in the security and identity industry. Established and emerging cryptographic identity protocols are one of their many areas of expertise. They have <!--more--> experience providing security analysis and recommendations for identity frameworks.
The Engage Identity team is lead by Sarah Squire, who has worked on user-centric open standards for many organizations including NIST, Yubico, and the OpenID Foundation. Sarah will be joined by Adam Migus and Alan Viars, both experienced authorities in the fields of identity and security.
The final report will be released this summer, and will include a review of the current security architecture, as well as opportunities for future investment. We intende to make the results public. Anticipated subjects of in-depth research are:
- Resilience to denial of service attacks
- Key management
- Potential impacts of a Sovrin-governed namespace
- Minimum technical requirements for framework participants
- Ongoing risk management processes
Sovrin Foundation is excited to take this important step forward with Engage Identity to ensure that the future of self-sovereign identity management can thrive and grow.
sovrin security identity
I joke with Phil Windley that half my blog posts are about his blog posts. But there’s a good reason for that. Phil’s a prolific blogger because he’s a prolific thinker, and there is a very high signal-to-noise ratio in those thoughts.
Lately what Phil’s been thinking and blogging about is self-sovereign identity
— specifically Sovrin
, the new public permissioned ledger for self-sovereign identity that was announced
last month at the Ctrl-Shift Personal Information Economy Conference
Phil is chair of the Sovrin Foundation Board of Trustees
(I am Secretary), and in that leadership role he’s published a series of blog posts that stake out the philosophical, political, technical, and practical underpinnings of self-sovereign identity. Here’s a quick guide to these posts, in chronological order (oldest-to-newest):
In Google Has Quietly Dropped Ban on Personally Identifiable Web Tracking
unpack what the subhead says well enough: “Google is the latest tech company to drop the longstanding wall between anonymous online ad tracking and user’s names.”
Here’s a message from humanity to Google and all the other spy organizations in the surveillance economy
: Tracking is no less an invasion of privacy in apps and browsers than it is in homes, cars, purses, pants and wallets.
That’s because our apps and browsers are personal and private. So are the devices on which we use them
. Simple as that. (HT to @Apple for digging that fact.
To help online advertising business and the publications they support understand what ought to be obvious (but isn’t yet), let’s clear up some misconceptions:
- Tracking people without their clear and conscious permission is wrong. (Meaning The Castle Doctrine Continue reading "The problem for people isn’t advertising, and the problem for advertising isn’t blocking. The problem for both is tracking."
Summary: Verifiable, owner-provided attributes are the engine that will drive wide-spread adoption of self-sovereign identity systems. This article explains how this models the way credentials work in the physical world and describes benefits of owner-provided attributes.
In the physical world, people carry credentials to prove to others that they have certain attributes or hold certain privileges. Online, this is not possible.
For example, a driver's license contains attributes like name, address, and date of birth that have been validated by the Driver's License Division. The driver’s license is widely viewed as trustworthy. Consequently, people use driver's licenses for purposes other than driving. For example, a school or pharmacy can easily verify that a license belongs to the person presenting it, and confirm the validity of the license without ever contacting the Driver's License Division directly.
In other words, in the physical world, people hold and are the conveyors of their Continue reading "When People Can Share Verifiable Attributes, Everything Changes"
In a recent series of blog posts by Phil Windley, the concept of a self-soveriegn identity system is introduced.
SIS purpose is just like it sounds. An independent identity system managed by users.
The series leads up to the announcement last week of Sovrin.org. (But I will get to that later.) Since these are in a series of blog posts, they are in reverse chronological order. So here they are in order.
- Service Integration Via a Distributed Ledger
- Governance for Distributed Ledgers
- An Internet for Identity
- Self-Sovereign Identity and the Legitamacy of Permissioned Ledgers
Some of these are lengthy. The topic is complicated, but fundamental to the future. Take your time. Dont let TL;DR syndrome sidetrack you.
In World of Ends, Doc Searls and
Dave Weinberger enumerate the Internet’s three virtues: