Difference between revisions of "Self-Sovereign Identity"
(→Problem) |
(→Sovrin) |
||
(37 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
==Context== | ==Context== | ||
− | Chris Allen described SSI in these terms.<ref>Christopher Allen, ''Introduction to Self-Sovereign Identity and Its 10 Guiding Principles.'' (2019-01-09) Medium https://medium.com/metadium/introduction-to-self-sovereign-identity-and-its-10-guiding-principles-97c1ba603872</ref> | + | * Chris Allen described SSI in these terms.<ref>Christopher Allen, ''Introduction to Self-Sovereign Identity and Its 10 Guiding Principles.'' (2019-01-09) Medium https://medium.com/metadium/introduction-to-self-sovereign-identity-and-its-10-guiding-principles-97c1ba603872</ref> See see the problems section for what actually is provided by the implementations. |
<blockquote>We use the terminology of SSI, as the concept of individuals or organizations having sole ownership of their digital and analog identities, and control over how their personal data is shared and used. This adds a layer of security and flexibility allowing the identity holder to only reveal the necessary data for any given transaction or interaction. Since identity is such a central part of society, we need to ensure that user control will be the primary foundation SSI will be built upon.</blockquote> | <blockquote>We use the terminology of SSI, as the concept of individuals or organizations having sole ownership of their digital and analog identities, and control over how their personal data is shared and used. This adds a layer of security and flexibility allowing the identity holder to only reveal the necessary data for any given transaction or interaction. Since identity is such a central part of society, we need to ensure that user control will be the primary foundation SSI will be built upon.</blockquote> | ||
+ | * Typically a SSI will consist of a [[Decentralized ID|Decentralized Identifier]] (DID) and a DID doc which will contain, at a minimum, access to a public key | ||
+ | * A real world identity cannot be fully captured in a digital object about that identity, but a digital object with a DID is a complete digital identity that is known as a digital entity. So, in the general case, a [[Self-Sovereign Identity]] really is an identity, but of the digital object, not the real-world user. | ||
==Problem== | ==Problem== | ||
+ | While this section lists a few of the problems that arise from SSI, the largest issue is that the claims made for SSI are not actually met by any of the implementations. One example is the claim that the user is in control of their identifier. All that existing implementations (in 2021) provide is proof that the user can sign a document. Whether the user has lost control of the signing operation, which could well be in the attackers possession, is their own possession of the private key. Unlike the real-world, in the digital world proof of possession is nowhere near to proof of control. Similar problems exist throughout the claims made in the docs. | ||
# If the user is in charge of the device that asserts their identity, it still requires some other trusted entity to make an assertion about the level of [[Assurance]] that can be placed in the identifier. | # If the user is in charge of the device that asserts their identity, it still requires some other trusted entity to make an assertion about the level of [[Assurance]] that can be placed in the identifier. | ||
+ | # The device of choice for a majority of users today is the [[Smartphone]] which does not have the capacity to run as an always on service. | ||
+ | # The information contained in a DID doc is not likely to contain sufficient information to know if there is a real-world entity associated with the DID, nor if the DID applies to a [[Natural Person]]. This was done specifically to avoid activation of any laws dealing with privacy or redress. In effect the DID is designed to be lawless. It remains to be seen if governments around the world will agree to this lawless status. | ||
+ | |||
+ | * [https://damienbod.com/2021/10/11/challenges-to-self-sovereign-identity/ CHALLENGES TO SELF SOVEREIGN IDENTITY] DamienBod 2021-10-11 | ||
+ | * [https://www.serverbrain.org/active-directory-security-2003/lightweight-directory-access-protocol-ldap.html#:~:text=The%20major%20difference%20between%20DAP,Agent)%20of%20the%20network%20directory. Lightweight Directory Access Protocol LDAP] 2021-09-27 | ||
+ | Riley Hughes has been chronicling Trinsic's progress with SSI on Medium for 5 years when he wrote his 2024-10-15 paper "Why Aren't Widely Adopted"<ref name="hughes">Riely Hughes, ''Why Verifiable Credentials Aren’t Widely Adopted & Why Trinsic Pivoted'' 2024-10-15 https://medium.com/@rileyparkerhughes/why-verifiable-credentials-arent-widely-adopted-why-trinsic-pivoted-aee946379e3b</ref> seems to throw in the towel and said that creating standards before a solution is understood is a waste of time. | ||
==Solutions== | ==Solutions== | ||
Line 16: | Line 25: | ||
===How User Information is Used=== | ===How User Information is Used=== | ||
It's much harder to control how [[User Information]] is used once it has been shared. The best effort underway in early 2019 was the Kartana Initiative Consent Receipt.<ref>Kantara Initiative, ''Consent Receipt Specification.'' (2018-02-20) https://kantarainitiative.org/file-downloads/consent-receipt-specification-v1-1-0/</ref> This document describes a format for a document submitted by a [[Web Site]] to a [[Subject]] after completion of a negotiation on what [[User Information]] can be shared and for what purposes. | It's much harder to control how [[User Information]] is used once it has been shared. The best effort underway in early 2019 was the Kartana Initiative Consent Receipt.<ref>Kantara Initiative, ''Consent Receipt Specification.'' (2018-02-20) https://kantarainitiative.org/file-downloads/consent-receipt-specification-v1-1-0/</ref> This document describes a format for a document submitted by a [[Web Site]] to a [[Subject]] after completion of a negotiation on what [[User Information]] can be shared and for what purposes. | ||
+ | |||
+ | ==Deployments== | ||
+ | ===British Columbia=== | ||
+ | * British Columbia (BC) has been at the forefront of adopting self-sovereign identity solutions. | ||
+ | * The province has implemented a project called “British Columbia OrgBook”, which leverages blockchain technology and the Sovrin Network as its underlying identity registry. | ||
+ | * The OrgBook aims to streamline government processes by allowing citizens to provide information once and then reuse it across various services. This concept is often referred to as “Tell Us Once”. | ||
+ | * By using self-sovereign identity principles, BC is creating a more efficient and user-friendly experience for its residents. | ||
+ | ===Buhutan=== | ||
+ | In July 2023, Bhutan’s National Assembly passed the National Digital Identity Act (NDI) of Bhutan 2023, which supports and gives rise to the new digital framework; the self-sovereign identity Bhutan NDI Wallet. | ||
+ | |||
+ | The program was spearheaded by Druk Holding and Investments, the commercial and investment. Bhutan is ranked as one of the world’s poorest and least developed countries, and yet it was the first country in the world to roll out a novel sovereign identity (SSI) digital ID system known as the Bhutan NDI. | ||
+ | |||
+ | The Bhutan NDI Wallet is a mobile application that stores a Bhutan citizen’s or Bhutan visitor’s digital credentials. These self-sovereign digital identity credentials leverage the privacy-preserving World Wide Web Consortium (W3C) verified credentials and decentralized identifier standards. | ||
+ | ===Sovrin=== | ||
+ | 2024-10-21 Riley Hughes | ||
+ | Cofounder, CEO at Trinsic | ||
+ | |||
+ | An end of an era. Sovrin Foundation announced last week that its network & operations will shut down early 2025. First of all, Sovrin was truly something special circa 2018. In 2020 when the Foundation “transitioned” to a volunteer workforce, I wrote a blog post called “On the Future of Sovrin”. My predictions didn’t age so well. But I chronicle some of why Sovrin will always represent an important part of my career story. I also had a great convo with Phil Windley, the key person in the early Foundation, on the Future of Identity podcast. That’s a good episode if you want an inside peek into the early days of Sovrin. Here are Riely's top 3 takes on the demise: | ||
+ | |||
+ | # The board outlined 4 reasons for shutting down. Declining traffic, regulatory uncertainty, technical challenges, lack of community involvement. Realistically, there is 1 reason. The community moved on. Not only did traffic on the network decline, but no new vendors added Sovrin Network support in 2024. Furthermore, there are no realistic alternatives to Sovrin for adherents to the Anoncreds ecosystem—so to me, this indicates the growth rate of new vendors supporting the Anoncreds ecosystem is low-to-nonexistent. (I’m skipping over a bunch of nuance here that won’t fit on LinkedIn. Happy to discuss the edge cases in the comments.) | ||
+ | # The current board has acted as Sovrin’s life support for the last 3+ years. I respect and admire these people for volunteering for a thankless role and taking a shot. I haven’t agreed with many of the decisions the current board has taken. But in hindsight, this outcome was inevitable. It’s as simple as this: in general, companies building on Sovrin didn’t succeed in production. In absence of that, no network could sustain itself indefinitely. (See post above<ref name="hughes" /> for my thoughts on why) | ||
+ | # Sovrin’s promise was always that the Network would persist through a decentralized group of Stewards hosting nodes on the network, even if the Foundation closed operations. In a way, that sort of happened. The volunteers currently running Sovrin, many of whom are representatives from node operators, kept the network operations alive for years. But this illustrates to me the importance of incentives in decentralized systems. Without an incentive to keep operating nodes, eventually the network would break down. The folks who decried the “hybrid” permissioned network appear to be right. | ||
+ | |||
+ | That’s it! So much more could be said on the topic. I’ll end with a (slightly edited) quote from my 2020 post about the Future of Sovrin: | ||
+ | “Nobody gets it right the first time. Every startup requires pivoting. Financial markets require correction. Medical diagnosis often requires trial and error. The Foundation is no different—the initial approach didn’t pan out as hoped. But that’s OK. [Digital identity’s] brightest days are still ahead and I believe a new direction will ultimately be a very positive thing for the community.” | ||
==References== | ==References== | ||
+ | <references /> | ||
+ | ===Additional Material=== | ||
+ | * See this wiki page on [[Self-issued OpenID Provider]] | ||
[[Category:Glossary]] | [[Category:Glossary]] | ||
[[Category:Identity]] | [[Category:Identity]] | ||
[[Category:Security]] | [[Category:Security]] |
Latest revision as of 14:23, 21 October 2024
Contents
Full Title or Meme
Giving users control and ownership of their own Identifiers.
Context
- Chris Allen described SSI in these terms.[1] See see the problems section for what actually is provided by the implementations.
We use the terminology of SSI, as the concept of individuals or organizations having sole ownership of their digital and analog identities, and control over how their personal data is shared and used. This adds a layer of security and flexibility allowing the identity holder to only reveal the necessary data for any given transaction or interaction. Since identity is such a central part of society, we need to ensure that user control will be the primary foundation SSI will be built upon.
- Typically a SSI will consist of a Decentralized Identifier (DID) and a DID doc which will contain, at a minimum, access to a public key
- A real world identity cannot be fully captured in a digital object about that identity, but a digital object with a DID is a complete digital identity that is known as a digital entity. So, in the general case, a Self-Sovereign Identity really is an identity, but of the digital object, not the real-world user.
Problem
While this section lists a few of the problems that arise from SSI, the largest issue is that the claims made for SSI are not actually met by any of the implementations. One example is the claim that the user is in control of their identifier. All that existing implementations (in 2021) provide is proof that the user can sign a document. Whether the user has lost control of the signing operation, which could well be in the attackers possession, is their own possession of the private key. Unlike the real-world, in the digital world proof of possession is nowhere near to proof of control. Similar problems exist throughout the claims made in the docs.
- If the user is in charge of the device that asserts their identity, it still requires some other trusted entity to make an assertion about the level of Assurance that can be placed in the identifier.
- The device of choice for a majority of users today is the Smartphone which does not have the capacity to run as an always on service.
- The information contained in a DID doc is not likely to contain sufficient information to know if there is a real-world entity associated with the DID, nor if the DID applies to a Natural Person. This was done specifically to avoid activation of any laws dealing with privacy or redress. In effect the DID is designed to be lawless. It remains to be seen if governments around the world will agree to this lawless status.
- CHALLENGES TO SELF SOVEREIGN IDENTITY DamienBod 2021-10-11
- Lightweight Directory Access Protocol LDAP 2021-09-27
Riley Hughes has been chronicling Trinsic's progress with SSI on Medium for 5 years when he wrote his 2024-10-15 paper "Why Aren't Widely Adopted"[2] seems to throw in the towel and said that creating standards before a solution is understood is a waste of time.
Solutions
Efforts are underway to address the two ideas described by Chris Allen above:
Sharing is controlled by splitting user Identifiers and Attributes into separate chunks, each chunk holding several Claims.
How User Information is Used
It's much harder to control how User Information is used once it has been shared. The best effort underway in early 2019 was the Kartana Initiative Consent Receipt.[3] This document describes a format for a document submitted by a Web Site to a Subject after completion of a negotiation on what User Information can be shared and for what purposes.
Deployments
British Columbia
- British Columbia (BC) has been at the forefront of adopting self-sovereign identity solutions.
- The province has implemented a project called “British Columbia OrgBook”, which leverages blockchain technology and the Sovrin Network as its underlying identity registry.
- The OrgBook aims to streamline government processes by allowing citizens to provide information once and then reuse it across various services. This concept is often referred to as “Tell Us Once”.
- By using self-sovereign identity principles, BC is creating a more efficient and user-friendly experience for its residents.
Buhutan
In July 2023, Bhutan’s National Assembly passed the National Digital Identity Act (NDI) of Bhutan 2023, which supports and gives rise to the new digital framework; the self-sovereign identity Bhutan NDI Wallet.
The program was spearheaded by Druk Holding and Investments, the commercial and investment. Bhutan is ranked as one of the world’s poorest and least developed countries, and yet it was the first country in the world to roll out a novel sovereign identity (SSI) digital ID system known as the Bhutan NDI.
The Bhutan NDI Wallet is a mobile application that stores a Bhutan citizen’s or Bhutan visitor’s digital credentials. These self-sovereign digital identity credentials leverage the privacy-preserving World Wide Web Consortium (W3C) verified credentials and decentralized identifier standards.
Sovrin
2024-10-21 Riley Hughes Cofounder, CEO at Trinsic
An end of an era. Sovrin Foundation announced last week that its network & operations will shut down early 2025. First of all, Sovrin was truly something special circa 2018. In 2020 when the Foundation “transitioned” to a volunteer workforce, I wrote a blog post called “On the Future of Sovrin”. My predictions didn’t age so well. But I chronicle some of why Sovrin will always represent an important part of my career story. I also had a great convo with Phil Windley, the key person in the early Foundation, on the Future of Identity podcast. That’s a good episode if you want an inside peek into the early days of Sovrin. Here are Riely's top 3 takes on the demise:
- The board outlined 4 reasons for shutting down. Declining traffic, regulatory uncertainty, technical challenges, lack of community involvement. Realistically, there is 1 reason. The community moved on. Not only did traffic on the network decline, but no new vendors added Sovrin Network support in 2024. Furthermore, there are no realistic alternatives to Sovrin for adherents to the Anoncreds ecosystem—so to me, this indicates the growth rate of new vendors supporting the Anoncreds ecosystem is low-to-nonexistent. (I’m skipping over a bunch of nuance here that won’t fit on LinkedIn. Happy to discuss the edge cases in the comments.)
- The current board has acted as Sovrin’s life support for the last 3+ years. I respect and admire these people for volunteering for a thankless role and taking a shot. I haven’t agreed with many of the decisions the current board has taken. But in hindsight, this outcome was inevitable. It’s as simple as this: in general, companies building on Sovrin didn’t succeed in production. In absence of that, no network could sustain itself indefinitely. (See post above[2] for my thoughts on why)
- Sovrin’s promise was always that the Network would persist through a decentralized group of Stewards hosting nodes on the network, even if the Foundation closed operations. In a way, that sort of happened. The volunteers currently running Sovrin, many of whom are representatives from node operators, kept the network operations alive for years. But this illustrates to me the importance of incentives in decentralized systems. Without an incentive to keep operating nodes, eventually the network would break down. The folks who decried the “hybrid” permissioned network appear to be right.
That’s it! So much more could be said on the topic. I’ll end with a (slightly edited) quote from my 2020 post about the Future of Sovrin:
“Nobody gets it right the first time. Every startup requires pivoting. Financial markets require correction. Medical diagnosis often requires trial and error. The Foundation is no different—the initial approach didn’t pan out as hoped. But that’s OK. [Digital identity’s] brightest days are still ahead and I believe a new direction will ultimately be a very positive thing for the community.”
References
- ↑ Christopher Allen, Introduction to Self-Sovereign Identity and Its 10 Guiding Principles. (2019-01-09) Medium https://medium.com/metadium/introduction-to-self-sovereign-identity-and-its-10-guiding-principles-97c1ba603872
- ↑ 2.0 2.1 Riely Hughes, Why Verifiable Credentials Aren’t Widely Adopted & Why Trinsic Pivoted 2024-10-15 https://medium.com/@rileyparkerhughes/why-verifiable-credentials-arent-widely-adopted-why-trinsic-pivoted-aee946379e3b
- ↑ Kantara Initiative, Consent Receipt Specification. (2018-02-20) https://kantarainitiative.org/file-downloads/consent-receipt-specification-v1-1-0/
Additional Material
- See this wiki page on Self-issued OpenID Provider