Difference between revisions of "Self-Sovereign Identity"

From MgmtWiki
Jump to: navigation, search
m (Problem)
(Problem)
Line 9: Line 9:
  
 
==Problem==
 
==Problem==
While this section lists a few of the problems that arise from SSI, the largest issue is the claims that are made of SSI are not actually met by any of the implementations.  One example is the claim that the user is in control of their identifier. All that existing implementations (in 2021) provide is proof that the user can sign a document. Whether the user has lost control of the signing operation, which could well be in the attackers possession, is their own possession of the private key. Unlike the real-world, in the digital world proof of possession is nowhere near to proof of control. Similar problems exist throughout the claims made in the docs.
+
While this section lists a few of the problems that arise from SSI, the largest issue is that the claims made for SSI are not actually met by any of the implementations.  One example is the claim that the user is in control of their identifier. All that existing implementations (in 2021) provide is proof that the user can sign a document. Whether the user has lost control of the signing operation, which could well be in the attackers possession, is their own possession of the private key. Unlike the real-world, in the digital world proof of possession is nowhere near to proof of control. Similar problems exist throughout the claims made in the docs.
 
# If the user is in charge of the device that asserts their identity, it still requires some other trusted entity to make an assertion about the level of [[Assurance]] that can be placed in the identifier.
 
# If the user is in charge of the device that asserts their identity, it still requires some other trusted entity to make an assertion about the level of [[Assurance]] that can be placed in the identifier.
 
# The device of choice for a majority of users today is the [[Smartphone]] which does not have the capacity to run as an always on service.
 
# The device of choice for a majority of users today is the [[Smartphone]] which does not have the capacity to run as an always on service.

Revision as of 09:58, 28 September 2021

Full Title or Meme

Giving users control and ownership of their own Identifiers.

Context

  • Chris Allen described SSI in these terms.[1]
We use the terminology of SSI, as the concept of individuals or organizations having sole ownership of their digital and analog identities, and control over how their personal data is shared and used. This adds a layer of security and flexibility allowing the identity holder to only reveal the necessary data for any given transaction or interaction. Since identity is such a central part of society, we need to ensure that user control will be the primary foundation SSI will be built upon.
  • Typically a SSI will consist of a Decentralized Identifier (DID) and a DID doc which will contain, at a minimum, access to a public key
  • A real world identity cannot be fully captured in a digital object about that identity, but a digital object with a DID is a complete digital identity that is known as a digital entity. So, in the general case, a Self-Sovereign Identity really is an identity.

Problem

While this section lists a few of the problems that arise from SSI, the largest issue is that the claims made for SSI are not actually met by any of the implementations. One example is the claim that the user is in control of their identifier. All that existing implementations (in 2021) provide is proof that the user can sign a document. Whether the user has lost control of the signing operation, which could well be in the attackers possession, is their own possession of the private key. Unlike the real-world, in the digital world proof of possession is nowhere near to proof of control. Similar problems exist throughout the claims made in the docs.

  1. If the user is in charge of the device that asserts their identity, it still requires some other trusted entity to make an assertion about the level of Assurance that can be placed in the identifier.
  2. The device of choice for a majority of users today is the Smartphone which does not have the capacity to run as an always on service.
  3. The information contained in a DID doc is not likely to contain sufficient information to know if there is a real-world entity associated with the DID, nor if the DID applies to a Natural Person. This was done specifically to avoid activation of any laws dealing with privacy or redress. In effect the DID is designed to be lawless. It remains to be seen if governments around the world will agree to this lawless status.

https://www.serverbrain.org/active-directory-security-2003/lightweight-directory-access-protocol-ldap.html#:~:text=The%20major%20difference%20between%20DAP,Agent)%20of%20the%20network%20directory.

Solutions

Efforts are underway to address the two ideas described by Chris Allen above:

How User Information is Shared

Sharing is controlled by splitting user Identifiers and Attributes into separate chunks, each chunk holding several Claims.

How User Information is Used

It's much harder to control how User Information is used once it has been shared. The best effort underway in early 2019 was the Kartana Initiative Consent Receipt.[2] This document describes a format for a document submitted by a Web Site to a Subject after completion of a negotiation on what User Information can be shared and for what purposes.

References

  1. Christopher Allen, Introduction to Self-Sovereign Identity and Its 10 Guiding Principles. (2019-01-09) Medium https://medium.com/metadium/introduction-to-self-sovereign-identity-and-its-10-guiding-principles-97c1ba603872
  2. Kantara Initiative, Consent Receipt Specification. (2018-02-20) https://kantarainitiative.org/file-downloads/consent-receipt-specification-v1-1-0/

Additional Material