I attended the 31st Internet Identity Workshop (IIW) this week with over 400 co-participants. The online event managed to capture much of the community and goodwill of the long-running Silicon Valley conference. While I’m sure the three day event is even better in person, moving it online meant that people joined from all over the world. IIW ran along three different tracks in three different timezones centered on the West Coast USA, Europe, and East Asia.
What follows is a recap of what I saw at IIW. One glaring omission is Samuel M. Smith’s KERI - a novel, truly portable, identity system. There was a lot of excitement around his work at IIW. But it’s a big conference with many sessions. I’m sure I missed many other highlights.
Foundations
Identity is only to know who you can throw in jail.
I attended two sessions that covered some important basics. Is Identity Only Transactional?, convened by Chris Buchanan & Lisa LeVasseur, attempted to answer two basic questions:
- Where is identity required?
- When required, what is the smallest amount that can be shared?
For example, if a person has been harmed, they can only assert their rights if they have an identity. But the identity a person uses does not have to be their “true identity”; American courts use the pseudonym “John Doe.” People working on internet identity must be careful not to confuse identity with truth. This is the mistake that Mark Zuckerberg famously made in 2010 when he was quoted in The Facebook Effect (2010).
Having two identities for yourself is an example of a lack of integrity.
This need for identity creates strange bed-follows in the digital sphere. Many organizations are inserting themselves in your relationships to authenticate you. Facebook remains one of the most prominent.
Self Sovereign Identity
With Self Sovereign Identity (SSI), a person can assert their identity without an intermediary. An individual achieves this through creating and controlling tamper-evident claims known as Verifiable Credentials (VC). These VCs are already relatively simple and standardized, making them more like information shipping containers rather than our current data silos.
But as Nicky Hickman asserted in the session 7 Essential Life Credentials for Identity for All, “The number of people who are truly self-sovereign today is very slim.”
- The very young and very old are dependent.
- The youth and the elderly are increasingly independent, but not fully.
- People in love are co-dependent.
- A parent has dependents.
- The single, independent person is almost always interdependent.
To me, this makes the need for eventual Self Sovereign Identifier custodians self-evident.
As Berlin-based Juan Caballero argued in SSI and Decentralized Identity, there are two ways SSI could go: “legally-enabled self-sovereign” (LESS) identity or “trust minimized” identity (“minimal”).Caballero, being the fine fellow that he is, made sure to give credit to the original source of this “less/minimal” dichotomy: Tim Bouma, host of the podcast Definitely Identity and Christopher Allen. Cabellero presented these ideas with Karyl Fowler, CEO of Transmute. Speaker slides here.
The first option is a digital identity type adopted by a nation-states but owned by its citizens. Various government functions would only get the information they need - anything more is a liability. For example, the post office doesn’t want your tax records (keeping them secure would be a liability), but the information they do want must demonstrably originate from an authentic source. Governments can build trustable sources of information.
In a trust minimized or trustless scenario, the source may be obfuscated. This makes censorship of an individual actor more difficult while the veracity of their information is largely based on others in the community, aka the “web of trust.” This embodies the libertarian dream of a self-governing society, without the need of a nation-state.
Emerging Standards
The Trust Over IP Foundation (ToIP)
Convened by John Jordan, who coined the term “ToIP,”
Dave Luchuk, the ToIP full-time Program Manager, and Karl Kneis, ToIP and Digital Trust Ecosystems was something of an introduction to what’s happening at the Trust Over IP Foundation. The initiative, established by the Lunix Foundation, promises to “use digital identity models that leverage interoperable digital wallets and credentials and the new W3C Verifiable Credentials standard to address these challenges and enable consumers, businesses and governments to better manage risk, improve digital trust and protect all forms of identity online.”“Cross-Industry Coalition Advances Digital Trust Standards”, The Linux Foundation, 2020.
The meeting featured Charles Walton from ID, a service by Mastercard, and Jim St.Clair from Lumedic. Walton predictably noted that digital payments are lead by identity. Mastercard itself is a platform for bank partners that already works across international borders (international identity standards are always difficult to establish). This line of thinking also suggested the use of GLEIF (Global Legal Entity Identifier Foundation) as a centralized identifier like ICANN. Created after the Great Recession, 1.6 million GLEIF numbers have been issued to financial services all around the world.
The Soverin Foundation
Meet the New Soverin Foundation was convened by Chris Raczkowski to discuss this emerging standard
. As the chairman of the Soverin Foundation’s Board of Trustees, he was the right person to discuss the direction of the initiative after something of a reorientation. The organization heads an open source project that provides a global public utility for self-sovereign identity. Soverin activity can be monitored using the Hyperledger Indy transaction explorer.
Soverin has several boards that give input on the operation of the service, from how the technology will serve vendors and users, to how it will serve the Global South. Through the three day workshop, many people expressed concern about how identification will impact the lives of the disenfranchised in countries around the world. Identity has a messy history in technology. Which is why it’s better to “move slow and think carefully” in this domain.
Trinsic
As an applied technology, Riley Hughes taught attendees how to Build an SSI Proof of Concept in his session. Hughes is a co-founder of Trinsic
, a service to help programmers create verifiable credentials and self sovereign identity. The credential created in this workshop exists on the Soverin Staging network. But the underlying technology Trinsic uses is based on Hyperledger Aries.
Briefly, the steps include:
- Create two organizations on the Soverin Staging network.
- When you create an Organization in Trinsic, you’re creating a cloud agent hosted on a dedicated tenant in the Trinsic platform capable of issuing or verifying credentials.
- This Organization also gets a public DID on the network it’s provisioned on.
- Request the information and pass the verified credential to the requesting party.
- 1st organization → you (“Alice”) → 2nd organization
- Create a credential template in the first organization. There will be a 1-3 second delay while the template is written to the ledger.
- In order to accept a digital credential, you (“Alice”) will need an agent.
- Download the Trinsic Wallet (the agent) to your phone.
- After scanning the QR code, the 1st organization will issue the credential.
Trinsic has 3 different APIs1 - Credential API: an API component based on industry verified credential standards. 2 - Wallet API: a rather unique API that allows a developer to create cloud agents for holding credentials. 3 - Provider API: an API that allows a developer to create cloud agents for issuing credentials. The initial access to the API is free, a price is set depending on its usage. Getting started with an SSI proof-of-concept is easy using Trinsic Studio.
that allows developers to build the business logic of identification in their application. The Trinsic integration with Zapier is an easy no-code way to get started with the API (example).
The Decentralized Identity Foundation
Danube Tech demonstrated the DIF
Universal Resolver and Universal Registrar. The Decentralized Identity Foundation (DIF) is an organization creating an open ecosystem for decentralized identity.
- Universal Resolver: there are many DID Methods, a universal resolver provides interoperability between them. Hosted on IBM Cloud.
- Universal Registrar: it’s more complicated to contribute a registration driver, so fewer DID Methods are supported. But this provides a way to register DIDs.
Every DID driver is basically it’s own application deployed in a Docker image. This approach isolates each driver implementation.
WebID
Finally, several contributors to the WebID standard
ran a session called The Web Platform, Privacy and Federation (thoughts on WebID). The current practices for federating identity is based on browser primitives like iframes, cookies, redirects, popups, etc…. But browsers do not apply the lowest common denominator privacy policies to these primitives. So tracking is possible through embedded technologies like the Facebook comment widget on a blog. The new standard should prevent Relying Parties (like a blog) from colluding to track users (like JavaScript agents on a blog) and prevent Identity Providers (like Facebook) from knowing everywhere a user has logged in.Another example, beyond the scope of this discussion, is the “Incrementally Better Cookies” proposal that may break applications which rely common OpenID-based practices. Things are changing.
Speculative Futures
Using the example of renting a car, Adrian Gropper and Chris Lee described a “Gold Button” in a session called Human-Centered Interoperability. The Gold Button initiates an agent that provides information based on context. The agent will raise an exception in cases where the policy text doesn’t match the agent’s provision or the relying party doesn’t want to honor the token (perhaps for compliance reason). The group speculated on information fiduciaries that may help your agent form policies on your behalf and the communities of people that determine norms that set policies.
Paul Knowles is a self described a semantic nerd at Human Colossus. He lead the Active and Passive Identifiers: Elements, Objects and Characteristics of a Decentralized Network workshop.Passive identity has the quality of being immutable while an active identity can be authenticated.
As a part of the semantics working group at the ToIP foundation, he has spent some time thinking about the Overlays Capture Architecture (OCA). The OCA correlates semantic information between data models and data representation formats. Not only does it provide data interoperability, but also privacy compliant data sharing.
Robert Mitwicki convened his session, Trusted Digital Assistant (TDA): Why I Don’t Need To Manage My Identity, to propose a TDA (i.e. Personal Identity Advocate). This TDA expands upon the role a ID might have in a wallet - it is an active bot that is available across all of a person’s devices.
Mitwicki’s proposal responds to the amount of work required to manage our identities online and off. For example, while passports must be carried and renewed, all of the other infrastructure is managed for us. But current digital solutions require people to understand the technology, understand the assurance, and know what is safe to share where.
Some attendees felt that these services can only be truly handled by the legal profession - experts who ensure that your personal preferences and service interactions conform. This is somewhat absurd at scale, but as internet services refine themselves to respond to individual user needs in a myriad of international settings, the broad institutional and social systems currently in play will not work.
One solution might be the combination of expert systems acting on machine readable privacy policies, like the IEEE 7012 standard.
Lisa LeVasseur, the vice chair of IEEE 7012, ran several sessions. I attended two, A Legal Layer for the Internet & IEEE 7012 Machine Readable Personal Privacy Terms and B2ME to B2P.
The first was co-hosted by Mary Hodder, the technical editor of IEEE 7012. The focus of IEEE 7012 is on agreement management, syntax, and recording of a machine-to-machine privacy agreements. This includes proffering, negotiating, executing, changing, and terminating the contract. Other important activities discussed is auditing the execution, enforcing the agreement, and resolving disputes.
One of the biggest hurdles to such a technology is adoption. It could be made part of an attractive greenfield product initiative to help seed its spread, but there is also some unknowns around the initiative’s efficacy in an international legal context.
LeVasseur also convened a session on the Me2B Alliance, a new type of standards organization focused on human rights and consumer rights for the digital world. The alliance is comprised of both individuals (Me-s) and businesses (B-s), offering certifications for the latter and their products. This may also help grow IEEE 7012 adoption.
Philip Sheldrake of the AKASHA Foundation lead a spirited discussion during Generative Identity — For Psychological, Sociological, and Ecological Health (aka The Dystopia of SSI). The presentation is probably best captured in his new site of the same name, Generative Identity or his chapter in a forthcoming SSI book called The Dystopia of Self-Sovereign Identity.
Sheldrake is deeply concerned with the immutable concepts associated with many digital identity technologies. He argues that identities can change in significant ways even over short periods of time. Dissenters in the crowd noted that SSI is about identifiers being non-reassignable, not being forever. Thus you may be assigned several different immutable and equally valid identifiers over time.
Another exchange critiqued the rigidity of trust triangles: the relationship between an issuer (1) of a credential that reflects upon the person (2) whom it identifies and the verifier (3) who confirms its authenticity. In other words, I was issued a Bachelors degree from a university. Even if an employer isn’t familiar with the specific university, they are assured that any entity able to mint a Bachelor’s must comply with certain standards within the US; the government verifies the degree’s veracity.
This concept is core to SSI, but Sheldrake critiqued this baseline by contrasting the cryptographic rigidity of these structures to the malleable vulnerability necessary to truly build trust.
I cannot capture his arguments nor the exchange in a few paragraphs. In essence, words matter. And by choosing certain words, as Wittgenstein would argue, you are creating a certain reality. Sheldrake started with the words used by engineers to levy a deep critique that was largely well-received.