{"id":11054,"date":"2018-01-10T04:30:34","date_gmt":"2018-01-10T12:30:34","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/01\/10\/news-4825\/"},"modified":"2018-01-10T04:30:34","modified_gmt":"2018-01-10T12:30:34","slug":"news-4825","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/01\/10\/news-4825\/","title":{"rendered":"How blockchain makes self-sovereign identities possible"},"content":{"rendered":"

<\/p>\n

Credit to Author: Phillip Windley| Date: Wed, 10 Jan 2018 03:12:00 -0800<\/strong><\/p>\n

One of the curious constructions of the Internet is the term identity provider<\/em>. You don\u2019t need anyone to provide you with an identity, of course. You have an innate one by virtue of being human. Rather, so-called identity providers, or IDPs, provide you with an identifier, a means of recording attributes important to that provider, and some method of proving it\u2019s you \u2013 usually a password.<\/p>\n

This is not surprising since online identity has traditionally been viewed through the lens of an organization and its needs, not the individual and his or her needs. Identity systems are created to administer identifiers and attributes within a specific domain. The result: people end up with hundreds of online personas at hundreds of organizations. Each of these administrative identity systems is proprietary and owned by the organization that provides it; you really don\u2019t have an online identity that\u2019s independent of these many systems. Got a new address, or an updated credit card number? You\u2019ll have to deal with each of these systems one at a time in whatever manner they require.<\/p>\n

But what if you could do that in one place at one time? Sure, Computerworld<\/em>, Amazon, or whomever would still want to keep an account, and still need your updated address. But that account would be linked to an identity you provide.\u00a0 More importantly, it would be one you control<\/em>.<\/p>\n

This concept is called self-sovereign identity<\/em>. Self-sovereign identity starts with the notion that we all are the makers of our own identity, online and off. Because they do not rely on any centralized authority, self-sovereign identity systems are decentralized, mirroring the way identity works in real life.<\/p>\n

Offline, our interactions flexibly support the use of attributes and credentials from numerous third parties, all presented by the very person they\u2019re about, typically by taking those credentials out of a wallet or purse and presenting them to someone else to verify. For example, take a driver\u2019s license. States issue it as a credential that you\u2019re authorized to drive. But, it\u2019s useful for a lot more. When you show up at a bar and the bartender wants proof you\u2019re over 21, you show them your driver\u2019s license.<\/p>\n

Think about this for a minute and you\u2019ll realized that this is a minor miracle, at least compared to how online identity works. The bar has no legal contract, business relationship, or technical integration with the Department of Motor Vehicles (DMV). They didn\u2019t get anyone\u2019s permission. They just started asking people for their license. The person they\u2019re trying to verify gives them the credential. This works because the bar trusts the DMV to know your birthday. And the important information is packaged in a way that makes it easy to authenticate and difficult to forge.<\/p>\n

The offline world makes use of decentralized credentials that are granted to and conveyed by the person they\u2019re about. Identirati call these kind of third-party credentials claims<\/em> \u2013 claims that can be verified as authentic even when they\u2019re conveyed by the subject of the claim. These \u201cverifiable claims<\/a>\u201d are the heart of self-sovereign identity.<\/p>\n

Self-sovereignty doesn\u2019t mean that you\u2019re in complete control. But, it does define the borders within which you make decisions and outside of which you negotiate with others as peers. To continue the bar example, you get to decide what credential to present. The bar gets to decide what credentials it\u2019ll accept. It doesn\u2019t have to accept your driver\u2019s license. If the bartender \u00a0thinks it\u2019s fake, he\u2019ll reject it along with you.<\/p>\n

Self-sovereign identity works great in real life, where we carry paper or plastic credentials with us; it\u2019s been much harder to duplicate online. Online identity has suffered from five very real problems<\/a>:<\/p>\n

Self-sovereign identity systems solve these problems using decentralization and cryptography. Decentralized identity has been difficult because one of the core requirements of functional identity is discovery: if you give me an identifier, I need to look it up. In the past, this has always led to centralized directories, which led to centralized identity systems.<\/p>\n

But blockchain has changed all that.<\/p>\n

Self-sovereign identity systems use blockchains \u2013 distributed ledgers \u2013 so that decentralized identifiers can be looked up without involving a central directory. Blockchains don\u2019t solve the identity problem by themselves, but they do provide a missing link that allows things we\u2019ve known about cryptography for decades to suddenly be used. That allows people to prove things about themselves using decentralized, verifiable credentials just as they do offline.<\/p>\n

To see how this works, consider our example of presenting your driver\u2019s license to the bar. The DMV is the claim issuer and gives you, the claim holder, a digital representation of your driver\u2019s license. The DMV uses keys linked to their decentralized identifier on the blockchain to sign the claim so that it is tamper-evident and anyone who gets it can validate that it was issued by the DMV. You have a wallet to hold your claims and can use keys linked to a decentralized identifier that you control on the blockchain to countersign the digital driver\u2019s license. When the bar needs to see that you\u2019re of legal age, you can present the digital driver\u2019s license and the bar can verify that it hasn\u2019t been changed, that the DMV issued it to you, and you\u2019re the one presenting it. Everyone can use the blockchain to lookup decentralized identifiers and retrieve any associated public keys.<\/p>\n

Of course, any organization or person can issue whatever claims they want; you\u2019re free to store whatever claims you like in your wallet; and claim verifiers are able to choose what claims they trust. Decentralizing these choices ensures the flexibility necessary so that self-sovereign identity systems can be used for almost any purpose.<\/p>\n

To be self-sovereign, an identity system must have certain key features:<\/p>\n

Several self-sovereign identity systems exist now in various stages of development, including Sovrin<\/a>, uPort<\/a>\u00a0and Veres One<\/a>. Each of these supports decentralized, self-sovereign identity but differ in how claims are issued and presented.<\/p>\n

Self-sovereign identity is a relatively new concept and is undergoing rapid changes. Standards for decentralized identifiers and verifiable claims are being developed to provide interoperability. Ultimately, these systems should promote human dignity and protect the basic human desire for self-determination. As Joe Andrieu writes<\/a>: \u201cWhen we build interconnected systems without a core understanding of identity, we risk inadvertently compromising human dignity. We risk accidentally building systems that deny self-expression, place individuals in harm\u2019s way, and unintentionally oppress those most in need of self-determination.\u201d<\/p>\n

Implemented correctly, self-sovereign identity systems provide scalable, flexible, private interactions with consent despite the issues that distance introduces. More importantly, they support natural human activities without threatening the privacy or liberty of people who use them. This is a development we can all support.<\/p>\n

<\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Phillip Windley| Date: Wed, 10 Jan 2018 03:12:00 -0800<\/strong><\/p>\n

\n
\n

One of the curious constructions of the Internet is the term identity provider<\/em>. You don\u2019t need anyone to provide you with an identity, of course. You have an innate one by virtue of being human. Rather, so-called identity providers, or IDPs, provide you with an identifier, a means of recording attributes important to that provider, and some method of proving it\u2019s you \u2013 usually a password.<\/p>\n

This is not surprising since online identity has traditionally been viewed through the lens of an organization and its needs, not the individual and his or her needs. Identity systems are created to administer identifiers and attributes within a specific domain. The result: people end up with hundreds of online personas at hundreds of organizations. Each of these administrative identity systems is proprietary and owned by the organization that provides it; you really don\u2019t have an online identity that\u2019s independent of these many systems. Got a new address, or an updated credit card number? You\u2019ll have to deal with each of these systems one at a time in whatever manner they require.<\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[4314,5897,714],"class_list":["post-11054","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-internet","tag-privacy","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11054","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=11054"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11054\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=11054"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=11054"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=11054"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}