At one point in my career I would have been considered “non-technical”. This however is no longer the case. I don’t write code and I don’t as yet write specs. I do understand this technology as deeply as anyone can who isn’t writing the code can. I co-chair a technical working group developing standards for Confidential Data Stores in the Secure Data Store Working group a joint working group with the W3C CCG and Decentralized Identity Foundation.
So why do I push back on Philip and say you don’t understand the technology it is because he says things like this.
SSI cannot provide an ‘identity layer’ of the Internet any more than the Internet might be said to be missing a ‘truth layer’. Such deep and meaningful concepts manifest amongst human beings. They can’t be slotted into the technology stack alongside the likes of TCP/IP, UDP, and HTTP[6].
– THE DYSTOPIA OF SELF-SOVEREIGN IDENTITY (SSI)
It might be a surprise to you Philip but we have “an identity layer” that is used on the internet right now. It exists and billions use it every day (with standards we created out of the IIW community, Oauth and OpenIDConnect). The problem with it is two fold – companies own the identifiers we anchor our digitial representations of ourselves (our facebook account, google account, twitter account, github account [MSFT], amazon account, Apple ID) those companies own our identifiers – not us. So this isn’t really great for freedom and empowerment of people – we need an alternative to this.
We need open standards that solve a very technically difficult problem. We have succeeded and that took us over a decade of collective work + some new innovations like blockchains and mobile phones to finally have a new thing that might be a way to support people anchoring their digital representation of themselves – a DECENTRALIZED IDENTIFIER – were the “root of technical trust” is a private key that individuals themselves can control and manage on software on their own devices.
But just controlling meaningless identifiers doesn’t really solve the real business problems either. Being MickyMouse123 (or 300 character alpha numeric strings) doesn’t help a remote resident miles from a major city or a disabled person who can’t leave their home actually “do” meaningful transactions that require more sharing of information than that.
Todays systems of information sharing and proofing and checking that happen digitally involve massive networks of data brokers and behind the scenes sharing of information about people without their knowledge and consent. All of the services that do these things are companies you have never heard of because they operate behind the scenes in the background of the e-commerce and transactions online. They are inefficient, expensive, inaccurate and privacy invasive.
So another core component of the SSI technology is an open standard called verifiable credentials that supports institutions issuing credentials to people that say important meaningful things about them. And giving them the power and control to decide when and where and with whom to share this information.
So that instead of relying on this network of behind the scenes identity exchange and proofing that is operating at scale today and EVERY adult in a major industrialized country is already in – and those in the United States even worse then in Europe or Canada. With SSI we can disrupt that whole existing I would argue disfunctional “identity layer” owned by private corporations and bringing the needed functionality into the realm of open standards that literally change the game for all the parties involved. Lets be real up until recently the only way you could connect to many government services as a citizen was to go through a Knowledge Based Authentication challenge (you know where they ask you about your mortgage payment amount or the streets you have lived in in the past).
With SSI people have the power to share relevant information under their control. They get to sidestep ridiculous, insecure and dangerous information flows that make up the current system.
With SSI those relying on the information and who “verify” meaning check the cryptographic signatures on the credentials – get to have confidence what was shared with them was not tampered with and they also get to stop needing to use those private data broker driven “identity proofing” services that are creepy (excuse my language) as fuck.
With SSI Issuers those who assert things about people (like universities saying who got a degree from them) get to share this with the actual subjects, their students, who got the degree and not be asked again and again by third party proofing companies If something is true. They can also reduce impersonators those who claim a degree but don’t actually have one – because now folks need to prove its real not just assert it.
So just like e-mail is an open standard for communicating between people. Oh right.. that layer for people communicating. Turns out its hella insecure and super subject to spam. So with the new decentralized identifiers we can create peer-connections. Decentralized Identifier powered secure tunnels between people (or between people and organizations) that mean new amazing things could be possible. Think of SSI as enabling e-mail on steroids. There is a community very hard at work building out this technology called DIDComm and then working on the protocols on top of that. Protocols for all sorts of things humans already do with each other in kinda hacked ways on the infrastructure we now have. So like I have been saying if you want to influence and shape the types of protocols and norms that get build for exchanging information on top of DIDComm by all means dive in and co-create.
No one is proposing a “truth layer” of the internet. So why you bring that up is sort of orthoganal. We are working on protocols for people to own their own identifiers as an alternative to what is happening NOW – google, facebook, twitter et al owning them AND what is coming that our identifiers for the internet will be assigned to us by governments.
As an aside – some are working on solving trustworthiness problems using the tech. My good friend and the person who is responsible for my working in this field in the first place Jim Fournier is building a new application called Tru that tracks provenance of information as it moves through social network – all based open standards of decentralized Identifiers and JLINC. Again – that is a protocol they are open to others using to build other systems and building mutually interoperable networks that permit provenance to be seen when looking at online information. That network is also not oriented around individuals networked together as “individuals” as young men who were given the $$ by profit motivated VC to build our current technology stack and proprietary “identity layer” – but rather groups of people and supporting group filtering and sharing that I think has some amazing properties that I hope can transform how we people interact together on the internet.
This is the 2nd in a whole series of posts that continue the critique.
Bonus – Why my expertise is radically interdisciplinary and not focused solely on “information technology” cause that is always a reason to not listen to something a woman is saying.