I had a great time with the the folks at RMIT on their Mint & Burn Podcast. Enjoy!
Radical Exchange Talk: Data Agency. Individual or Shared?
I had a great time on this Radical Exchange conversation
Podcast: The Domains of Identity and SSI
Quoted in NYT
I was quoted in this article about Tim Berner’s Lee and the Solid Project.
….“No one will argue with the direction,” said Liam Broza, a founder of LifeScope, an open-source data project. “He’s on the right side of history. But is what he’s doing really going to work?”
Others say the Solid-Inrupt technology is only part of the answer. “There is lots of work outside Tim Berners-Lee’s project that will be vital to the vision,” said Kaliya Young, co-chair of the Internet Identity Workshop, whose members focus on digital identity.
Human Centered Security Podcast
I was invited to join Heidi Trost to join her on my new podcast focused on Human Centered Security. We had a great chat focused on Self-Sovereign Identity.
You can find it here on the Web, Spotifiy or Apple Podcast
In this episode we talk about:
What Kaliya describes as a new “layer” to the Internet to support decentralized identity, much like how html or email supported what came next.
The importance of open standards.
How to build a “digital wallet” paradigm that makes sense to people.
What SSI means for businesses/business models.
Kaliya is the co-author of “Comprehensive Guide to Self-Sovereign Identity,” and author of “Domains of Identity.” She is also one of the co-founders of the Internet Identity Workshop, which brings together people to help develop open standards for ways people can own and control their digital representations of themselves.
Wired UK Profile
Last Year Molly Swartz a reporter who I first met via the MyData community talked to me about doing a profile and Wired UK said yes!
The article ran in their print edition and online. You can read here Wired UK and regular Wired.
I think it does a good job of reflecting the work that I have done and where we are now with these emerging technologies. It simplifies my journey to get to where I am now there is more to it and more nuance but for a 2 page article its fine.
Quoted in: Self-Sovereign Identity Explained
CoinDesk has a series that it is publishing that looks at different potential futures Internet 2030. One of them is Optimistic because Self-Sovereign Identity and Data Empowerment systems become mainstream and change the balance of power and dynamics in play with big tech.
For Self-Sovereign Identity Explained, Jeff Wilser interviewed several experts including me and I’m quoted in near the bottom of the article.
Presentation: At the STOA
Earlier this month I got to present at the STOA a forum with an amazing list of presenters and topics happening every day. Enjoy.
Podcast: Inclusionism with Kaliya Young, Author of Domains of Identity
I spoke with James Felton Keith, author and podcast host of Inclusionism, about my book, Domains of Identity. How do we manage our digital identity? What are the 13 domains of identity?
Listen to Podcast: Inclusionism with Kaliya Young, author of Domains of Identity.
Panel at RxC: Digital Identity: A look Ahead
I almost went to Brazil this year for the Radical Exchange conference. Instead it went virtual with 48 hours of programming. I had the pleasure of talking with Paula Berman (Democracy Earth) and Supriyo Roy (Idena). Each of us shared about different future looking identity projects/efforts we are involved in.
Co-Author: Intersectional Social Data
I co-authored this paper with Glen Weyl and Lucas Geiger.
Intersectional Social Data
In our previous three-part series, we motivated the case for decentralized identity systems, and exposed some of the current frameworks for implementing digital identity systems. In this piece we expose some of our collective research in Decentralized Identifiers (DID) and identity for emergent social structures. Finally we suggest further avenues of investigation and outcomes of the public goods of the internet post decentralized identity.
Presentation: to SWIFT Innotribe (the world’s bankers)
In September of 2019 I was invited to present to the world’s bankers at the conference run by the co-op at the center of the world’s banking system, SWIFT. The stage is fantastic 24m x 4m high. You can see SSI outlined in large details. I also cover big topics like the meaning of the word trust. Enjoy!
Acclaimed expert Kaliya Young, widely known as ‘Identity Woman’, explores the concept of self-sovereign identity (SSI) on the Innotribe stage.
New America India US Public Interest Technology Fellow
I traveled to India in the Winter of 2019 to study their National ID System Aadhaar. This is the paper that I wrote:
Key Differences Between the U.S. Social Security System and India’s Aadhaar System (Kaliya Young)
My Talk at New America on Self-Sovereign Identity & the Domains of Identity
The Future of Property Rights a program at New America just published a new report The Nail Finds a Hammer: Self-Sovereign Identity, Design Principles and Property Rights in the Developing World. I commented extensively on the paper before publication and they included the Domains of Identity within the report. It turns out that many of the Domains of Identity include registries. This whole perspective that registries as the root of many of our systems is very eye opening. Just like when one finds identity one sees it everywhere, it turns our registries are everywhere too.
Mike invited some key contributors to the paper to talk at New America. I presented about both Self-Sovereign Identity AND the domains of Identity … enjoy!!!
Presentation: MyData Global
In the summer of 2018 I was invited to give a keynote address at MyData Global. I took the opportunity to share the Domains of Identity (now a book) and weave them together with how Self-Sovereign Identity works and conclude highlighting the need for collaboration going forward.
Interview: Voices of VR Podcast
I got to speak with Kent Bye on his voices of VR Podcast. We were together at the DWeb Summit and that set the context for our conversation. I hadn’t listened to this interview ever until today – it is fun. I laugh a lot. Enjoy.
Kaliya Young (aka Identity Woman) has been working on digital identities for the past 15 years including helping facilitate the twice-a-year Internet Identity Workshop. These workshops lead to the Rebooting the Web of Trust workshops and the Decentralized Identity Foundation, which created a W3C specification on Decentralized Identifiers.
I had a chance to catch up with Young at the Decentralized Web Summit where we talk about the Decentralized Identifiers standards and the history of self-sovereign identity.
Digital Death a Matrix of Questions
I was invited to give a talk at Privacy Identity and Innovation about the Digital Death and the conference that has happened a few times Digital Death Day.
I chose to lay out a matrix of questions that have arisen from the work. Enjoy the talk.
Digital Death a Matrix of Questions and Considerations from Privacy Identity Innovation on Vimeo.
Authored: National! Identity! Cyberspace! Why we shouldn’t freak out about NSTIC.
This is cross posted on my Fast Company Expert Blog with the same title.
I was very skeptical when I first learned government officials were poking around the identity community to learn from us and work with us. Over the last two and a half years, I have witnessed dozens of dedicated government officials work with the various communities focused on digital identity to really make sure they get it right. Based on what I heard in the announcements Friday at Stanford by Secretary of Commerce Locke and White House Cybersecurity Coordinator Howard Schmidt to put the Program Office in support of NSTIC (National Strategy for Trusted Identities in Cyberspace) within the Department of Commerce. I am optimistic about their efforts and frustrated by the lack of depth and insight displayed in the news cycle with headlines that focus on a few choice phrases to raise hackles about this initiative, like this from CBS News: Obama Eyeing Internet ID for Americans.
I was listening to the announcement with a knowledgeable ear, having spent the last seven years of my life focused on user-centric digital identity. Our main conference Internet Identity Workshop held every 6 months since the fall of 2005 has for a logo the identity dog: an allusion to the famous New Yorker cartoon On the internet, nobody knows you are a dog. To me, this symbolizes the two big threads of our work: 1) maintaining the freedom to be who you want to be on the internet AND 2) having the freedom and ability to share verified information about yourself when you do want to. I believe the intentions of NSTIC align with both of these, and with other core threads of our communities’ efforts: to support identifiers portable from one site to another, to reduce the number of passwords people need, to prevent one centralized identity provider from being the default identity provider for the whole internet, to support verified anonymity (sharing claims about yourself that are verified and true but not giving away “who you are”), support broader diffusion of strong authentication technologies (USB tokens, one-time passwords on cellphones, or smart cards), and mutual authentication, allowing users to see more closely that the site they are intending to do business with is actually that site.
Looking at use cases that government agencies need to solve is the best way to to understand why the government is working with the private sector to catalyze an “Identity Ecosystem”.
The National Institutes of Health is a massive granting institution handing out billions of dollars a year in funding. In the process of doing so, it interacts with 100,000’s of people and does many of those interactions online. Many of those people are based at institutions of higher learning. These professors, researchers, post-docs and graduate students all have identifiers that are issued to them by the institutions they are affiliated with. NIH does not want to have the expense of checking their credentials, verifying their accuracy and enrolling them into its system of accounts, and issuing them an NIH identifier so they can access its systems. It wants to leverage the existing identity infrastructure, to just trust their existing institutional affiliation and let them into their systems. In the United States, higher educational institutions have created a federation (a legal and technical framework) to accept credentials from other institutions. The NIH is partnering with the InCommon Federation to be able to accept, and with that acceptance to trust, identities from its member institutions and thus reduce the cost and expense of managing identities, instead focusing on its real work: helping improve the health of the nation through research.
The NIH doesn’t want to use a cookie and doesn’t want to know who you are. They would like to be helpful and support your being able to use their library over time, months and years, in a way that serves you, which means you don’t have to start from scratch each time you come to their website. It was fascinating to learn about the great lengths to which government officials were going to adopt existing standards and versions of those standards that didn’t link users of the same account across government websites (see my earlier post on Fast Company). They proactively DID NOT want to know who users of their library were.
One more use case from the NIH involves verified identities from the public. The NIH wants to enroll patients in ongoing clinical trials. It needs to actually know something about these people – to have claims about them verified, what kind of cancer do they have, where are they being treated and by whom, where do they live, etc. It wants to be able to accept claims issued by third parties about the people applying to be part of studies. It does not want to be in the business of verifying all these facts, which would be very time consuming and expensive. It wants to leverage the existing identity infrastructures in the private sector that people interact with all the time in daily life, and accept claims issued by banks, data aggregators, utility companies, employers, hospitals etc.
These three different kinds of use cases are similar to others across different agencies, and those agencies have worked to coordinate efforts through ICAM which was founded in September 2008 (Identity, Credential and Access Management Subcommittee of the Information Security & Identity Management Committee established by the Federal CIO Council). They have made great efforts to work with existing ongoing efforts and work towards interoperability and adopting existing and emerging technical standards developed in established industry bodies.
Let’s continue exploring what an identity ecosystem that really works could mean. The IRS and the Social Security Administration would each like to be able to let each person it has an account for login and interact with it online. We as those account holders would like to do this – it would be more convenient for us – but we want to know that ONLY we can get access to our records, that that they won’t show our record to someone else.
So let’s think about how one might be able to solve this problem.
One option is that each agency that interacts with anywhere from thousands to millions of citizens issues their own access credentials to the population it serves. This is just a massively expensive proposition. With citizens interacting with lots of agencies, they would need to manage and keep straight different IDs from different agencies. This is untenable from a end-user perspective and very expensive for the agencies.
Another option is that the government issues one digital ID card to everyone ,and this one ID could be used at a bunch of different agencies that one might interact with. This is privacy-invasive and not a viable solution politically. No one I have ever talked to in government wants this.
So how to solve this challenge – how to let citizens login to government sites that contain sensitive personal information – whether it be tax records, student loan records, Department of Agriculture subsidies, or any other manner of government services, and be sure that it really is the person via an Identity Ecosystem.
Secretary Locke’s Remarks: The president’s goal is to enable an Identity Ecosystem where Internet users can use strong, interoperable credentials from public and private service providers to authenticate themselves online for various transactions.
What does a private sector service provider use case look like in this ecosystem?
When we open accounts, they are required to check our credentials and verify our identities under know-your-customer laws. People have bank accounts and use them for many years. They know something about us because of their persistent ongoing relationship with us: storing our money. Banks could, in this emerging identity ecosystem, issue their account holders digital identity credentials that would be accepted by the IRS to let them see their tax records.
The private sector, for its own purposes, does a lot to verify the identities of people, because it has to do transactions with them that include everything from opening a bank account, to loaning money for a house, to setting up a phone or cable line, to getting a mobile phone, to a background check before hiring. All of these are potential issuers of identity credentials that might be accepted by government agencies if appropriate levels of assurance are met.
What does is a public service provider look like in this ecosystem?
The Federal Government does identity vetting and verification for its employees. Homeland Security Presidential Directive 12 (HSPD-12), Policy for a Common Identification Standard for Federal Employees and Contractors directs the implementation of a new standardized identity badge designed to enhance security, reduce identity fraud, and protect personal privacy. To date, it has issued these cards to over 4 million employees and contractors.
These government employees should in this emerging ecosystem be able to use this government-issued credential if they need to verify their identities to commercial entities when they want to do business with in the private sector.
There is a wide diversity of use cases and needs to verify identity transactions in cyberspace across the public and private sectors. All those covering this emerging effort would do well to stop just reacting to the words “National” “Identity” and “Cyberspace” being in the title of the strategy document but instead to actually talk to the the agencies to to understand real challenges they are working to address, along with the people in the private sector and civil society that have been consulted over many years and are advising the government on how to do this right.
I am optimistic that forthcoming National Strategy and Program Office for Trusted Identities in Cyberspace will help diverse identity ecosystem come into being one that reduce costs (for governments and the private sector) along with increasing trust and overall help to make the internet a better place.[Read more…] about Authored: National! Identity! Cyberspace! Why we shouldn’t freak out about NSTIC.
On Social Web TV
I was down in Mountain View yesterday to appear on Social Web TV. I was a special guest as Chris and David were both at FOWA in London. We got to talk about the community process around the Internet Identity Workshop and Data Sharing events that has helped moved the standards for the open social web forward.
I hope you enjoy the episode – I clearly need to practice being on “TV” a bit more but hey – don’t we all.
Interview: Reality: this [OpenID] is big
Getting in the game on OpenID standards: A conversation with Kaliya Hamlin, Identity Woman was published today on Net Squared. Marshall interviewed me via e-mail and then wrote up this story. He does a great job of explaining how identity brokers work and how people can use identifiers within contexts.
The social web, Web 2.0 or whatever you want to call it, is supposed to be all about web services, interactivity and data portability. In this context, Open ID standards will be increasingly important.
Reality: this is big
I thought that big vendors considered it in their best interests to lock us in to their systems with non-open Identities. Kaliya says that’s no longer the case. “They are all getting that identity is a ‘commons’ that no one can own,” she says. “They are seeing the end of usefulness in approaching the world through silos. The whole corporate tech world is a big exercise in sticking things together…standards really make this less expensive.”