• Skip to primary navigation
  • Skip to main content

Identity Woman

Independent Advocate for the Rights and Dignity of our Digital Selves

  • About
  • Services
  • Media Coverage
  • Podcast
  • Blog
  • Contact
  • Show Search
Hide Search

Big Ideas

IAPP Event: An Intro for Data Privacy Pros to Self-Sovereign Identity

Ali · January 12, 2023 ·

An event hosted by the International Association of Privacy Professionals (IAPP) asked me to give a talk on the subject of self-sovereign identity and provide a foundational overview for privacy professionals.

The following are some of the primary issues discussed throughout the event:

  • Exactly what it means to have a self-sovereign identity.
  • The direction in which the space is moving.
  • What privacy professionals need to know.

The Panel was put together by Katharina Koerner, the Principal Technology Researcher at IAPP. Myself, Dominique Beron CEO of walt.id and Kristina Yashuda, who does Identity Standards at MSFT.

Kailya, Kristina, Dominique, Katharine

Self-sovereign identity (SSI) is essentially a fresh take on digital identity solutions. Its goal is to empower users with additional options in managing their online identities and in deciding how much of their private data to make public.

In this manner, the self-sovereign identity technology provides assistance for the data reduction and purpose restriction tenets of privacy.

Simply click this link to see the whole video.

Forbes Quotes me on Social Media’s Future considering Safety & Identity

Ali · January 7, 2023 ·

I was cited in an article that was published in Forbes. The article was part of a series that was assessing the activities of 2022 on Twitter, the crazy policies of a new CEO, and the ramifications on the future of social media.

The article’s central emphasis was on the question of whether or not, in the near future of social media, users can feel secure while maintaining their individual identities.

I was quoted in the following lines as part of a discussion on the pros and cons of maintaining anonymity and pseudonymity online:

“Kaliya Young, Identity Woman, recalls an incident with Kathy Sierra, a female blogger and game developer, who in 2007, experienced death threats online and finally gave up her tech career, withdrew from the blogosphere and from online life. Following that incident there were calls to create blogger codes of conduct to stop this online violence against women.”

“’Look, if the first bad instances of online violence against women were treated seriously and the perpetrators that were not known were held to account then we would be in a different place [today]. They were not.’ Weeve, the pseudonym, of the hacker and self-described neo-Nazi and white supremacist responsible for posting false information about Sierra, had gone unpunished. As per Young, ‘He should have gone to prison for that. I was at the conference when they got up and said Kathy isn’t here because of death threats! It affected my life as a woman working in technology. Instead, he was left alone and went on to commit more acts of terrorism.’”

About the other side, you may find me in the following lines, where I’m contributing to a discussion regarding the importance of transparency and verification:

“Young stresses that it will take ‘time, rigour, investment and a proportionate approach’ to see the payoff. She points out that there is also a middle ground and it’s possible to implement speed bumps to make it less appealing for bad actors to exploit a poorly designed platform. ‘Designing a social media platform with possible consequences including, but not limited to privacy and security risks in mind (like One Dot Everyone, a consequence scanning tool), can improve the design while exploring alternatives to identity verification. Privacy Impact Assessments and Human Rights Impact Assessments will also go a long way to mitigate risks.’”

“Young questions the process for verification. Who will decide a person is who they say they are? Given her work in the Identity space, development of a trust framework should be leveraged to deal with the complexities of identity verification. But it continues to call into question what individuals or groups are responsible for defining the rules for verification?”

“Young professes that Identity has its place online but argues that the systems including the governance layers need to be in sync. ‘So men like Galloway and Haidt can go on about this ‘real name’ stuff all they want. Until the systems they built actually work as claimed and that men who use their real names and are known will be held to account, then what business do they have suggesting that?’”

Now, the purpose of this section is to provide a response to the following question: will technology save us? In the passage that follows, I am referenced as follows:

“Social media accounts have been around for a long time and Young makes clear they are, for the most part, run and managed by real people, attached to other real identities online that have more credibility: I think that analog is the new digital – meaning people will seek out and connect and value time with each other in person.”

Lastly, I am cited in the following lines on the remark that identity verification on social networks does not compute or make sense:

“As per Young, identity needs careful and thoughtful consideration:

There is a difference between the platform knowing who someone is and the whole world knowing the same. Who is enforcing what type of ID? Like Doctor, Young signals the marginalized, and those who have been suffering the abuse on the platform for over a decade. The rules for verification need to incorporate the varying definitions of identity that include cultural, general and local perspectives.”

You can read the full article here: https://www.forbes.com/sites/hessiejones/2023/01/04/will-the-future-of-social-media-mean-the-coexistence-of-safety-and-identity/?sh=5851ac587fba

Seeing Self-Sovereign Identity in Historical Context

Kaliya Young · June 21, 2022 ·

Seeing-Self-Sovereign-Identity-in-Historical-ContextDownload

Abstract

A new set of technical standards called Self-Sovereign Identity (SSI) is emerging, and it reconfigures how digital identity systems work. My thesis is that the new configuration aligns better with the emergent ways our social systems in the west have evolved identity systems to  work at a mass scale and leverage earlier paper-based technologies.

To make this case  I trace two different histories. The first follows the ways in which  identities were designed and managed in computer systems.  The innovations in SSI are a major breakthrough in the design of computer identity systems. The second history examines the evolution of paper-based identity systems that emerged in Europe. This section integrates  recent scholarship about the emergence of a particular social-psychology that came with  the first paper-based identity documents. This work explains what paper based identities meant and why they were accepted and made sense to people. The last section of the paper brings these two histories together and explains why the underlying technological design of SSI aligns  with Western liberal democratic values in a way that the earlier digital identity systems designs do  not.

Introduction 

Developers and policymakers think about social and technological systems as a given in the present moment. The assumption that current systems are a given applies to paper-based identity systems, digital identity systems, and the social systems that we relate to and use to form our identities. This paper adopts a materialist approach that sees all things as the result of processes.  

The first section of the paper reviews the basics of Self-Sovereign Identity (SSI) technology for readers unfamiliar with it —however, it is not intended to be a history of how SSI developed. 

The second section of the paper provides a view of how digital identity systems have evolved since the emergence of computers. This section makes critical differences between those earlier systems clear for non-experts. For example, the new self-sovereign identity systems reduce the inherent opportunities for tracking and, therefore, the privacy risks of earlier digital identity systems and the current dominant technical architecture of enterprise identity and access management. 

The third part of the paper looks at the history of paper-based identity systems that are in widespread use today. It explains  how they work and why they make effective trade-offs between accountability and visibility across systems. This section begins tracing  this history further back than most other accounts —beginning with the actions of the Catholic Church around 500 CE. This section integrates  recent scholarship about the emergence of a particular social-psychology present when the first paper-based identity documents were created. It explains they were accepted and made sense to people. It also walks through scholarship that tracks the material evolution of paper identity documents from when they first appeared to now.

The fourth section of the paper explains how SSI technologies differ from other models of digital identity management—particularly Enterprise Identity, Access Management, and the consumer IdP models. The primary difference is that SSI provides a way to express high confidence digital credentials in a digital format without anchoring identity information to identifiers such as network endpoints under the control of the state or some other corporate entity. SSI provides a way to restore the qualities of paper-based documents in the digital world: once issued to the individual, documents are under his or her control. Individuals can show their documentation to whomever they choose. In addition, SSI improves the efficiency and security of earlier identity systems by limiting the information that individuals must reveal to verify aspects of their Identity.

I am a practitioner who works day in and day out with technologists, business leaders and policy makers. I work in communities full of sincere people working hard to develop good designs for emerging digital identity systems. I am a “natural academic” and have read extensively across a range of disciplines, including those focused on systems design and understanding, and use my literacy in these areas in this paper.

The paper explains the underlying systems design of both paper-based and digital identity and explores qualities of each in a historical context. This includes exploring them both on their own and together where they intersect  in the real world as SSI-based systems designed by Western liberal democracies (New Zealand, Canada, United States, European Union). r.   

One can not reasonably write about identity without at least acknowledging the philosophical questions of identity. These have likely existed since human beings first achieved consciousness. We find them throughout all cultures in our myths, stories, religions, and philosophies. The primary questions being asked: “Who am I?”, “Am I more than just my body?”, and so on. I am setting aside these legitimate paths of exploration, choosing to ground human identity in a historical materialist approach. This approach sees “all structures that surround us and form our reality (mountains, animals, and plants, human languages, social institutions) as the products of specific historical processes.”

Before proceeding, I must emphasize that everything in this historical materialist tradition results from a process Every “thing” that you can point to, that you can identify, results from emergent processes over time. Our lives as human beings in bodies are the result of processes. The artifacts we create to point to or identify people in the complex society we live in—such as “identity documents”—result from these processes. Identity is a process. 

When discussing “identity,” the physical things identified seem central; however, the historical processes that shaped the document or technology used to express it are often forgotten . Documents containing “identity information” result from historical decisions, accidents, and innovations that helped organizations function. Both a human person and their identity documents have a physicality, but how they came to be, the process of their creation, is as important as their “thingness.” 

I introduce this anchoring frame of understanding historical processes because I will use it throughout the paper to explain the processes of various identity systems. By looking at processes, crucial differences between these systems can be seen and understood. If one simply looks at the “things” or resulting artifacts, the differences are less obvious. Different identity architectures are arrived at through processes that have different implications for people and interact with the power relationships between people and organizations.

Self-Sovereign Identity Technology

The following is  a brief, overview of SSI. It is not a history.  For that I recommend Chapter 16 in the Self-Sovereign Identity book. This section covers the basic architecture and core standards of SSI so that: a) the contrast between SSI and other systems can be discussed in the technology section, and b) the appropriateness of SSI to replace paper-based identity documents can be explored in the final section. 

Verifiable Credentials

Verifiable Credentials (VCs) is a World Wide Web Consortium (W3C) specification that defines a universal data format for digital credentials and how to share proofs of their authenticity. A credential can assert anything that an entity wants to assert about another entity and is adaptable for many purposes. An example of a government issued credential is a birth certificate. An example of a credential from civil society is a professional association membership; an example of a commercial credential is a loyalty card from a store; and an example of an employment credential is an employee badge. 

Figure 1. Verifiable Credentials diagram from the W3C specification. 

The issuer of the credentials and the receiver of the credentials (Verifier) do not need to directly communicate because of the clever use of public-private key cryptographic technology. The Issuer uses their private key to seal the credentials before issuing them, as structured data, to the Holder. The Holder stores these credentials in their Digital Wallet. As with a physical wallet, the Holder can choose to present the Verified Credentials stored in their Digital Wallet to anyone. 

When the Holder of the credential wants to present them to any receiver/acceptor (called a Verifier in this model), the Holder sends over a verifiable credential presentation. Then, using the Issuer’s public key, the Verifier runs a mathematical computation to check that the data structure originated with the Issuer, who controls the requisite private key associated with the public key, and that it has not been altered. The Issuers share public keys widely (sometimes via blockchain), so the Verifiers can use mathematical calculations to verify the authenticity of the Holder’s verifiable credential. 

Since the initial compilation of version 1 of the Verifiable Credential specification (2018), developers have expanded its effectiveness to better preserve privacy. Holders can now present particular pieces of information instead of the entire credential. So, a Holder could, for example, show just their age in years and not their birthdate. Or, a Holder could prove they served in the military but not have to share in which branch they served  or the dates of their service. Or, a Holder could prove they were a student at a particular school but not reveal their student number. This type of sharing is called selective disclosure. 

Decentralized Identifiers

A management application and associated storage are needed to support the exchange of Verifiable Credentials and cryptographic key materials associated with the Issuer. The application also has to leverage cryptographic key material generated and managed by the Holder, but never stored with anyone. 

The management of this type of material is difficult. Earlier systems used special key registry services that published the public key associated with a particular email address. People who wanted to send a cryptographically secure email to a given address could use the public key associated with the sender’s email address. To decrypt a message from a particular sender, the receiver would look up the sender’s public key and know that it came from that sender. The scale of key management for a Verifiable Credentials system is vast.  A database, like the MIT key server, or a website, like keys.openpgp.org, does not scale,    Relying on such a centralized service would make the system brittle and vulnerable..

On top of that, keys associated with an email address are anchored to a globally centralized system. Innovators of SSI technology decided to store, and manage, keys in a way that is both scalable and accessible but not controlled by a centralized authority. 

Developers need to provide users with persistent identifiers and pointers to cryptographic keys. Still, administrators also need to reassign different keys to an identifier when updating content that those keys unlock. Developers cannot store cryptographic keys in a fixed database assigned to an email address, like the MIT key database described above. Developers need to find another level of abstraction, so that the cryptographic keys can be rotated over time in relation to persistent decentralized identifiers. Blockchains collectively manage databases (either permissioned or permissionless) that once written are not erasable. Although Verifiable Credentials can be issued without decentralized identifiers or blockchains, together both of these innovations provide a beneficial common standard for sharing keys in a resolvable way. Here is a description from the W3C Standard.

Decentralized identifiers (DIDs) are a new type of identifier that enables verifiable, decentralized digital Identity. A DID identifies any subject (e.g., a person, organization, thing, data model, abstract entity, etc.) that the controller of the DID decides that it identifies. In contrast to typical, federated identifiers, DIDs have been designed so that they may be decoupled from centralized registries, identity providers, and certificate authorities. Specifically, while other parties might be used to help enable the discovery of information related to a DID, the design enables the controller of a DID to prove control over it without requiring permission from any other party. DIDs are URIs (Uniform Resource Identifiers) that associate a DID subject with a DID document, allowing trustable interactions associated with that subject.

Each DID document can express cryptographic material, verification methods, or service endpoints, which provide a set of mechanisms that enable a DID controller to prove control of the DID. Service endpoints enable trusted interactions associated with the DID subject. A DID document might contain the DID subject itself—that is, if the DID subject is an information resource, such as a data model.

This [specification includes] a common data model, a URL format, and a set of operations for DIDs, DID documents, and DID methods.

Figure 2. The diagram of the relationship between key components of a DID and DID Document from the W3C DID Specification. 

Decentralized identifiers sit in stark contrast to earlier systems of identifiers that were permanently anchored in either globally managed registries (e.g. Domain Names in the DNS via ICANN or Phone numbers via the ITU-T) or within private namespaces such as usernames at websites (within the domain name system), Twitter handles, or Instagram handles.  

The Decentralized Identifier is a breakthrough in technical architecture that centers control of the identifier within an entity itself (via the software it controls). Identifiers do not need to be assigned by some outside issuing authority; the entities themselves can generate identifiers. Ownership of these identifiers can be proven independent of any “issuing authority.” This proof is achieved by using the properties of public-private key cryptography. 

Decentralized Identifiers do not have to be stored on a blockchain to be valid. The public keys associated with a DID, created and owned by any entity (person or organization), can connect to any other party. Pair-wise, these connections can be unique to the two parties. A specification under development called DIDComm will standardize this type of communication. 

DIDComm sits in contrast to several antecedent technologies, like the cryptographically secure email via PGP. Email via PGP publishes an associated public key, in a publicly accessible way, on a key server. All messages sent  to that address use that key, making it non unique per connection. DIDComm is also distinct from widely used messaging applications that use unique keypairs per connection, like WhatsApp, Signal, and Telegram. These applications avoid user names/identifiers and “cheat” by leveraging phone numbers as a persistent identifier that can identify users in the network. They also do not exchange unique keys per connection with other parties – but rather have a singular public key they share and use for all their connections.

The Historical Evolution of Identity in Computer Systems 

The earliest computer systems were developed and used by business enterprises or organizations, like research institutions. The first computer systems, like the Colossus and Eniac, were created in World War II. They were so rudimentary that there was no need for a “user account.” Shortly after that, large mainframes were developed  to support more than one user interacting with one computer system. Developers invented user-names and passwords to manage access. As a logical next step, the ability to write messages to other users of the same mainframe computer was invented by those early users. These messaging systems were the antecedents of email.

In the 1970s, with the creation of the ARPAnet, large computer systems began to link together by a protocol stack called TCP/IP. By using these connections, users could send messages between computer systems in different cities. Because messages could be transmitted between people in different locations, standards were developed to manage those messages. The standard for transferring messages between computer systems on the Internet is the Simple Message Transfer Protocol (SMTP), which is still in widespread use because it creates a way for anyone with an email address to send a message to anyone else with an email address. These early ARPAnet users began a naming system so that human-readable names could be mapped to Internet Protocol (IP) addresses, making email usable for people. Addresses took the form of “user name_@_institution name_._type of institution_.” By default, messages are not encrypted. In the 1990s, PGP key servers were developed to add encryption.

As computer systems within the enterprise became more complex, multiple programs ran on a single large system. Eventually, users needed a single login that would let them access a whole variety of services included in  enterprise systems. This led to protocols to manage the complexity of the enterprise. LDAP (Lightweight Directory Access Protocol) supported the maintenance of directory services so that information about users could be used throughout the enterprise. 

Another protocol called SAML (Security Assertion Markup Language) supports federated authentication and authorization both within enterprises and potentially between enterprises. SAML helps manage who has access to what systems. These internal federation architectures, using SAML and LDAP, were the dominant methods of identity management because they made sense in the context of enterprise computer systems. 

These digital Identity management solutions emerged within social and cultural power structures, like employment, where having control “over people” by controlling their identifiers aligned with the power to hire and fire them. Employees did the work for the enterprise—they were not a free persons acting in a social universe of peers and associates or as business customers. Because these original architectures were well-established beginning in the 1990s and solidified in the early 2000s, they shaped the thinking of many identity management professionals about how identity management in the digital realm could be done. 

The architecture of assigning users an identifier and managing it for them was first used not for the consumer internet, but within enterprise systems. A whole field of enterprise identity and access management arose before the web even existed. This control architecture is still widespread and makes sense relative to the inherent power relationship between employees and employers. Companies hire employees to do work. In exchange for that work, they are paid wages. When an employer is not happy with an individual’s work or simply does not have enough work to be done, they will let an employee go. This dynamic of hiring and firing is designed to meet the needs of the enterprise. 

When the employee’s work involves interacting with a computer system, it makes sense that the employer provides access to that computer system. This assignment is made via an identifier/employee number assigned by the employer to that employee. The employee could leverage a shared secret (password) when seeking to access the system doing what is called authentication and then given authorization. Then when the employee no longer works for the company, this digital representation for the employee in the enterprise system should be terminated so they can no longer access the systems – authorization is denied. In other words, access to the system should end for the person who is no longer an employee.  These control structures are part of the original enterprise identity and access management. 

When the first consumer internet arose, companies like AOL and Compuserve offered accounts to users. Social media companies still use this  same system today. Users get this type of identifier when they go to a new service and choose a username within a service’s namespace. This identifier sits within the issuer’s namespace and domain of control. This means that the issuer can terminate the subject’s access to that service’s namespace. 

After picking a username, the user chooses a password. The password is thus a shared secret that both the user and the service know (but no one else). Finally, when the user asserts they are the entity in control of a given username, the service challenges them to also present the shared secret (i.e., the password). In recent years, there has been a push to support the wider adoption of additional authentication factors, some of which use cryptography (like RSA tokens or Yubikeys). However, the process of two or three-factor authentication still involves proving control of an identifier managed by the Identity Provider. 

Figure 3. This diagram shows a Sole Source Topology for Identity where the individual gets new separate accounts for every service they interact in—resulting in individuals having dozens if not hundreds of different accounts at different services and needing to manage just as many user-name and password combinations. 

This way of managing identity has architectural control properties quite similar to the enterprise control over employee accounts. Federation expands the use of the identifier beyond the one site or service. Services known as Relying Parties encourage new and returning users to leverage an account from another service. These Relying Parties require that users prove they have control of an identifier on that service. Once control is proven, the users gain access to the Relying Party’s site. A standard called OpenID was invented at a conference facilitated by the author to support this type of transaction. It led to the proliferation of “sign-in with” buttons, which let users use their Facebook, Google, LinkedIn, Twitter, Github, or other ID to log into a range of websites.  

Figure 4. The flow of an OpenID Connect connection that has an Identity provider. 

While this model, in theory, leads to a variety of Identity Providers, in practice, very few emerged because of the “NASCAR Problem.” Only a few Identity Providers can fit on a given login screen, so users have very few choices for Identity Providers. 

Self-Sovereign Identity technology stands in stark contrast to its antecedent technologies:  topologies  of single-source identity and identity federations. SSI differs from earlier digital identity systems because the receiver/accepter of a credential can be assured of its veracity without directly connecting to the issuer. Receivers don’t have to make a phone call to check a document, and they don’t have to establish a technical federation using a protocol like SAML or OAuth to ping a database of the issuer. 

It is also worth comparing these digital technologies with the embodied Identity of humans. As human beings navigate a social world in physical space, they show up in their physical bodies, associated clothing and are recognized by others. In effect, their bodies and clothes are an “authentication factor” because our memory of people is tied to their physical form. When the physical world’s social, human process in the physical world is translated into the digital world, identifiers are assigned to people by organizational entities that ultimately have control over those identifiers. This means that people are becoming disconnected from their social world, where Identity is individually asserted and socially recognized. The platforms that host, manage, and control our digital identifiers are within their rights to delete our digital identities and even reassign our identifiers to others. We are not free people in these systems because we are directly under the authority of these mega identity providers.

Figure 5.  This diagram shows how the identity providers dis-intermediates individuals from other organizations they connect with by logging in via their Identity Provider.

All the social platforms like Facebook, LinkedIn, Instagram, and Twitter manage their own name-spaces. These platforms also own the connections between the people who have accounts on their services. This means that the social fabric of our society, translated into the digital realm, is owned by these platforms and not by us—the people who are connecting to each other. 

DIDComm, explained above, can provide an alternative to this control architecture. With this new Self-Sovereign Identity technology, we the people own (via software we control) the digital identifiers we use to connect to other people. With SSI, we control and own our social connection, as expressed in the digital realm. SSI technology provides a reclamation of the social, digital commons from its enclosure by the mega-Identity providers like Google and Facebook.

Figure 6. The timeline of key points in the development of computer/digital identity systems from the first computer systems to the present day.

Contemporary Institutions and Paper-based Identity Documents 

This section looks at two phenomena: the origins of contemporary institutions and the origins of identity documents in relation to those institutions. Their histories are woven and interrelated. I am taking this approach because identity documents issued by various institutions are taken for granted, and it is assumed that “it was always this way.” Several years ago, a gentleman who works with the UN was on a panel at a conference asserting that “states have always issued identity documents to people.” This can seem true because, in our living memory, it has always been so. However, I had to pipe up as a ‘panelist from the floor’ to remind everyone that, in fact, the passport system was only started 100 years ago. It has emphatically not always been this way. So how did it come to be? 

Colin Koopman wrote in How We Became Data: A Genealogy of the Informational Person: 

I suggest that bringing the politics of information into view requires extending the scope of our historical analysis to the period preceding wartime information sciences and the postwar information theory to which they gave rise. 

Koopman, C How We Became Our Data: A Genealogy of the Informational Person

His book has a whole chapter about the origins of the bureaucratic birth certificate system we have today; his book looks at the history of forms and processes used in the US between 1913 and 1937. For this historiography, I want to push the timeline back even further to consider deeper questions about why systems of birth certificates and other forms of documentation appeared in Europe centuries earlier. I believe that we have identity documents because we have non-kin-based institutions that require identity documents to function. These two things – documents and institutions (which have governance mechanisms) – together help create complex networked contemporary society and, below, I make this argument in several different ways. 

I am drawing on recent scholarship highlighting the key emergent processes that created 1) new institutions in Europe and 2) the social psychology of people who saw themselves as “individuals” with “identities” of their own relative to these institutions. Identity systems created  by institutions predate any digital systems by millennia. Moreover, these pre-digital identity systems have a material logic informed mainly by the physical reality of paper, which was the available technology substrate to manage these systems.  

Many histories of modern identity systems often begin in the Middle Ages with letters of introduction, then move on to birth certificates, census receipts, and citizenship papers. We will get to that history. However, it is worth asking, “Why did these technologies of Identity make sense to the people who adopted them?” and “What happened in the preceding thousand years in Europe to make this technology of identity documentation acceptable?” 

To get at this more in-depth history, I draw on Joseph Henrich’s book The Weirdest People in the World. In it, Henrich describes cultural forces that were set in motion by the Catholic Church beginning in the 500s. Beginning around this time, the church imposed a marriage and family program (MFP) that banned cousin marriage. This eventually extended all the way to 7th cousins—they had the tools to do this tracking back seven generations (or 140 years) via baptismal records or logs. This documentation of who was baptized served as a precursor to the state issuance of birth certificates.  

As part of MFP they imposed other norms that prohibited close family members who were not blood related from getting married. My sisters husband is my brother-in-law. This term originates from the MFP and comes from this time – it was in church law that one was considered a brother. If my sister died and my brother-in-law wanted to marry me he would be prohibited from doing so even though we are not blood relatives but relatives according to the law (of the church).  

Keeping records to avoid cousin marriages, while an interesting antecedent to birth certificates, does not explain the cultural shifts that lay the ground for people thinking of themselves as individuals. The breakup of cousin marriages effectively broke apart intensive kin-based institutions that linked people together based on family ties. Without these kin-based institutions “to organize production, provide security, and endow people with a sense of meaning and identity, individuals were both socially compelled and personally motivated to relocate, seek out like-minded others, form voluntary associations, and engage with strangers.” 

As kin-based systems broke apart over hundreds of years, people moved to towns and cities and joined religious institutions like monestaries in much larger numbers beginning in the 10th and 11th centuries. It was in these places that proto-WEIRD psychology emerged, involving

analytic thinking and non-relational morality. These changes favored the development of impartial rules that granted privileges and obligations to individuals, while also creating impersonal mechanisms for enforcing trusts such as accounting records, commercial laws, and written contracts. The new social organizations created new ways for human social groups to be organized and operated that were not based on kinship ties. There was experimentation, and other institutions copied and spread good ideas.

 Below are the core elements Henrich describes as defining WEIRD psychology: 

1. Analytic thinking: This grew in importance as people navigated the world of “individuals” rather than dense familial interconnections, reducing the importance and value of holistic thinking. 

2. Internal attribution: As social life shifted to the individual, “traits like dispositions, preferences, and personalities as well as mental states like beliefs and intentions became important. Soon lawyers and theologians even began to imagine that people had ‘rights.'”

3. Independence and nonconformity: “In a society with weak kin ties and impersonal markets,” individuals focused on their uniqueness rather than venerating ancient wisdom and elders. 

4. Impersonal prosociality: With life being governed by impersonal norms for dealing with strangers, “people came to prefer impartial laws that applied to their groups or communities (their cities, guilds, monasteries, etc.) independent of older social relationships, tribal identity, or social class.” 

As beliefs and values changed, the material possibilities in people’s lives did too. As a result, new opportunities emerged for how society could be organized.  

“As intensive kin-based institutions dissolved, medieval Europeans became increasingly free to move, both relationally and residentially. Released to choose their own associates—their friends, spouses, business partners, and even patrons… Constructing their own relational networks opened a door to the development and spread of voluntary associations, including new religious organizations as well as novel institutions such as charter towns, professional guilds, and universities.”

Henrich, JosephThe WEIRDest People in the World: How the West Became Psychologically Peculiar and Particularly Prosperous, 2020. 

When looking at these slow, but over-the-long-run significant, social shifts, we can ask: “Why did identity systems of institutions emerge when they did, and why did people choose to adopt these technologies?” Because these newly emergent assemblages were not defined by familial/genetic ties, people needed to find ways to support defining who had entered the boundary of the institution. The institutions needed tools to remember who was part of the institution and who had left. E.g.: In the case of guilds, knowing who their members are; in the case of towns, knowing who residents are; in the case of the military, knowing who makes up the soldiers in military units; or in the case of hospitals, knowing who the medical patients are. The one technology available to do this was a paper-based record-keeping system. This commonly took two froms : log book lists or cabinet files. Both ways involved keeping track of who was in a social formation. These systems could also involve a letter or certificate given to the person themselves. In the case of university, institutions needed to track students as they matriculated through the institution, verify those students graduated from an institution with a degree, so they communicated that via paper certificates with the seal of the institution. 

This process of identity formation and boundary creation is not unique to human social systems, institutions, or assemblages, but also part of how biological networks function. 

Social networks exhibit the same general principles as biological networks. There is an organized ensemble with internal rules that generates both the network itself and its boundary (a physical boundary in biological networks and a cultural boundary in social networks). Each social system—a political party, a business organization, a city, or a school—is characterized by the need to sustain itself in a stable but dynamic mode, permitting new members, materials, or ideas to enter the structure and become part of the system. These newly entered elements will generally be transformed by the internal organization (i.e., the rules) of the system.

One way that these boundaries are created and sustained was via paper-based identity systems, and the rules of the organizational assemblies, in turn, shaped how identity systems were operated and  managed.  

“What processes stabilize and maintain the Identity of these assemblages? The spatial boundaries defining the limits of an authority structure are directly linked to its jurisdiction[…] The stability of these jurisdictional boundaries will depend on their legitimacy as well on their continuous enforcement.”

I argue that one of the processes and technologies that arose to stabilize and maintain the identity of these assemblages is paper-based identity systems. Because authority or governance was not based on kinship ties with these new organizations, they “had to decide how to govern themselves in ways that were both acceptable to current members and capable of attracting new members in competition with other organizations.” They did so by “developing laws governing individuals [and thus] developed well-functioning representative assemblies.” 

So, the need to manage who was in and out of these institutions also led to the emergence of novel governance systems because these new institutions emerged and innovated new mechanisms to define their boundaries and membership. This development laid the groundwork for the development of systems of democratic governance, which in turn also required a method of knowing  who was in the organization or assemblage. Today, we see that one of the hallmarks of democratic election systems is the publicly available voter rolls of who can vote and, once the election is completed, who actually voted. 

These systems of people interacting beyond their own kin lead to the emergence of pre-capitalism that developed “a growing repertoire of social norms and organizational practices [that] were cobbled together, described in charters, and formulated into written laws. Lex mercatoria, for example, evolved into commercial law.” These activities meant that strangers were doing business with strangers using contracts to access justice. To get this all to work, the parties with a contract must have a way to express their identity in the contract—one that is recognized by other individuals operating within the context—so they could, if need be, turn to those outside of the contract to help resolve disputes and manage enforcement. In Europe, this need for clearly expressing identity required  various paper-based documents that established Identity and included practices that emerged first around seals. In time seals  evolved to personal signatures that represented individuals’ decisions in a concrete form on contracts.  

Identity systems also serve a mechanism of cultural and meaning transmission over time. Social networks of humans interacting with each other exhibit the same principles as biological networks. “Culture is created and sustained by a network (form) of communications (processes) in which meaning is generated. The culture’s material embodiments (matter) include artifacts and written texts, through which meaning is passed on from generation to generation.”

For pre-digital identity systems, some of the artifacts used to construct meaning are paper documents related to identity information. These documents arise from the processes that institutions implement to create them. There were local authorities that registered births and issued birth certificates so that authorities could prove how old a child was (to prevent child labor) and who one’s parents were for inheritance purposes. 

These institutions are not “people” who are interacting with one another and using bodies as the known common factor to recognize each other. When returning to interact with an institution and its systems, people must represent themselves in a way that is understandable to the institution or more precisely to a person who is acting in a role with that institution. This is done by producing documents issued to the person by either that institution or another institution whose authority they accept. 

These institutional processes require some basic steps of enrollment or registration. Often an indexical number is assigned to an individual—this helps the institution find the records of this person again and add more information to the institution’s record of the person. Often when a person is interacting with institutions, other attributes about the person are often collected and recorded in identity documents, ledgers, and records kept by the institution.

There are several contemporary examples of institutional networks becoming explicit and understanding how people are enrolled with them and later return to represent themselves. In Canada work has been done by the public and private sector to develop a Pan-Canadian Trust Framework that articulates 24 micro-processes involved in creating an identity with high confidence in government-related systems. Global governing institutions like the International Civil Aviation Organization (ICAO) have set standards for Evidence of Identity and are seeking to standardize birth registration documentation globally. A whole range of institutions then use birth certificates that result from birth registration in order to recognize people. 

Modern nation-states and the identities that people have in relation to them emerged with the Treaty of Westphalia in 1648 as territorial states were recognized as legal entities. These entities, modern nation-states, are a relatively new emergent phenomena. They have a physical territorial form, but it is essential to remember that “human social systems[…] exist not only in the physical domain, but also in a symbolic social domain, shaped by the “inner world” of concepts, ideas, and symbols that arise with human thought, consciousness, and language[…]”  

It is important to remember that the state does not just  occupy land but that it also exists in the thoughts and beliefs of its subjects. These thoughts and beliefs arise through a process of social autopoiesis via an autopoietic network (self generating) and via communication:  

“Social systems use communication as their particular mode of autopoietic reproduction. Their elements are communications that are produced and reproduced by a network of communications and that cannot exist outside of such a network.”

Citizenship in territorial nation-states is a significant example of autopoiesis  in action. Mawaki Chango’s research shows that the initial issuance of identity cards to residents in the territory we call France was a crucial step in forming the idea that they were indeed citizens of a nation called France within those people’s minds. This process is replicated worldwide and shapes the beliefs of billions of people who are registered by the states where they live. 

It is worth noting that these state projects to register citizens also imposed naming conventions that we now take for granted. The inherited patronym was designed by states doing such record keeping in early projects to “allow officials to identify, unambiguously the majority of its citizens.” When successful, it went far to create legible people, and they remain the first recorded facts on documents of Identity. 

Here is a brief timeline of the evolution of both identity processes and their accompanying paper-based identity documents.

Figure 7 this presents a timeline of key developments in the history of paper-based identity documents. 

When individuals want to use  information about themselves asserted by one institution to gain access or services at another institution,  paper documents  are the pivot point of sharing that information. When I want to go to a bar and the bar needs to know how old I am—I present my drivers license at the door. The person at the door of the bar does not query a state level database to discern my age. The state has no idea where and with whom I shared my identity information. This is a diagram of how this works. 

Figure 8. This shows how paper documents are issued to and used by individuals. A person petitioning for a document will submit the needed requirements to the issuer (in the case of a birth certificate, the parents will fill out the forms and have the doctors sign them). The issuer, in this case the county registry, issues a certificate that the birth has been recorded in the county register. The individual seeking employment can prove their age by sharing this paper certificate with a potential employer – indeed this was the use case that motivated social reformers in the 1920s to push for universal birth registration that was achieved in the United States by 1940.

This section makes the argument that our current identity systems and their paper-based documents and processes cannot be separated from our complex interlocking institutions from which they spontaneously arose over millennia. We cannot “go back” at a global scale to peer and kin-based identity systems with no material artifacts. Given the pervasiveness of today’s digital technology, we cannot go forward with just paper-based tools to share and prove Identity with institutions that make our complex society function. So what options are there? The next section explores the incompatibility of the Enterprise Identity and Access Model and Consumer IdP model with the underlying architecture of paper based systems and argues that SSI models preserve important desirable qualities of paper-based systems.

The Path from Paper Based Identity Documents to Digital Identity Systems in Alignment with Western Liberal Democratic Values

The question of how paper-based systems can be replicated in the digital realm is not an easy one. If it was easy it would have been done years ago. So let us consider some potential paths that were present a decade ago.  

One could adopt the digital identity management systems and paradigms that emerged for managing the relationship between employees who needed access to digital systems to do their work as discussed in the first part of this paper. Employers assign employees an indexical number, an identity relative to their work at the company, and provision them with an account to access enterprise systems. By default, this enterprise architecture puts the employer “over” the employee with the power to see everything the employee does with their digital identity and terminate the employee’s digital identity in that system. 

So, it would follow in this model that governments can create digital identifiers that serve as persistent network end points for their citizens and then use this digital identifier and account to manage the citizen’s interaction with the state and all realms of life. This puts the state (itself an assembly of many organizations) in the role of providing digital identifiers to its citizens. Digital identities architectured in this way would be controlled and owned by the state. The government would have control over it in the same way that Google and Facebook have control “over” our digital social accounts, and in the same way that an employer has control “over” our accounts as employees in enterprise systems. 

This architecture doesn’t seem right and just within the context of Western liberal democracies. It allows the state to see  an enormous amount of the activities performed by an individual. t gives the state  the power to terminate the digital account and thus the “informational person,” a term coined by Colin Kooping.

Systems have emerged with these underlying architectural designs, and they all began more than 10 years ago before the SSI architectures were created. 
Some nation-states, tiny countries with highly accountable (and largely digitalized and online) institutions and high trust societies such as Estonia and Singapore, are pursuing this model. The central government issues  digital identifiers and leverages that national identifier across multiple contexts. The Indian government has enrolled the  majority of its residents into a system by collecting 13 biometrics (10 finger prints, two iris scans and a photo) from each of them and then assigning them a 12-digit identifier, Aadhaar number. The designers of India’s system imagined this number would be the center of the “India Stack” and could be used by people to login to all digital services both governmental and commercial. The World Bank has been promoting systems based on this model throughout Africa and offering substantial loans to support their implementation.

Figure 9. This is a slide from presentations by iSPRIT about how they envisioned the Aadhaar number of each Indian being at the center of a technology stack. 

The enterprise identity and access model that phones an authorized database repeatedly for authentication is not appropriate for the relationship between a citizen and their state. It is not a viable model for the exchange of information about people between all possible institutions within in a complex society. This is for three reasons: 1) the necessary  technical federation would be complex and vulnerable to cyber attack 2) the state can see all the transactions in which a citizen uses their account, and 3) the state can to terminate a citizen’s account his architecture doesn’t seem right and just within the context of Western liberal democracies. Campaigns against proposed digital identity systems with a centralized IdP design were waged in Australia and the UK successfully. 

When we look at how paper-based documents work, the individual was the pivot point in exchanging information from one institution to another. It is worth noting that institutions who receive shared information  (the Verifier) and want to be very sure the paper-based documents they are presented with are not a fraud might call the issuer to confirm the veracity of the documents. 

Self-Sovereign Identity technologies provide a way to restore key  qualities of paper-based documents in the digital realm. They make the person the pivot point for the exchange of information between institutions. Once issued to the individual, documents are under their control and can be shown to whomever the individual chooses. Verifiable Credentials have even better anti-fraud protections with digital signatures (so the Verifier does not need to contact the issuer). 

Figure 10. Self-Sovereign Identity specific use-case around the issuance and sharing of a verifiable credential in the educational context.

SSI bridges the gap between paper identity documents and digital identity documents in a way that does not put the state or any other institution in control of an individual’s identity. Individuals may issue their own identity documents without the approval of the state. However, to increase credibility, it will be common to share verified credentials with assertions from another party. The individual’s dependence on other parties for credentials is equivalent to their reliance on a community for their reputation in pre-digital times. This aligns with the emergent properties of social, institutional systems over the last thousand years in the European context.  

Figure 11. This shows the two different timelines of computer/digital identity systems and paper based systems.  They are two distinct histories with different needs and business processes that created each of them.  They can meet together in Self-Sovereign Identity  as its underlying architecture is similar to how paper based systems work  translated into digital. 

For better or worse, European models for many types of institutions have been exported around the world. The SSI protocol is broad and widely expressive. It is, as another name for it implies, decentralized, so any entity can use these open standards for any purpose they choose. This means that any institution, including kin-based and indigenous communities, could also use SSI to design credentials and issue them to their members on their own terms. Indeed, in New Zealand, a Maori-owned social enterprise, Ahou is exploring how express traditional kin-based Identity in this new digital format. They are also collaborating with the New Zealand government to have these identity documents recognized by them based on their historical treaty arrangements. 

In summary, SSI preserves or restores some features of earlier paper-based identity systems that emerged over millennia in Europe. Essentially, it provides a real alternative path to express credentials in a digital format that prevents the anchoring of identity information to identifiers as network endpoints under the control of the state or some other corporate entity. SSI improves the efficiency and security of earlier identity systems by limiting the information that must be revealed to verify aspects of Identity. It also reduces both the workload and the security risks associated with repeated checking between the issuer and the Relying Party to verify a credential.

The Future of You Podcast with Tracey Follows

Kaliya Young · May 4, 2022 ·

I was invited to discuss self-sovereign identity on Episode 7 of The Future of You Podcast with the host, Tracey Follows, and a fellow guest, Lucy Yang.

On this podcast, we discussed digital wallets, verifiable credentials, digital identity, anonymity and self-sovereignty.

  • Why digital identity is so important and how it differs from the physical realm
  • Tools currently in development to enable self-sovereign identities
  • Whether anonymity or pseudonymity is feasible while maintaining accountability
  • How digital wallets might evolve and consolidate across the public and private sector
  • The principles of physical identity that must carry over into a digital solution and the importance of Open Standards

Listen online: https://bit.ly/3w1cxbu

Listen on Spotify: https://spoti.fi/3vIB9qK

Listen on Apple: https://apple.co/3w3fqbN

Listen on Google Podcasts: https://bit.ly/3w0hWQ1

Listen on Amazon Podcasts: https://amzn.to/3KBBC29

Media Mention: MIT Technology Review

Kaliya Young · April 7, 2022 ·

I was quoted in the article in MIT Technology Review on April 6, 2022, “Deception, exploited workers, and cash handouts: How Worldcoin recruited its first half a million test users.”

Worldcoin, a startup built on a promise of a fairly-distributed, cryptocurrency-based universal basic income, is building a biometric database by collecting data from the financially disadvantaged in the developing nations, in exchange for cash incentives.

Below is the paragraph which I am quoted in, with regards to Worldcoin’s business.

Others remain unconvinced that Worldcoin can actually reach everyone in the world—and instead, serves as a distraction from ongoing work to create new identity paradigms. Identity expert Kaliya Young, while declining to comment on Worldcoin specifically, says that “it’s common for companies to claim that ‘if everyone in the world was in our system, everything would be fine.’ Newsflash: everybody is not going to be in your system, so let’s move on and talk about how we solve problems” in online identity.

You can read the entire article by following this link, https://www.technologyreview.com/2022/04/06/1048981/worldcoin-cryptocurrency-biometrics-web3/

Techsequences Podcast: Self-Sovereign Identity

Kaliya Young · December 9, 2021 ·

I chatted with Alexa Raad and Leslie Daigle of Techsequences about self-sovereign identity: what identity is and how we’ve lost control of our own identity in today’s world.

Click on the link below to listen.

https://www.techsequences.org/podcasts/?powerpress_pinw=252-podcast

“Who are you?”. Answering that may seem at once easy and yet incredibly complex.  In the real world, we are born with, gain or develop aspects of our identity.  But distinguishing who is who is a lot more complex online.  Multiple entities assign IDs and keep track of our activities. Identity models have evolved from the traditional or siloed model to the federated models.  The common denominator however is that you are not in control of your identity. Join us for a conversation with Kaliyah Young, expert in self-sovereign identity, on how we as individuals can gain control over what is uniquely ours: our identity.

Cohere: Podcast

Kaliya Young · November 23, 2021 ·

I had the pleasure of talking with Bill Johnston who I met many years ago via Forum One and their online community work. It was fun to chat again and to share for the community management audience some of the latest thinking on Self-Sovereign Identity.

Click on the image to get to episode

Kaliya Young is many things: an advocate for open Internet identity standards, a leader in the identity space – including hosting the Internet Identity Workshop, a published author, and a skilled Open Space facilitator.

On this episode of the Cohere podcast, Kaliya joins Bill to discuss the history of online identity, what events led us to the consolidation of identity into a few centralized platforms, and what steps we need to take to recover and protect our online identities.

Podcast: Identikit with Michelle Dennedy

Kaliya Young · August 25, 2021 ·

Click on the Image to get to the podcast

For the opening episode of ‘Identikit Sequent X’, Michelle Dennedy welcomes Kaliya Young, also known as The Identity Woman, to Smarter Markets for our latest series examining the evolution of digital identity, and how self-sovereign identity, specifically, can advance a consent-based economy.

Kaliya is one of the world’s leading experts in self-sovereign identity and identity on the blockchain. She is the co-author of ‘A Comprehensive Guide to Self-Sovereign Identity’ and is widely known as The Identity Woman; also the name of her blog and twitter handle. Ms. Young has committed her life to the development of an open standards-based internet layer that empowers and enables the people and was named one of the most influential women in tech by Fast Company Magazine.

Navigating Digital Identity in Political Economies RxC Talk.

Kaliya Young · August 25, 2021 ·

We had a great conversation about digital identity in Political Economies and specifically a paper with a proposal by Bryan Ford.

Life on Intersections: Digital Identity in Political Economies

Most digital identity systems are centralized (e.g., in big government or technology organizations) or individualistic (e.g., in most blockchain projects). However, being in the world is fundamentally social and intersectional — we are all part of networks. So how might we formalize digital identity in a way that better reflects this complex reality? This panel with leading social technology and computer researchers explores more robust digital identity approaches and potential application areas in political economies.

Defining Self-Sovereign Identity: Coding Over Cocktails Podcast

Kaliya Young · May 8, 2021 ·

Are you in charge of your own digital identity? How do you share “verifiable” information about yourself on the internet?

Defining Self-Sovereign Identity with Kaliya Young: Coding Over Cocktails Podcast

I had the opportunity to discuss digital identity with Kevin Montalbo and David Brown, two co-hosts of the Coding Over Cocktails Podcast. The topics we covered were: the different domains of identity, how our identities are currently held and managed by corporations, civil society, and governments, and why we should advocate for the rights of our digital selves.

You can listen to the entire podcast and read the transcript of the show by clicking on the link below!

https://www.torocloud.com/podcast/digital-identities-kaliya-young

Also, you can watch the short “preview” of the show on YouTube.

Radical Exchange Talk: Data Agency. Individual or Shared?

Kaliya Young · February 5, 2021 ·

I had a great time on this Radical Exchange conversation

Human Centered Security Podcast

Kaliya Young · December 23, 2020 ·

I was invited to join Heidi Trost to join her on my new podcast focused on Human Centered Security. We had a great chat focused on Self-Sovereign Identity.

You can find it here on the Web, Spotifiy or Apple Podcast

In this episode we talk about:

What Kaliya describes as a new “layer” to the Internet to support decentralized identity, much like how html or email supported what came next.

The importance of open standards.

How to build a “digital wallet” paradigm that makes sense to people.

What SSI means for businesses/business models.

Kaliya is the co-author of “Comprehensive Guide to Self-Sovereign Identity,” and author of “Domains of Identity.” She is also one of the co-founders of the Internet Identity Workshop, which brings together people to help develop open standards for ways people can own and control their digital representations of themselves.

Presentation: At the STOA

Kaliya Young · October 12, 2020 ·

Earlier this month I got to present at the STOA a forum with an amazing list of presenters and topics happening every day. Enjoy.

Panel at RxC: Digital Identity: A look Ahead

Kaliya Young · August 3, 2020 ·

I almost went to Brazil this year for the Radical Exchange conference. Instead it went virtual with 48 hours of programming. I had the pleasure of talking with Paula Berman (Democracy Earth) and Supriyo Roy (Idena). Each of us shared about different future looking identity projects/efforts we are involved in.

Presentation: to SWIFT Innotribe (the world’s bankers)

Kaliya Young · September 25, 2019 ·

In September of 2019 I was invited to present to the world’s bankers at the conference run by the co-op at the center of the world’s banking system, SWIFT. The stage is fantastic 24m x 4m high. You can see SSI outlined in large details. I also cover big topics like the meaning of the word trust. Enjoy!

Acclaimed expert Kaliya Young, widely known as ‘Identity Woman’, explores the concept of self-sovereign identity (SSI) on the Innotribe stage.

Comprehensive Guide to Self-Sovereign ID

Kaliya Young · April 19, 2019 ·

Last year around this time it became clear that a guide to understand the Decentralized Identity OR Self-Sovereign Identity Technologies was needed.
Last Summer I partnered with Heather Vescent to write the guide designed for C-Level Executives.
You can buy it here on Amazon. 
It has three big parts:
Part 1 explains the context of where the technology came from. It is rooted 15 years of work by the user-centric identity community that has gathered at IIW. It articulates the core technology that came together to make it possible. None of it totally new, PKI is 25 years old mobile phones 10, blockchains 9 -> but pulled together for the first time in a way that made sense.
Part 2 explains in more detail the core building blocks that make it work.
1) the Wallets/Hubs/Agents that people have to manage their identifiers and verifiable credentials.
2) The Issuer Code & Verifier Code. So to be issued verifiable credentials they have to be issued by a institution or enterprise (ok people can issue other people them but…). Verifier code is used by the institutions individuals share their credentials with.
3) The Distributed Ledgers or Blockchains – these are actually kinda optional. They are handy to get all this to work but not essential. They provide a place for decentralized identifiers to be place so the the keys associated with them can be found (via resolution).
Along with the explanation of the technology we also go through companies building each of these. So it is like an analyst report.
Part 3 cover the Open STANDARDS. These are the core of how we create a new layer of the internet…for identity…using open standards. So this goes into detail explaining at a high level what they are and how they work and provides links down into the specifications and locations of where to participate in the work.
The ending of the report covers the events where work is ongoing along with organizations.
You can Buy it Here on Amazon. 
 

Speaking at Blockchain Summit India

Kaliya Young · February 21, 2019 ·

I am in India as a New America India-US Public Interest Technology Fellow. My topic of study is Aadhaar the country’s national digital Identity system.
This Friday I am speaking at the Blockchain India Summit on a panel:
Aadhaar on Blockchain, a potential solution for continued innovation

The rapid march of Aadhaar came to a sudden halt with its declaration on acting unconstitutionally and violating fundamental Indian rights! This also halted new ways of innovation happening in FinTech. Is it time to redesign Aadhaar while ensuring the data ownership resides with the citizen and yet safe, secure and effective.

  • Vishal Gupta CEO, Diro
  • Sarang Bhoyar, Blockchain Program Manager, Infosys
  • Kaliya Young, New America India-U.S. Public Interest Technology Fellow
  • Dinesh Prasad, Asia Head, Ex- Qualcomm
  • Saurabh Katiyar, Program Head, NIIT
  • Moderator: Vaibhav Vardhan, Founder and CEO, Inc42 Media

It will be a bit of a challenge to explain/get across the new decentralized Identity and Self-Sovereign Identity tech without any slides and what will likely be one question. For those coming to find this site after hearing me talk here are some good resources.
Internet Identity Workshop – please join us to dive into the deep end of the pool with the community building the goals.
The W3C group on Decentralized Identifiers is in the Credentials Community Group 
The specification for Verifiable Credentials.
There is also this Comprehensive Guide to Self Sovereign Identity. If you are interested in it but can’t afford it just fill out this form. 

Here is some more about the conference from their web site:
The Summit is targeted towards enabling Indian government and ministries to speed up the process of developing a flourished Blockchain and Cryptocurrency ecosystem. Global Blockchain brands and government bodies are joining to make India, a Blockchain capital.

Vision Blockchain 2030!

Started with a vision to bring full transparency in Governance and a flourished economy for India in coming 10 years.

Blockchain Summit India 2019 is first edition in series of Vision Blockchain 2030. Indian Government, various ministries, country’s premium academic institutes and country’s most influential people are participating to support the initiative.

https://blockchain2030.co.in/agenda.html

Exciting SSI announcement was not well received by some

Kaliya Young · December 17, 2018 ·

The Microsoft-Mastercard SSI alliance is great news, but some thought it was a bad thing.

By all accounts, Fast Company’s Cale Guthry Weissman is a good reporter who knows his audience. Informed that Microsoft and Mastercard were partnering to create a new kind of digital identity, he went to get some answers, assessed the situation, and wrote an article that called the alliance “frightening”

But the solution they offer–a one-stop, universal identification for any and all applications–would mean that every citizen would be entering into a system built by private companies that centralizes all of their personal data. Every digital company wants to be a data hoover, and this program seems to underscore the extent of this pursuit.
[…]
Overall, this announcement speaks to a common tone-deafness among large companies when it comes to privacy. While proving digital identity can certainly be onerous, some solutions may only imperil us even more.

  • Microsoft and Mastercard have a frightening plan to create “digital identities”, Fast Company 12/04/18

Weissman can be forgiven for such a sentiment; tech companies have a well earned reputation for turning their users into unwitting laborers  on data farms. But it should be noted that Mastercard isn’t “a tech company”. When Weissman reached the global credit card company for comment they explained their bold new venture with excitement, emphasising that they’re going to use trusted sources to give control to the user, who will “share only the information needed to conduct their transactions,” but it didn’t really seem to take. They came off like someone who walked into a party wearing a set of Google Glass, then tried to use the uncomfortable pause that it created to explain how his dork goggles weren’t just a mass surveillance tool, they were also going to change the world! The spokesman would have done better to explain that SSI applications are explicitly NOT “centralized” as Weissman came away understanding, but they appear to have got a bit carried away.

“The next update will let me see into your soul, but it’s nothing to worry about.”

It seems like a good solution because it is a good solution, but Mastercard won’t be able to sell it themselves

We have no reason to doubt that Mastercard’s excitement is earnest. Credit card companies live the third-party verification problem every day, because they’re third party verifiers. Mastercard sees ease-of-use and fraud prevention savings in this project that are meaningful, and are excited about being able to achieve them without having to handle customer data. They’re telling their merchants and cardholders: “Look! You’re going to FINALLY have control of your own verification process! No more 2 pieces of ID with a credit card, and we don’t even have to hand the process over to a data-harvesting behemoth to get it done! (You just know Facebook or Amazon would have underbid anyone to get their hands on card verification contract, and for all the wrong reasons.) But Fast Company isn’t inclined to take them at their word. After all, they are partnering with Microsoft, who would surely know what to do with a bunch of cardholder and merchant data.
Microsoft, for their part, declined comment, which is interesting since they have so many good people working on this project who could comment eloquently including Daniel Buchner, Pamela Dingle and Kim Cameron among others. Perhaps from the PR department the silence is born of experience. Microsoft is the butt of the funniest tech jokes, and is aware of the shadow they cast. There isn’t anything they say to the general public to convince them that an identity play they’re making isn’t just another way to sink their tentacles into their users a bit further. The process knowledge just isn’t out there. Best say nothing until it’s ready.

Microsoft have good reasons to be this helpful.

The Microsoft that dominated the 90s and early oughts got their lunch eaten by Google, Facebook and Amazon, who cornered users into a Faustian bargain that they didn’t even know they were making. Microsoft’s unbreakable hold on the enterprise software market financed attempts to compete in the data and advertising realm, but it’s clear by now that beating data harvesters at their own game isn’t in the company’s DNA. This identity play may be Microsoft doing the next best thing: taking them out at the knees by giving the data control back to the customers.
Facebook is able to give access Cambridge Analytica and others access to user data by virtue of the fact that they have it. They could (and still do) broker access to users via their data, because they have ongoing user consent. If the user revokes that consent, nobody is checking if they’re honouring that revocation.
But they can’t sell what they don’t have. A user-centred permissions system would allow individuals to give Twitch streaming access to their X-Box ONE account, or not. LinkedIN could offer seamless work history verification, which would allow for an easy transition into the corporate HR services business, handling payroll, insurance and benefits for enterprises – all newly simplified user centric verifiable credentials. There are all sorts of places Microsoft can organically grow their core software business once the framework is in place to allow users and organizations to provide and revoke data from each other… once they can get over concerns people have over how the system actually operates.
There is not yet an SSI killer app. While Microsoft would no doubt like very much to develop one, they’re probably just as happy having someone else strike the discovery vein that gets the public’s attention. Once the user base gets wise to their new-found control, a self-sovereign-ID-enabled Microsoft will be in a position to enter the 2020s as a major player in this new market place of decentralized identity and credentials under the true control of the user.
(With files from Braden Maccke. Feature image courtesy Humans Unlimited Blog.)

My Talk at New America on Self-Sovereign Identity & the Domains of Identity

Kaliya Young · November 9, 2018 ·

The Future of Property Rights a program at New America just published a new report The Nail Finds a Hammer: Self-Sovereign Identity, Design Principles and Property Rights in the Developing World. I commented extensively on the paper before publication and they included the Domains of Identity within the report. It turns out that many of the Domains of Identity include registries. This whole perspective that registries as the root of many of our systems is very eye opening. Just like when one finds identity one sees it everywhere, it turns our registries are everywhere too.
Mike invited some key contributors to the paper to talk at New America. I presented about both Self-Sovereign Identity AND the domains of Identity … enjoy!!!
https://www.youtube.com/watch?v=U8bZ4GYFwKY

Three new SSI papers I helped Review

Kaliya Young · October 29, 2018 ·

Last week was the Internet Identity Workshop and also in the past week there were two new papers released about Self-Sovereign Identity both of which I had a hand in reviewing.  ( A third just got released and it was added below in early November.)
They are both good papers and I recommend them.
The first one to be released by by the Future of Property Rights program at New America Foundation was A Nail finds a Hammer: Self-Sovereign Identity, Design Principles and Property Rights in the Developing World.  From the Introduction:

Our interest in identity systems was an inevitable outgrowth of our earlier work on blockchain-based1 land registries.2 Property registries, which at the simplest level are ledgers of who has which rights to which asset, require a very secure and reliable means of identifying both people and properties. In the course of investigating solutions to that problem, we began to appreciate the broader challenges of digital identity and its role in international development. And the more we learned about digital identity, the more convinced we became of the need for self-sovereign identity, or SSI. This model, and the underlying principles of identity which it incorporates, will be described in detail in this paper.
We believe that the great potential of SSI is that it can make identity in the digital world function more like identity in the physical world, in which every person has a unique and persistent identity which is represented to others by means of both their physical attributes and a collection of credentials attested to by various external sources of authority. These credentials are stored and controlled by the identity holder—typically in a wallet—and presented to different people for different reasons at the identity holder’s discretion. Crucially, the identity holder controls what information to present based on the environment, trust level, and type of interaction. Moreover, their fundamental identity persists even though the credentials by which it is represented may change over time.
 

The Second is by the Identity Working Group of the German Blockchain Association Self-sovereign Identity:  A position paper on blockchain enabled identity and the road ahead. 
From the Introduction:

Digital Identity is a field that matters to a seemingly infinite number of stakeholders from diverse backgrounds. Confronted with this extensive scope, we decided to structure this position paper around two major objectives:
First, to provide our readers with a structured overview of the identity field from the perspective of self-sovereign identity, and second, to motivate stakeholders in the identity community to embrace the idea of a universal identity layer and join us for the road ahead.
As a result of our collaboration in the identity working group in the German Blockchain Association, we propose the SSI model as a way to enable an identity ecosystem that is capable of solving many inefficiencies in existing identity solutions and addressing novel demands on identity in the emerging decentralised web. Whilst SSI systems can be constructed without the need for any blockchain system, blockchain systems can add significant value to SSI systems, as this paper will show. Ultimately, the universal identity layer that we describe is required to enable blockchain based decentralised systems and business models to reach their full potential.
Our aim is to present an overview that is independent from any one company’s product offering. We instead present an industry-wide consensus on the model of SSI that is geared towards the establishment of a truly interoperable and modular identity system that utilizes open standards. The paper can thus be understood as the baseline of agreement between all represented businesses from the identity space. The paper is an attempt to describe the universal identity layer from a high-level perspective with a focus on shared positions and agreement instead of going into technical implementation details that certainly matter but need to be discussed further on in the debate we intend to initiate with this position paper.

The Third report was pulled together by folks at GovLab NYU. BLOCKCHANGE: Blockchain Technologies for Social Change. FIELD REPORT: On the Emergent Use of Distributed Ledger Technologies for Identity Management

This is from page 54 which is part of a two page pull out by me :).

THE BLOCKCHAIN IDENTITY PARADIGM CHANGE
During our analysis, some have suggested that the above (enterprise) ID lifecycle is not representative of how blockchain can transform Identity. They have subsequently called for a new paradigm.
According to Kaliya “Identity Woman” Young: “The mental models of how identity is “managed” whether by an employer relative to an employee or by a government relative to a citizen or by an individual just logging into to a web service is disrupted by the new emerging standards of DIDs and Verifiable Credentials.

The authors did a literature of existing Identity Management research from academia that is not really familiar with current industry frames (a read a lot of this literature while I was in the Master of Science in Identity Management and Security and it was stale and out of date).  The case studies built on these existing frames rather then engaging from the current literature frames rather then new ones.
 
 
 
 

Presentation: MyData Global

Kaliya Young · September 15, 2018 ·

In the summer of 2018 I was invited to give a keynote address at MyData Global. I took the opportunity to share the Domains of Identity (now a book) and weave them together with how Self-Sovereign Identity works and conclude highlighting the need for collaboration going forward.

The Domains of Identity & Self-Sovereign Identity MyData 2018 from Kaliya "Identity Woman" Young

  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Interim pages omitted …
  • Go to page 28
  • Go to Next Page »

     Copyright © 2023 Identity Woman  evelurie.com/web design/develop     

  • Terms of Use
  • Privacy Policy
  • Sitemap
  • Contact