BlockChain and Identity

Navigating Digital Identity in Political Economies RxC Talk.

Kaliya Young · August 25, 2021 ·

We had a great conversation about digital identity in Political Economies and specifically a paper with a proposal by Bryan Ford.

Life on Intersections: Digital Identity in Political Economies

Most digital identity systems are centralized (e.g., in big government or technology organizations) or individualistic (e.g., in most blockchain projects). However, being in the world is fundamentally social and intersectional — we are all part of networks. So how might we formalize digital identity in a way that better reflects this complex reality? This panel with leading social technology and computer researchers explores more robust digital identity approaches and potential application areas in political economies.

Comprehensive Guide to Self-Sovereign ID

Kaliya Young · April 19, 2019 ·

Last year around this time it became clear that a guide to understand the Decentralized Identity OR Self-Sovereign Identity Technologies was needed.
Last Summer I partnered with Heather Vescent to write the guide designed for C-Level Executives.
You can buy it here on Amazon.
It has three big parts:
Part 1 explains the context of where the technology came from. It is rooted 15 years of work by the user-centric identity community that has gathered at IIW. It articulates the core technology that came together to make it possible. None of it totally new, PKI is 25 years old mobile phones 10, blockchains 9 -> but pulled together for the first time in a way that made sense.
Part 2 explains in more detail the core building blocks that make it work.
1) the Wallets/Hubs/Agents that people have to manage their identifiers and verifiable credentials.
2) The Issuer Code & Verifier Code. So to be issued verifiable credentials they have to be issued by a institution or enterprise (ok people can issue other people them but…). Verifier code is used by the institutions individuals share their credentials with.
3) The Distributed Ledgers or Blockchains – these are actually kinda optional. They are handy to get all this to work but not essential. They provide a place for decentralized identifiers to be place so the the keys associated with them can be found (via resolution).
Along with the explanation of the technology we also go through companies building each of these. So it is like an analyst report.
Part 3 cover the Open STANDARDS. These are the core of how we create a new layer of the internet…for identity…using open standards. So this goes into detail explaining at a high level what they are and how they work and provides links down into the specifications and locations of where to participate in the work.
The ending of the report covers the events where work is ongoing along with organizations.
You can Buy it Here on Amazon.

Speaking at Blockchain Summit India

Kaliya Young · February 21, 2019 ·

I am in India as a New America India-US Public Interest Technology Fellow. My topic of study is Aadhaar the country’s national digital Identity system.
This Friday I am speaking at the Blockchain India Summit on a panel:
Aadhaar on Blockchain, a potential solution for continued innovation

The rapid march of Aadhaar came to a sudden halt with its declaration on acting unconstitutionally and violating fundamental Indian rights! This also halted new ways of innovation happening in FinTech. Is it time to redesign Aadhaar while ensuring the data ownership resides with the citizen and yet safe, secure and effective.

Vishal Gupta CEO, Diro
Sarang Bhoyar, Blockchain Program Manager, Infosys
Kaliya Young, New America India-U.S. Public Interest Technology Fellow
Dinesh Prasad, Asia Head, Ex- Qualcomm
Saurabh Katiyar, Program Head, NIIT
Moderator: Vaibhav Vardhan, Founder and CEO, Inc42 Media

It will be a bit of a challenge to explain/get across the new decentralized Identity and Self-Sovereign Identity tech without any slides and what will likely be one question. For those coming to find this site after hearing me talk here are some good resources.
Internet Identity Workshop – please join us to dive into the deep end of the pool with the community building the goals.
The W3C group on Decentralized Identifiers is in the Credentials Community Group
The specification for Verifiable Credentials.
There is also this Comprehensive Guide to Self Sovereign Identity. If you are interested in it but can’t afford it just fill out this form.

Here is some more about the conference from their web site:
The Summit is targeted towards enabling Indian government and ministries to speed up the process of developing a ﬂourished Blockchain and Cryptocurrency ecosystem. Global Blockchain brands and government bodies are joining to make India, a Blockchain capital.

Vision Blockchain 2030!

Started with a vision to bring full transparency in Governance and a flourished economy for India in coming 10 years.

Blockchain Summit India 2019 is first edition in series of Vision Blockchain 2030. Indian Government, various ministries, country’s premium academic institutes and country’s most influential people are participating to support the initiative.

https://blockchain2030.co.in/agenda.html

My Talk at New America on Self-Sovereign Identity & the Domains of Identity

Kaliya Young · November 9, 2018 ·

The Future of Property Rights a program at New America just published a new report The Nail Finds a Hammer: Self-Sovereign Identity, Design Principles and Property Rights in the Developing World. I commented extensively on the paper before publication and they included the Domains of Identity within the report. It turns out that many of the Domains of Identity include registries. This whole perspective that registries as the root of many of our systems is very eye opening. Just like when one finds identity one sees it everywhere, it turns our registries are everywhere too.
Mike invited some key contributors to the paper to talk at New America. I presented about both Self-Sovereign Identity AND the domains of Identity … enjoy!!!
https://www.youtube.com/watch?v=U8bZ4GYFwKY

Three new SSI papers I helped Review

Kaliya Young · October 29, 2018 ·

Last week was the Internet Identity Workshop and also in the past week there were two new papers released about Self-Sovereign Identity both of which I had a hand in reviewing. ( A third just got released and it was added below in early November.)
They are both good papers and I recommend them.
The first one to be released by by the Future of Property Rights program at New America Foundation was A Nail finds a Hammer: Self-Sovereign Identity, Design Principles and Property Rights in the Developing World. From the Introduction:

Our interest in identity systems was an inevitable outgrowth of our earlier work on blockchain-based1 land registries.2 Property registries, which at the simplest level are ledgers of who has which rights to which asset, require a very secure and reliable means of identifying both people and properties. In the course of investigating solutions to that problem, we began to appreciate the broader challenges of digital identity and its role in international development. And the more we learned about digital identity, the more convinced we became of the need for self-sovereign identity, or SSI. This model, and the underlying principles of identity which it incorporates, will be described in detail in this paper.
We believe that the great potential of SSI is that it can make identity in the digital world function more like identity in the physical world, in which every person has a unique and persistent identity which is represented to others by means of both their physical attributes and a collection of credentials attested to by various external sources of authority. These credentials are stored and controlled by the identity holder—typically in a wallet—and presented to different people for different reasons at the identity holder’s discretion. Crucially, the identity holder controls what information to present based on the environment, trust level, and type of interaction. Moreover, their fundamental identity persists even though the credentials by which it is represented may change over time.

The Second is by the Identity Working Group of the German Blockchain Association Self-sovereign Identity: A position paper on blockchain enabled identity and the road ahead.
From the Introduction:

Digital Identity is a field that matters to a seemingly infinite number of stakeholders from diverse backgrounds. Confronted with this extensive scope, we decided to structure this position paper around two major objectives:
First, to provide our readers with a structured overview of the identity field from the perspective of self-sovereign identity, and second, to motivate stakeholders in the identity community to embrace the idea of a universal identity layer and join us for the road ahead.
As a result of our collaboration in the identity working group in the German Blockchain Association, we propose the SSI model as a way to enable an identity ecosystem that is capable of solving many inefficiencies in existing identity solutions and addressing novel demands on identity in the emerging decentralised web. Whilst SSI systems can be constructed without the need for any blockchain system, blockchain systems can add significant value to SSI systems, as this paper will show. Ultimately, the universal identity layer that we describe is required to enable blockchain based decentralised systems and business models to reach their full potential.
Our aim is to present an overview that is independent from any one company’s product offering. We instead present an industry-wide consensus on the model of SSI that is geared towards the establishment of a truly interoperable and modular identity system that utilizes open standards. The paper can thus be understood as the baseline of agreement between all represented businesses from the identity space. The paper is an attempt to describe the universal identity layer from a high-level perspective with a focus on shared positions and agreement instead of going into technical implementation details that certainly matter but need to be discussed further on in the debate we intend to initiate with this position paper.

The Third report was pulled together by folks at GovLab NYU. BLOCKCHANGE: Blockchain Technologies for Social Change. FIELD REPORT: On the Emergent Use of Distributed Ledger Technologies for Identity Management

This is from page 54 which is part of a two page pull out by me :).

THE BLOCKCHAIN IDENTITY PARADIGM CHANGE
During our analysis, some have suggested that the above (enterprise) ID lifecycle is not representative of how blockchain can transform Identity. They have subsequently called for a new paradigm.
According to Kaliya “Identity Woman” Young: “The mental models of how identity is “managed” whether by an employer relative to an employee or by a government relative to a citizen or by an individual just logging into to a web service is disrupted by the new emerging standards of DIDs and Verifiable Credentials.

The authors did a literature of existing Identity Management research from academia that is not really familiar with current industry frames (a read a lot of this literature while I was in the Master of Science in Identity Management and Security and it was stale and out of date). The case studies built on these existing frames rather then engaging from the current literature frames rather then new ones.

Kim Cameron on Blockchain and Identity

Kaliya Young · August 21, 2018 ·

My good friend Kim Cameron has a new video clip out where he talks about how blockchain and identity fit together.
We must follow the Laws of Identity!

Blockchain vs. CryptoCurrency: BridgeSF Talk

Kaliya Young · May 23, 2018 ·

I was asked to substitute in at the last minuet to talk about the difference between blockchain and cryptocurrency at the BridgeSF conference on their Enterprise Day.
Here are links to what I cover in the talk:
Do You Need a Blockchain. This slide is from DHS S&T and Anil John who is leading research int his area for that agency.

Supply Chain

Immutable Data

Chainpoint by Tierion

Identity on the Blockchain

Verifiable Organizations Network, Led by the British Columbia Government on GitHub. Built on the Hyperleder Indy Code also on GitHub.
Verifiable Credentials Work at the W3C.
Decentralized Identifier Work at the W3C building on work from the Internet Identity Workshop and Rebooting the Web of Trust.
The Decentralized Identity Foundation
MyCUID My Credit Union Identity

Slide from Anil John DHS S&T explaining Verified Claims.

The Known Traveller : Unlocking the potential of digital identity for secure seamless travel. World Economic Forum Report.
Crossing the boarder involves many parties. The United States and Canadian Government are collaborating in exploring how to improving boarder crossing and customs clearance.
Coordination across many parties.

Amply project in South Africa in collaboration with the IXO Foundation and the Company Consent.Global
HIE [Health Information Exchange] of One

Blockchain and Land Rights – work by Mike Graglia at New America Foundation

Joining the Community to engage further.

Come to the Internet Identity Workshop – next is October 23-25, 2018 in MountainView and then again in early May 2019
Decentralized Identity Foundation
Sovrin Foundation
Verse One

Conclusion:

You can reach met Kaliya (at) identitywoman.net
If you want to get the Scoop on Self-Sovereign Identity you can get that here!
If you want to learn about the work HumanFirst.Tech

Here are the Slides:

Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure using Blockchain

Kaliya Young · May 3, 2018 ·

I gave a presentation, “Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure using Blockchain,” at InteroplTX on May 2, 2018.

Identity can seem deceptively simple. We know who we are. Sometimes we have to convince others of that fact and confirm other characteristics: our age, our qualifications, or our right to access some services or tools. This happens every day over the Internet, but in ways that are disorganized, redundant, and risky. The lack of reliable, universal standards puts our private information at risk of public dissemination, fraud or worse.

A new set of standards is emerging that creates an infrastructure for self-sovereign identity that can scale. This talk looks forward to help you think ahead and prepare for this new infrastructure. We will walk through standards that together create a new identity infrastructure that leverages the blockchain. This isn’t about what you can implement tomorrow to solve your employee identity challenges or manage customer accounts. It will instead prepare you for the coming changes and help you play a role in shaping them.

Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure using Blockchain from Kaliya "Identity Woman" Young

My post on CoinDesk: There is an Alternative to Facebook its Called Self-Sovereign Identity

Kaliya Young · April 11, 2018 ·

I was explaining to my friends Tony Fish and Lubna Dajani why I was so excited about the new self-sovereign identity. Some things that are exciting to me aren’t even clear to most people they are problems – like the phone home problem. You don’t encounter them until well into building a system.
Enjoy the article over on their site. https://www.coindesk.com/theres-alternative-facebook-called-self-sovereign-identity/
If it goes down ever I will put the text here.

Identity issues: Identity.Foundation vs. Decentralized.id

Kaliya Young · February 17, 2018 ·

So the the Decentralized Identity Foundation has an “identity challenge” with a project pretending to be it – with a very similar domain name and trying to do a token sale. I have a theory that almost all legitimate projects with real people and real work going on behind them also have fake projects shadowing them. Anyways.
Here is the REAL Decentralized Identity Foundation Website: http://identity.foundation. Its got working groups and code and a blog on medium. Its got a whole bunch of real people and projects behind it.
They are working on supporting the emergence of an open standard called DID.
Microsoft just made an announcement about their support and product integration of these emerging open standards.

So the FAKE site is Decentralized.id

It looks really polished and the first page says
YOUR ID: DECENTRALIZED
The DID Foundation, Decentraling your ID over the Blockchain. Sounds good right. Protecting Your ID, Providing Trust, Crypto-Positive. It says one should Join The Foundation – if you do you get DID Tokens!
Then creating a supply 20,000,000,000 of them. They are selling them for .ooo1 USD. They accept BTC, ETH and BCH.
So I checked out their real “address” is at a hot desking space in London.

Decentralized ID is owned by Mr. Sheikh Abdullah Naveed. HE also has a hardware consultancy Torquesol UK Ltd. He has some other companies too – Tapfer Technologies Ltd and Fry-Wi Ltd
_____
This whole situation highlights the need to have identity verification for organizations too. The good thing is that this is something that the British Columbia Government is working on with a project called Verifiable Organizations Network

Deconstructing Blockchain and Identity Projects: Velix.ID

Kaliya Young · February 17, 2018 ·

This is going to be the first in what will end up being a long and ongoing series of posts that deconstruct various “blockchain and identity” projects. I was inspired to get started after getting a min into the video explaining this identity system and at least thinking ‘screaming’ in my head NO! NO! NO! that is a horrible horrible design you can’t do that with people and their ID information in the block chain. So then the next question is WHY and that is why I’m going to start writing about specific systems and really going into the details. There is just some things that you CAN NOT DO with people’s identity information.
So here we go… Velix.ID Video:
We share our identity information everywhere – check

Examples include, ordering pizza, getting laundry done, shopping online OR filling in KYC forms – ok check but really are this all equivalent?

Accessing these many services scatters our ID everywhere – Yup when we do businesses with companies they have information about us.
We loose control of how our information is shared and used – Yep it is in their databases and could end up being sold or traded two third parties (other businesses we don’t transact with)
We loose time with all that form filling. – Ok. Time that could be better used playing video games – ahh ok but some people actually take care of people and have physical hobbies who wrote this script and who are you appealing to when that is the thing you think people are needing more time for?
With Velix you can access these services instantly while you retain control fo your data and your privacy – Ok and how do you do this for realz?
So how does Velix work – do tell?
A user can create a profile and update all their information on it – ahh ok – where is the profile?
All of the data will be associated with an 8 digital alphanumeric ID – WAIT STOP – all my information is associated with one 8 digit number? So if I share my number with one business and then go to a different business and share my 8 digit number with them – the businesses can use this information to know that I patronize both of them? My information can be correlated together. This is not a good design choice and is not privacy protecting.
And this data is stored on the user’s own device, never with Velix. – ah ok and what if I loose my device?
This Velix ID can be shared by the user to access any member services with any business instantly and securely – Wait, how?
If any business has already verified information of a Velix ID user other businesses don’t have to repeat it. The new business on the Velix.ID can simply request the verified identity from the business organization that has already verified it through Velix.ID blockchain – So this raises lots of alarms, getting verified ID information from one business that I do business with requires I reveal who I do business with and has verified things about me and for them to go to the trouble to releasing the information.
To facilitate these transactions and identities Velix.ID has developed its own native utility token called VLX. During the transaction the business requesting the identity pays VLX and a tiny bite is taken by Velix.ID and a tiny bite is offered to the user for their generous act of giving consent for the transaction to occur and the rest goes to the verified identity provider. – mmm ok but we still have all these challenges of linking and connecting things together.
This process saves time and money both for consumers and businesses. And keeps the users identity information secure and private – i’m not really clear how. Individual’s identity information is still shared with businesses I do business with.
The next time you face boring and unsafe personal identity verification use your Velix.ID instead. A frictionless experience of identity sharing – mmm…only if the relying party is in this system and accepts these types of identity.

Reading the White Paper on their website
A few lines stood out and raise red flags.
In the Abstract: The primary reason why a disruption in the identity-verification (IDV) space has not het happened is the lack of a tested/proven trust-framework on which all institutions, globally can rely on for sharing costs and liability of identity verification. Velix.ID aims at bridging this gap by building a universal, obscure, transparent, decentralized, time efficient, and cost-efficient ecosystem for identity verification.
So there won’t be ONE global framework for everyone to get all their identity verified. Just won’t the world is to big and there are to many different types of identities, types of transactions and needs of people.

All identity holders on the Velix.ID ecosystem possess a unique identity number to which all fo their data will be associated!!! red flags all over the place all my stuff about me associate with one number this IS the issue we have now. That identity numbers that are universal and point at me. They create massive correlation issues – you guys need to read the Laws of Identity and understand one of those key concepts – the Law of Directed Identifiers.
Level 2 Advanced PII – the platform will be capable to store nonstandard and industry specific data for an Identity on the Blockchain – WAIT HOW? NO PII should ever be store anywhere on a block chain.
In the Appendix: They want to issue Velix.ID cards to people, with their 8 digit number. They say this will let you check-in to airports and hotels – but ONLY if these institutions accept the Velix.ID as an identity provider.
How can this be a universal ID system if there aren’t even a Billion Numbers in the 8 digit name space. Is that the main giveaway that this is just a total scam?
So there is also plan to have an NFC reader that would would be able to manage access control to physical spaces. – Ok…but really? Cause this problem is mostly solved for employees and students.