Cover image for Self-Sovereign Identity

Self-Sovereign Identity

Release Date: 2021/07/01
ISBN: 9781617296598
Topic:
0%
43
Chapters
0-1
Hours read
0k
Total Words
    Start Reading Now    
       Add to Wishlist       
View table of contents

In Self-Sovereign Identity: Decentralized digital identity and verifiable credentials, you’ll learn how SSI empowers us to receive digitally-signed credentials, store them in private wallets, and securely prove our online identities. It combines a clear, jargon-free introduction to this blockchain-inspired paradigm shift with interesting essays written by its leading practitioners. Whether for property transfer, ebanking, frictionless travel, or personalized services, the SSI model for digital trust will reshape our collective future.

Table of Contents

  1. Self-Sovereign Identity
  2. Copyright
  3. dedication
  4. contents
  5. front matter
    1. preface
    2. acknowledgments
    3. about this book
    4. Who should read this book
    5. About the code
    6. liveBook discussion forum
    7. Other online resources
    8. about the authors
    9. about the cover illustration
  6. Part 1 An introduction to SSI
  7. 1 Why the internet is missing an identity layer—and why SSI can finally provide one
    1. 1.1 How bad has the problem become?
    2. 1.2 Enter blockchain technology and decentralization
    3. 1.3 The three models of digital identity
    4. 1.3.1 The centralized identity model
    5. 1.3.2 The federated identity model
    6. 1.3.3 The decentralized identity model
    7. 1.4 Why “self-sovereign”?
    8. 1.5 Why is SSI so important?
    9. 1.6 Market drivers for SSI
    10. 1.6.1 E-commerce
    11. 1.6.2 Banking and finance
    12. 1.6.3 Healthcare
    13. 1.6.4 Travel
    14. 1.7 Major challenges to SSI adoption
    15. 1.7.1 Building out the new SSI ecosystem
    16. 1.7.2 Decentralized key management
    17. 1.7.3 Offline access
    18. References
  8. 2 The basic building blocks of SSI
    1. 2.1 Verifiable credentials
    2. 2.2 Issuers, holders, and verifiers
    3. 2.3 Digital wallets
    4. 2.4 Digital agents
    5. 2.5 Decentralized identifiers (DIDs)
    6. 2.6 Blockchains and other verifiable data registries
    7. 2.7 Governance frameworks
    8. 2.8 Summarizing the building blocks
    9. References
  9. 3 Example scenarios showing how SSI works
    1. 3.1 A simple notation for SSI scenario diagrams
    2. 3.2 Scenario 1: Bob meets Alice at a conference
    3. 3.3 Scenario 2: Bob meets Alice through her online blog
    4. 3.4 Scenario 3: Bob logs in to Alice’s blog to leave a comment
    5. 3.5 Scenario 4: Bob meets Alice through an online dating site
    6. 3.6 Scenario 5: Alice applies for a new bank account
    7. 3.7 Scenario 6: Alice buys a car
    8. 3.8 Scenario 7: Alice sells the car to Bob
    9. 3.9 Scenario summary
    10. Reference
  10. 4 SSI Scorecard: Major features and benefits of SSI
    1. 4.1 Feature/benefit category 1: Bottom line
    2. 4.1.1 Fraud reduction
    3. 4.1.2 Reduced customer onboarding costs
    4. 4.1.3 Improved e-commerce sales
    5. 4.1.4 Reduced customer service costs
    6. 4.1.5 New credential issuer revenue
    7. 4.2 Feature/benefit category 2: Business efficiencies
    8. 4.2.1 Auto-authentication
    9. 4.2.2 Auto-authorization
    10. 4.2.3 Workflow automation
    11. 4.2.4 Delegation and guardianship
    12. 4.2.5 Payment and value exchange
    13. 4.3 Feature/benefit category 3: User experience and convenience
    14. 4.3.1 Auto-authentication
    15. 4.3.2 Auto-authorization
    16. 4.3.3 Workflow automation
    17. 4.3.4 Delegation and guardianship
    18. 4.3.5 Payment and value exchange
    19. 4.4 Feature/benefit category 4: Relationship management
    20. 4.4.1 Mutual authentication
    21. 4.4.2 Permanent connections
    22. 4.4.3 Premium private channels
    23. 4.4.4 Reputation management
    24. 4.4.5 Loyalty and rewards programs
    25. 4.5 Feature/benefit category 5: Regulatory compliance
    26. 4.5.1 Data security
    27. 4.5.2 Data privacy
    28. 4.5.3 Data protection
    29. 4.5.4 Data portability
    30. 4.5.5 RegTech (Regulation Technology)
    31. References
  11. Part 2 SSI technology
  12. 5 SSI architecture: The big picture
    1. 5.1 The SSI stack
    2. 5.2 Layer 1: Identifiers and public keys
    3. 5.2.1 Blockchains as DID registries
    4. 5.2.2 Adapting general-purpose public blockchains for SSI
    5. 5.2.3 Special-purpose blockchains designed for SSI
    6. 5.2.4 Conventional databases as DID registries
    7. 5.2.5 Peer-to-peer protocols as DID registries
    8. 5.3 Layer 2: Secure communication and interfaces
    9. 5.3.1 Protocol design options
    10. 5.3.2 Web-based protocol design using TLS
    11. 5.3.3 Message-based protocol design using DIDComm
    12. 5.3.4 Interface design options
    13. 5.3.5 API-oriented interface design using wallet Dapps
    14. 5.3.6 Data-oriented interface design using identity hubs (encrypted data vaults)
    15. 5.3.7 Message-oriented interface design using agents
    16. 5.4 Layer 3: Credentials
    17. 5.4.1 JSON Web Token (JWT) format
    18. 5.4.2 Blockcerts format
    19. 5.4.3 W3C verifiable credential formats
    20. 5.4.4 Credential exchange protocols
    21. 5.5 Layer 4: Governance frameworks
    22. 5.6 Potential for convergence
    23. References
  13. 6 Basic cryptography techniques for SSI
    1. 6.1 Hash functions
    2. 6.1.1 Types of hash functions
    3. 6.1.2 Using hash functions in SSI
    4. 6.2 Encryption
    5. 6.2.1 Symmetric-key cryptography
    6. 6.2.2 Asymmetric-key cryptography
    7. 6.3 Digital signatures
    8. 6.4 Verifiable data structures
    9. 6.4.1 Cryptographic accumulators
    10. 6.4.2 Merkle trees
    11. 6.4.3 Patricia tries
    12. 6.4.4 Merkle-Patricia trie: A hybrid approach
    13. 6.5 Proofs
    14. 6.5.1 Zero-knowledge proofs
    15. 6.5.2 ZKP applications for SSI
    16. 6.5.3 A final note about proofs and veracity
    17. References
  14. 7 Verifiable credentials
    1. 7.1 Example uses of VCs
    2. 7.1.1 Opening a bank account
    3. 7.1.2 Receiving a free local access pass
    4. 7.1.3 Using an electronic prescription
    5. 7.2 The VC ecosystem
    6. 7.3 The VC trust model
    7. 7.3.1 Federated identity management vs. VCs
    8. 7.3.2 Specific trust relationships in the VC trust model
    9. 7.3.3 Bottom-up trust
    10. 7.4 W3C and the VC standardization process
    11. 7.5 Syntactic representations
    12. 7.5.1 JSON
    13. 7.5.2 Beyond JSON: Adding standardized properties
    14. 7.5.3 JSON-LD
    15. 7.5.4 JWT
    16. 7.6 Basic VC properties
    17. 7.7 Verifiable presentations
    18. 7.8 More advanced VC properties
    19. 7.8.1 Refresh service
    20. 7.8.2 Disputes
    21. 7.8.3 Terms of use
    22. 7.8.4 Evidence
    23. 7.8.5 When the holder is not the subject
    24. 7.9 Extensibility and schemas
    25. 7.10 Zero-knowledge proofs
    26. 7.11 Protocols and deployments
    27. 7.12 Security and privacy evaluation
    28. 7.13 Hurdles to adoption
    29. References
  15. 8 Decentralized identifiers
    1. 8.1 The conceptual level: What is a DID?
    2. 8.1.1 URIs
    3. 8.1.2 URLs
    4. 8.1.3 URNs
    5. 8.1.4 DIDs
    6. 8.2 The functional level: How DIDs work
    7. 8.2.1 DID documents
    8. 8.2.2 DID methods
    9. 8.2.3 DID resolution
    10. 8.2.4 DID URLs
    11. 8.2.5 Comparison with the Domain Name System (DNS)
    12. 8.2.6 Comparison with URNs and other persistent Identifiers
    13. 8.2.7 Types of DIDs
    14. 8.3 The architectural level: Why DIDs work
    15. 8.3.1 The core problem of Public Key Infrastructure (PKI)
    16. 8.3.2 Solution 1: The conventional PKI model
    17. 8.3.3 Solution 2: The web-of-trust model
    18. 8.3.4 Solution 3: Public key-based identifiers
    19. 8.3.5 Solution 4: DIDs and DID documents
    20. 8.4 Four benefits of DIDs that go beyond PKI
    21. 8.4.1 Beyond PKI benefit 1: Guardianship and controllership
    22. 8.4.2 Beyond PKI benefit 2: Service endpoint discovery
    23. 8.4.3 Beyond PKI benefit 3: DID-to-DID connections
    24. 8.4.4 Beyond PKI benefit 4: Privacy by design at scale
    25. 8.5 The semantic level: What DIDs mean
    26. 8.5.1 The meaning of an address
    27. 8.5.2 DID networks and digital trust ecosystems
    28. 8.5.3 Why isn’t a DID human-meaningful?
    29. 8.5.4 What does a DID identify?
  16. 9 Digital wallets and digital agents
    1. 9.1 What is a digital wallet, and what does it typically contain?
    2. 9.2 What is a digital agent, and how does it typically work with a digital wallet?
    3. 9.3 An example scenario
    4. 9.4 Design principles for SSI digital wallets and agents
    5. 9.4.1 Portable and Open-By-Default
    6. 9.4.2 Consent-driven
    7. 9.4.3 Privacy by design
    8. 9.4.4 Security by design
    9. 9.5 Basic anatomy of an SSI digital wallet and agent
    10. 9.6 Standard features of end-user digital wallets and agents
    11. 9.6.1 Notifications and user experience
    12. 9.6.2 Connecting: Establishing new digital trust relationships
    13. 9.6.3 Receiving, offering, and presenting digital credentials
    14. 9.6.4 Revoking and expiring digital credentials
    15. 9.6.5 Authenticating: Logging you in
    16. 9.6.6 Applying digital signatures
    17. 9.7 Backup and recovery
    18. 9.7.1 Automatic encrypted backup
    19. 9.7.2 Offline recovery
    20. 9.7.3 Social recovery
    21. 9.7.4 Multi-device recovery
    22. 9.8 Advanced features of wallets and agents
    23. 9.8.1 Multiple-device support and wallet synchronization
    24. 9.8.2 Offline operations
    25. 9.8.3 Verifying the verifier
    26. 9.8.4 Compliance and monitoring
    27. 9.8.5 Secure data storage (vault) support
    28. 9.8.6 Schemas and overlays
    29. 9.8.7 Emergencies
    30. 9.8.8 Insurance
    31. 9.9 Enterprise wallets
    32. 9.9.1 Delegation (rights, roles, permissions)
    33. 9.9.2 Scale
    34. 9.9.3 Specialized wallets and agents
    35. 9.9.4 Credential revocation
    36. 9.9.5 Special security considerations
    37. 9.10 Guardianship and delegation
    38. 9.10.1 Guardian wallets
    39. 9.10.2 Guardian delegates and guardian credentials
    40. 9.11 Certification and accreditation
    41. 9.12 The Wallet Wars: The evolving digital wallet/agent marketplace
    42. 9.12.1 Who
    43. 9.12.2 What
    44. 9.12.3 How
    45. Reference
  17. 10 Decentralized key management
    1. 10.1 Why any form of digital key management is hard
    2. 10.2 Standards and best practices for conventional key management
    3. 10.3 The starting point for key management architecture: Roots of trust
    4. 10.4 The special challenges of decentralized key management
    5. 10.5 The new tools that VCs, DIDs, and SSI bring to decentralized key management
    6. 10.5.1 Separating identity verification from public key verification
    7. 10.5.2 Using VCs for proof of identity
    8. 10.5.3 Automatic key rotation
    9. 10.5.4 Automatic encrypted backup with both offline and social recovery methods
    10. 10.5.5 Digital guardianship
    11. 10.6 Key management with ledger-based DID methods (algorithmic roots of trust)
    12. 10.7 Key management with peer-based DID methods (self-certifying roots of trust)
    13. 10.8 Fully autonomous decentralized key management with Key Event Receipt Infrastructure (KERI)
    14. 10.8.1 Self-certifying identifiers as a root of trust
    15. 10.8.2 Self-certifying key event logs
    16. 10.8.3 Witnesses for key event logs
    17. 10.8.4 Pre-rotation as simple, safe, scalable protection against key compromise
    18. 10.8.5 System-independent validation (ambient verifiability)
    19. 10.8.6 Delegated self-certifying identifiers for enterprise-class key management
    20. 10.8.7 Compatibility with the GDPR “right to be forgotten”
    21. 10.8.8 KERI standardization and the KERI DID method
    22. 10.8.9 A trust-spanning layer for the internet
    23. 10.9 Key takeaways
    24. References
  18. 11 SSI governance frameworks
    1. 11.1 Governance frameworks and trust frameworks: Some background
    2. 11.2 The governance trust triangle
    3. 11.3 The Trust over IP governance stack
    4. 11.3.1 Layer 1: Utility governance frameworks
    5. 11.3.2 Layer 2: Provider governance frameworks
    6. 11.3.3 Layer 3: Credential governance frameworks
    7. 11.3.4 Layer 4: Ecosystem governance frameworks
    8. 11.4 The role of the governance authority
    9. 11.5 What specific problems can governance frameworks solve?
    10. 11.5.1 Discovery of authoritative issuers and verified members
    11. 11.5.2 Anti-coercion
    12. 11.5.3 Certification, accreditation, and trust assurance
    13. 11.5.4 Levels of assurance (LOAs)
    14. 11.5.5 Business rules
    15. 11.5.6 Liability and insurance
    16. 11.6 What are the typical elements of a governance framework?
    17. 11.6.1 Master document
    18. 11.6.2 Glossary
    19. 11.6.3 Risk assessment, trust assurance, and certification
    20. 11.6.4 Governance rules
    21. 11.6.5 Business rules
    22. 11.6.6 Technical rules
    23. 11.6.7 Information trust rules
    24. 11.6.8 Inclusion, equitability, and accessibility rules
    25. 11.6.9 Legal agreements
    26. 11.7 Digital guardianship
    27. 11.8 Legal enforcement
    28. 11.9 Examples
    29. References
  19. Part 3 Decentralization as a model for life
  20. 12 How open source software helps you control your self-sovereign identity
    1. 12.1 The origin of free software
    2. 12.2 Wooing businesses with open source
    3. 12.3 How open source works in practice
    4. 12.4 Open source and digital identities
    5. References
  21. 13 Cypherpunks: The origin of decentralization
    1. 13.1 The origins of modern cryptography
    2. 13.2 The birth of the cypherpunk movement
    3. 13.3 Digital freedom, digital cash, and decentralization
    4. 13.4 From cryptography to cryptocurrency to credentials
    5. References
  22. 14 Decentralized identity for a peaceful society
    1. 14.1 Technology and society
    2. 14.2 A global civil society
    3. 14.3 Identity as a source of conflict
    4. 14.4 Identity as a source of peace
    5. References
  23. 15 Belief systems as drivers for technology choices in decentralization
    1. 15.1 What is a belief system?
    2. 15.2 Blockchain and DLT as belief systems
    3. 15.2.1 Blockchain “believers”
    4. 15.2.2 DLT “believers”
    5. 15.3 How are blockchains and DLTs relevant to SSI?
    6. 15.4 Characterizing differences between blockchain and DLT
    7. 15.4.1 Governance: How open is the network to open participation?
    8. 15.4.2 Censorship resistance: How centralized is trust?
    9. 15.4.3 Openness: Who can run a node?
    10. 15.5 Why “believers” and not “proponents” or “partisans”?
    11. 15.5.1 How do we measure decentralization?
    12. 15.6 Technical advantages of decentralization
    13. References
  24. 16 The origins of the SSI community
    1. 16.1 The birth of the internet
    2. 16.2 Losing control over our personal information
    3. 16.3 Pretty Good Privacy
    4. 16.4 International Planetwork Conference
    5. 16.5 Augmented Social Network and Identity Commons
    6. 16.6 The Laws of Identity
    7. 16.7 Internet Identity Workshop
    8. 16.8 Increasing support of user control
    9. 16.9 Rebooting the Web of Trust
    10. 16.10 Agenda for Sustainable Development and ID2020
    11. 16.11 Early state interest
    12. 16.12 MyData and Learning Machine
    13. 16.13 Verifiable Claims Working Group, Decentralized Identity Foundation, and Hyperledger Indy
    14. 16.14 Increasing state support for SSI
    15. 16.15 Ethereum identity
    16. 16.16 World Economic Forum reports
    17. 16.17 First production government demo of an SSI-supporting ledger
    18. 16.18 SSI Meetup
    19. 16.19 Official W3C standards
    20. 16.20 Only the beginning
    21. References
  25. 17 Identity is money
    1. 17.1 Going back to the starting point
    2. 17.2 Identity as the source of relationships and value
    3. 17.3 The properties of money
    4. 17.4 The three functions of money
    5. 17.5 The tokenization of value with identity
    6. References
  26. Part 4 How SSI will change your business
  27. 18 Explaining the value of SSI to business
    1. 18.1 How might we best explain SSI to people and organizations?
    2. 18.1.1 Failed experiment 1: Leading with the technology
    3. 18.1.2 Failed experiment 2: Leading with the philosophy
    4. 18.1.3 Failed experiment 3: Explaining by demonstrating the tech
    5. 18.1.4 Failed experiment 4: Explaining the (world’s) problems
    6. 18.2 Learning from other domains
    7. 18.3 So how should we best explain the value of SSI?
    8. 18.4 The power of stories
    9. 18.5 Jackie’s SSI story
    10. 18.5.1 Part 1: The current physical world
    11. 18.5.2 Part 2: The SSI world—like the current physical world, but better
    12. 18.5.3 Part 3: Introducing the Sparkly Ball1—or, what’s wrong with many current digital identity models
    13. 18.6 SSI Scorecard for apartment leasing
    14. Reference
  28. 19 The Internet of Things opportunity
    1. 19.1 IoT: Connecting everything safely
    2. 19.2 How does SSI help IoT?
    3. 19.3 The business perspective for SSI and IoT
    4. 19.4 An SSI-based IoT architecture
    5. 19.5 Tragic story: Bob’s car hacked
    6. 19.6 The Austrian Power Grid
    7. 19.7 SSI Scorecard for IoT
    8. References
  29. 20 Animal care and guardianship just became crystal clear
    1. 20.1 Enter Mei and Bailey
    2. 20.1.1 Bailey gets a self-sovereign identity
    3. 20.1.2 Guardianship transfer
    4. 20.1.3 Vacation for Mei and Bailey
    5. 20.1.4 A storm and separation
    6. 20.1.5 Lost and found at your fingertips
    7. 20.2 Digital identity unlocks opportunities for the well-being of animals and people
    8. 20.3 SSI for animals reaffirms their inherent worth
    9. 20.4 SSI Scorecard for pets and other animals
  30. 21 Open democracy, voting, and SSI
    1. 21.1 The problems with postal voting
    2. 21.2 The problems with e-voting
    3. 21.3 Estonia: A case study
    4. 21.4 The three pillars of voting
    5. 21.4.1 A state’s bill of needs
    6. 21.4.2 A voter’s bill of rights
    7. 21.5 The advantages of SSI
    8. 21.5.1 SSI Scorecard for voting
    9. References
  31. 22 Healthcare supply chain powered by SSI
    1. 22.1 Emma’s story
    2. 22.2 Supply chain transparency and efficiency through SSI
    3. 22.3 Industry ecosystem efficiency powered by SSI
    4. 22.4 Future supply chain transformation across industries: The big picture
    5. 22.5 Eliminating waste
    6. 22.6 Authentication and quality
    7. 22.7 SSI Scorecard for the pharma supply chain
    8. References
  32. 23 Canada: Enabling self-sovereign identity
    1. 23.1 The Canadian context
    2. 23.2 The Canadian approach and policy framework
    3. 23.3 The Pan-Canadian Trust Framework
    4. 23.4 The normative core
    5. 23.5 Mutual recognition
    6. 23.6 Digital ecosystem roles
    7. 23.7 Supporting infrastructure
    8. 23.8 Mapping the SSI stack to the PCTF model
    9. 23.9 Using the Verifiable Credentials Model
    10. 23.10 Enabling Self-Sovereign Identity
    11. 23.11 SSI Scorecard for the Pan-Canadian Trust Framework
  33. 24 From eIDAS to SSI in the European Union
    1. 24.1 PKI: The first regulated identity service facility in the EU
    2. 24.2 The EU legal framework
    3. 24.3 The EU identity federation
    4. 24.3.1 The legal concept of electronic identification (eID)
    5. 24.3.2 The scope of the eIDAS FIM Regulation and its relationship with national law
    6. 24.4 Summarizing the value of eIDAS for SSI adoption
    7. 24.5 Scenarios for the adoption of SSI in the EU identity metasystem
    8. 24.6 SSI Scorecard for the EBSI
    9. References
  34. appendix A Additional Livebook chapters
    1. Chapter 25: SSI, payments, and financial services
    2. Chapter 26: Solving organizational identity with vLEIs
    3. Chapter 27: SSI and healthcare
    4. Chapter 28: Enterprise identity and access management realized with SSI
    5. Chapter 29: Insurance reinvented with SSI
    6. Chapter 30: Enabling SSI in humanitarian contexts
    7. Chapter 31: Guardianship and other forms of Delegated Authority with Self-Sovereign Identity
    8. Chapter 32: Design principles for SSI
    9. Chapter 33: SSI: Our dystopian nightmare
    10. Chapter 34: Trust assurance in SSI ecosystems
    11. Chapter 35: The evolution of gaming with SSI
  35. appendix B Landmark essays on SSI
    1. “The Domains of Identity”
    2. “New Hope for Digital Identity”
    3. “The Architecture of Identity Systems”
    4. “Three Dimensions of Identity”
    5. “Meta-Platforms and Cooperative Network-of-Network Effects”
    6. “Verifiable Credentials Aren’t Credentials. They’re Containers.”
    7. “The Seven Deadly Sins of Customer Relationships”
  36. appendix C The path to self-sovereign identity
    1. You can’t spell “identity” without an “I”
    2. The evolution of identity
    3. Phase one: Centralized identity (administrative control by a single authority or hierarchy)
    4. Phase two: Federated identity (administrative control by multiple, federated authorities)
    5. Phase three: User-centric identity (individual or administrative control across multiple authorities without requiring a federation)
    6. Phase four: Self-sovereign identity (individual control across any number of authorities)
    7. A definition of self-sovereign identity
    8. Ten principles of self-sovereign identity
    9. Conclusion
  37. appendix D Identity in the Ethereum blockchain ecosystem
    1. Identity on the blockchain
    2. The keys to identity
    3. On-chain identity solutions
    4. ERC 725 v2: “Proxy Account”
    5. The owner
    6. The key-value store
    7. The public on-chain identity
    8. Off-chain identity solutions
    9. ERC 1056: “Lightweight Identity”
    10. The lightweight registry
    11. Owner and delegates
    12. Other ERCs
    13. Conclusion
  38. appendix E The principles of SSI
  39. index
  40. contributing authors
18.220.152.139