Table of Contents for index

Blankenship, Loyd 289-290

lost private keys 222

origin of 301

Bitcoin (Nakamoto) 5

Blockcerts 90, 103-104, 317

blockchain 33-34, 36

adapting general-purpose public blockchains for SSI 90-91

as belief system 303

as DID registries 89-90

as P2P network 302

censorship resistance in 305

decentralization and 5-6

public permissionless proof-of-stake blockchains 254

hybrid 254

private 254

public permissioned 254

public permissionless proof-of-work blockchains 253

relevant to SSI 303-304

special-purpose blockchains designed for SSI 91-92

types of 253

vs. DLT 304-306

censorship resistance 305

governance 305

openness 306

who can run nodes in 306

Blockchain and Distributed Ledger Technologies—Reference Architecture 255

BLT sandwich 249

Bottom line category, SSI scorecard 60-62

improved e-commerce sales 61

new credential issuer revenue 62

reduced customer onboarding costs 60-61

reduced customer service costs 61-62

bottom-up trust, VC trust model 133-134

Bouma, Tim 383, 403

BPA (business process automation) 62, 65

British Columbia Verifiable Organizations Network 392

Brock, Arthur 315

Browser Wars 214

bullet proofs 151

bureaucratic identity 325

Burnett, Daniel 318

Business efficiencies category, SSI scorecard 62-67

auto-authentication 63

auto-authorization 63-65

delegation and guardianship 66

payment and value exchange 67

workflow automation 65

business process automation (BPA) 62, 65

business rules 264, 267

business-to-consumer (B2C) transactions 194

Buterin, Vitalik 291, 307, 315

buying a car scenario 52-54

Byzantine Generals Problem 307

CA (certificate authority) 174-175

CA/Browser Forum 398

California Consumer Privacy Act (CCPA) 79

California Privacy Rights Act 79

Callas, Jon 315

Camenisch-Lysyanskaya ZKP system (CL Signatures) 152

Cameron, Kim 4-5, 28, 313

CAPTCHA 73

CAs (certificate authorities) 311

Cavoukian, Ann 194

CCI Governance Framework 271

CCPA (California Consumer Privacy Act) 79

censorship resistance 89, 305

centralized identity model 7

certificate authorities (CAs) 174-175, 311

certification 214, 263-264, 266-267

certification authorities, ecosystem governance frameworks and 260

Chadwick, David 154

chain of trust 223

change-of-address process 70

CHAPI (Credential Handler API) 153

Chasen, Les 314, 316

Chaum, David 185, 290, 311, 324

claim component, VC 139

Clarke, Roger 312

client-server relationships 41

client-side wallets (non-custodial wallets, cloud wallets) 27

cloud agents 29-30

applying for bank account 52

commenting on blog 49

connecting through online blog 46-47

making direct, private connection 43-46

Codebreakers, The (Kahn) 288

coercion 206

cold storage 203

collective action 271

collision-resistant hash functions 113

collusion resistance 309

commenting on blog scenario 48-49

communication and interfaces 94-101

interface design 97

API-oriented interface design using wallet Dapps 97-98

data-oriented interface design using identity hubs 98-99

message-oriented interface design using agents 99-101

protocol design 94-97

message-based protocol design using DIDComm 95-97

web-based protocol design using TLS 95

community monitoring 271

compact prefix tries (radix tries) 119

compliance and monitoring, digital wallets 207

computational hardness 114

concept of disintermediation 379

connecting through online blog scenario 46-47

Consensus 2017 318

consent, digital wallets 194

@context property 140, 151

contextual identity 387

Continental centralized identity model 7

conventional databases, as DID registries 92-93

convergence in SSI 109-110

cookie walls 263

Cordance 313

Cosmos 254

counterfeit drugs 380

crackers 277

Cranor, Lorrie Faith 79

Crazy Story of the Time When Almost Anyone in America Could Issue Their Own Currency, The (Wile) 328

credential definitions 92

credential governance frameworks 256-258

Credential Handler API (CHAPI) 153

credential registries, in Layer 3 governance frameworks 256-257

credential-issuance process 199

credential-verification process 200

credentials 23, 101-106

Blockcerts format 103-104

defined 22

exchange protocols 106

JWT format 102-103

new credential issuer revenue 62

physical credentials vs. VCs 23

W3C verifiable credential formats 104-106

Credentials Community Group 314

credentials. See also VCs (verifiable credentials)

credentialSchema property 151

credentialStatus property 141

credentialSubject property 140, 147-148

credit card networks 35

CRM (customer relationship management) 72

cross-certification 262

CRUD operations 164

Crypto (Levy) 287

crypto tokens 327

cryptocurrency wallets 27-28

cryptographic accumulators 117

cryptographic infrastructure 172

cryptographic triple play 34

cryptographic trust 34-35, 94

cryptographically protected private storage 195

cryptography 111-125

digital signatures 116

encryption 114-115

asymmetric-key cryptography 115

symmetric-key cryptography 114-115

hash functions 112-113

origins of modern cryptography 287-289

proofs 120-125

veracity and 124-125

ZKP (zero-knowledge proofs) 120-125

public/private key cryptography 10, 31

verifiable data structures 116-120

cryptographic accumulators 117

Merkle trees 117-119

Merkle-Patricia tries 120

Patricia tries 119

ZKP 79

Cuomo, Marco 374

customer onboarding costs 60-61

customer relationship management (CRM) 72

customer reviews 75-76

customer service costs 61-62

cybercrime

digital identity and 5

birth of movement 289-290

cypherpunks 287-292

continuing influence of 291-292

decentralization and 290-291

digital cash 290-291

origins of modern cryptography 287-289

data minimization 123

data origin authentication 395

data portability 80-81, 193-194

data privacy 78-79

data protection 79-80

encrypted data 92

ZKP (zero-knowledge proofs) 121

data security 77-78

data-oriented interface design 98-99

dataveillance 312

Davidson, James Dale 14

Davis, Owen 313

DDN (Defense Data Network) 311

decentralization

cypherpunks and 290-291

measuring 307

technical advantages of 308-309

decentralized identifiers. See DIDs (decentralized identifiers)

Decentralized Identity (white paper) 319

Decentralized Identity Foundation 181, 205

Decentralized Identity Foundation Glossary Project 266

decentralized identity model 9-10

decentralized key management 220-247

challenges of 225-227

DIDs (decentralized identifiers)

Automatic key rotation 229

separating identity verification from public key verification 227-228

digital wallets

automatic encrypted backup with both offline and social recovery methods 229

digital guardianship 229

KERI (Key Even Receipt Infrastructure)
233-246

compatibility with GDPR 241

delegated self-certifying identifiers for enterprise-class key management 239-240

KERI DID method 242

pre-rotation protection against key compromise 236-238

SCIDs (self-certifying identifiers) as root of trust 234-235

self-certifying key event logs 235

system-independent validation (ambient verifiability) 238-239

trust-spanning layer for internet 242-246

witnesses for key event logs 236

ledger-based DID methods (algorithmic roots of trust) 230-231

overview 246-247

peer-based DID methods (self-certifying roots of trust) 231-232

physical keys vs. digital keys 221-222

roots of trust 223-225

standards and best practices 222-223

VCs for proof of identity 228

Decentralized Key Management System (DKMS) 205, 225

decentralized n-party protocols 100

Decentralized Public Key Infrastructure (Allen, et al.) 315

decentralized public key infrastructure (DPKI) 10, 315

Defense Data Network (DDN) 311

delegated key management 239

delegation

business efficiency 66

ecosystem governance frameworks and 259

enterprise wallets 210

user experience and convenience 70-71

delegation credentials 66, 70-71

Dependents 269

DERs (distributed energy resources) 353

design principles, digital wallets 193-196

consent-driven 194

portable and open-by-default 193-194

privacy by design 194-195

security by design 195-196

Deventer, Oskar van 263

device certification 212

DHS (U.S. Department of Homeland Security) 32, 225, 316

DHTs (distributed hash tables) 254

DIACC (Digital Identity and Authentication Council of Canada) 317

DID controllers 162

DID dereferencing 167-168

DID documents 44-45, 161-163

defined 161

DID subjects and 187

PKI and 178-179

relationship between DIDs and DID subjects and 161-162

DID methods 163-164, 171

DID registries

blockchains as 89-90

conventional databases as 92-93

peer-to-peer protocols as 93-94

DID resolution

DID Specification Registry 32

DID subjects 161, 186-188

DID URIs 166-168

DID URLs 167

DID-to-DID connections 32, 181-182

did:peer: method 93, 231

DIDComm (DID Communication) 95-97, 162

DIDComm Working Group 97, 205

DIDs (decentralized identifiers) 9, 30-32,
157-188, 316-317

Automatic key rotation 229

architectural level 171-179

asymmetric-key cryptography 115

CRUD operations 164

defined 36, 160-161

DID-to-DID connections 181-182

functional level 161-170

DID documents 161-163

DID methods 163-164

DID resolution 164-166

guardianship and controllership 179-180

overview 158

privacy by design at scale 182-183

properties of 160

semantic level 183-188

addresses 183-184

digital trust ecosystems 184-185

human-meaningful naming problem
185-186

what DIDs identify 186-188

separating identity verification from public key verification 227-228

service endpoint discovery 180

Sovrin DID network 116

URIs 158

URLs 158-159

URNs 159-160

Zooko's triangle 185-186

DIF (Decentralized Identity Foundation) 97-98, 318

Diffie, Bailey Whitfield 288, 291

digital anonymous cash 290

Digital Bazaar 91, 153, 318

digital cash 290-291

digital certificates (certs) 174

digital credentials

receiving, offering , and presenting 199-200

revoking and expiring 200-201

Digital Ecosystems Roles Model 389

digital guardians 66

guardian delegates 213

guardian wallets 212-213

digital guardianship 180, 229, 256, 269-270

digital identity 3-20, 387

blockchain technology and decentralization
5-6

cybercrime and 5

models of 6-10

centralized identity model 7

decentralized identity model 9-10

federated identity model 8-9

open source software and 283-286

SSI

challenges to adoption 17-20

importance of 12-13

market drivers for 13-17

origin of term 10-11

digital keys vs. physical keys 222

digital relationship 387

digital signatures 25, 116, 202

Digital Single Market 401

digital transformation 62

digital trust ecosystems 184-185

digital trust relationships 198-199

digital wallets 10, 26-29

anatomy of 196-197

authenticating 201-202

automatic encrypted backup with both offline and social recovery methods 229

backup and recovery 202-205

automatic encrypted backup 202-203

multi-device recovery 205

offline recovery 203

social recovery 204-205

certification and accreditation 214

compliance and monitoring 207

core functions 197

cryptocurrency wallets 27

defined 36, 190-191

design principles 193-196

consent-driven 194

portable and open-by-default 193-194

privacy by design 194-195

security by design 195-196

digital credentials 199-201

digital guardianship 229

digital signatures 202

digital trust relationships 198-199

emergencies 209

enterprise wallets 210-212

credential revocation 211

delegation 210

scale 210-211

special security considerations 211-212

specialized wallets 211

example scenario 192-193

guardianship and delegation 212-213

multiple-device support and wallet synchronization 205

notifications 198

offline operations 205-206

payment and value exchange 67

schema overlays 208-209

secure data storage (vault) support 207-208

travel 17

user experience 198

verifying verifier 206-207

Wallet Wars 214-218

disintermediation 379

DisputeCredential property 144

distributed directed acyclic graphs 89

distributed hashtables 89

divisibility, as property of money 326

DKMS (Decentralized Key Management System) 205, 225

DLT governors 255

DLTs (distributed ledger technologies) 89

as belief systems 303

as permissioned system 302

as PTP network 302

censorship resistance in 306

censorship resistance 305

vs. blockchain 304-306

governance 305

openness 306

who can run nodes in 306

DNS (Domain Name System) 168

DocuSign 202

Dorje, Duke 315

double spending problem 307

DPKI (decentralized public key infrastructure) 10, 315, 398

drugs, counterfeit 380

Duffy, Kim Hamilton 317

durability, as property of money 325

e-commerce

Amazon's one-click purchasing 72

as market driver for SSI 14-15

growth in sales 14

improved e-commerce sales 61

early state interest 316-317

EBSI (EU European Blockchain Services Infrastructure) 254

ECDSA (Elliptic Curve Digital Signature ALgorithm) 116

ecosystem governance frameworks 258-260

edge agents 29-30

applying for bank account 52

commenting on blog 48

connecting through online blog 46-47

making direct, private connection 43-45

Edge, John 315-316

EFF (Electronic Frontier Foundation) 290

efficiency, hash functions 113

EHRs (electronic health records) 15-16

eID (electronic identification) 401

legal concept of 398-400

eIDAS (electronic IDentification, Authentication and trust Services) 80, 254, 386

value of for SSI adoption 402-403

eIDAS Regulation 396-398, 401-402

eLeaflets 376, 378

Electronic Frontier Foundation (EFF) 290

electronic funds transfer 324

electronic health records (EHRs) 15-16

electronic seals 396

electronic signatures 396

Elliptic Curve Digital Signature ALgorithm (ECDSA) 116

emergencies, digital wallets 209

encryption 114-115

asymmetric-key cryptography 115

history of 312

symmetric-key cryptography 114-115

end verifiable key event logs 239

end-to-end encryption 195

Energy Web Foundation 353

enterprise wallets 210-212

credential revocation 211

delegation 210

scale 210-211

special security considerations 211-212

specialized wallets 211

Estonia voting case study 367-368

Ethereum 90, 302, 319

EU European Blockchain Services Infrastructure (EBSI) 254

EU Regulation No 910/2014 394

European Identity Conference 321

European Union 394, 407

identity federation 398-402

eIDAS FIM Regulation 400-402

legal concept of eID (electronic identification) 398-400

legal framework 396-398

PKIs 395-396

scenarios for adoption of SSI in EU identity metasystem 403-406

SSI Scorecard for EBSI (European Blockchain Services Infrastructure) 406-407

value of eIDAS for SSI adoption 402-403

Evernym 91, 225, 316, 318

evidence property, VCs 145-146

exchange protocols, credentials 106

expirationDate property 141

Extensible Data Interchange (XDI) 312

Extensible Resource Identifier (XRI) 312

Fabric 302

Fairtrade 377

Fast IDentification Online (FIDO) 202

FATF (Financial Action Task Force) 386

fault tolerance 308

federated identity model 8-9

federation 8

Feinler, Elizabeth 311

fiat money 324

FIDO (Fast IDentification Online) 202

FIM (federated identity management) 8, 131-132

FIM-based trust framework 403

Findy in Finland 320

Finney, Hal 290

first production government demo of SSI-supporting ledger 319

Foster, Steven 313

foundational identity 387

Framework for Designing Cryptographic Key Management Systems, A 222

free (libre) software 278

Free Software Foundation 279

Friedman, Milton 324

Fritz, Daniel 374

Fukuyama, Francis 297

functional level, DIDs 161-170

DID documents 161-163

DID methods 163-164

DID resolution 164-166

GDPR (EU General Data Protection Regulation) 77, 230, 270, 319

data portability 80

data protection 79-80, 92, 121, 194

KERI (Key Even Receipt Infrastructure) and 241

GF DID (DID of the governance framework) 262

Gibson, William 289

gift license, open source 282

Gilmore, John 290

GLEIF (Global Legal Entity Identifier Foundation) 210, 272

global civil society 295-297

glossary 266

Gnosis multisig Ethereum wallet 222

GNU project 279-280

governance 305

governance authority 35, 261

governance frameworks 34-36, 107-109

background of 248-250

digital wallets 195

problems solved by 262-265

anti-coercion 263

business rules 264

certification, accreditation, and trust assurance 263-264

discovery of authoritative issuers and verified members 262

liability and insurance 264-265

LOAs (levels of assurance) 264

typical elements of 265-269

business rules 267

glossary 266

governance rules 267

inclusion, equitability, and accessibility rules 268

information trust rules 268

legal agreements 268-269

master document 265-266

risk assessment, trust assurance, and certification 266-267

technical rules 267-268

governance rules 267

Governance Stack Working Group, at ToIP Foundation 265

governance trust triangle 250-252

Greenwood, Dazza 249

guardian credentials 213

guardian delegates 213

guardian wallets 212-213

guardianship 179-180, 269

credentials 66, 229

ecosystem governance frameworks and 259

guardianship transfer 358

Gunther, Adam 28

GURPS Cyberpunk game 289

hackers 277

Hackers (Levy) 277

Hardman, Daniel 181, 231

hardware developers, Layer 2 governance and 255

hash functions 112-113

collision-resistant 113

efficiency 113

MD5 113

resistance to preimage 113

SHA-1 113

SHA-256 hash function 112-113

Hauser, Jan 313

headers, JWT 138

healthcare supply chain, powered by SSI 374-382

authentication and quality 380

eliminating waste 379-380

future supply chain transformation across industries 379

industry ecosystem efficiency powered by SSI 377-379

SSI Scorecard for pharma supply chain 380-382

supply chain transparency and efficiency SSI 376-377

healthcare, as market driver for SSI 15-16

Hedera 254

Hellman, Martin 288

HelloSign 202

HIPAA (Health Insurance Portability and Accountability Act) 77

Hock, Dee 252, 328

holder’s agent 129

holders 24-26, 36, 129-130, 133, 257

Homebrew Computer Club 279

hourglass theorem of protocol stack design 244

HSMs (hardware security modules) 240

Hudson, Michael 326

human trust 35, 101, 252

human-meaningful naming problem, DIDs
185-186

hybrid blockchains 254

censorship resistance in 305

Hyperledger Aries 99, 181

who can run nodes in 306

Hyland Credentials 103

Hyperledger Indy 91, 105, 205, 254, 318

IAM (identity and access management) 13,
210-211

IANA (Internet Assigned Numbers Authority) 311

IBM 281

ICAAN (Internet Corporation for Assigned Names and Numbers) 311

id property 140

ID2020 Summit 315-316, 320

ID4D (Digital IDs for Development) 315

identifier-to-controller binding problem

conventional PKI solution 174

DIDs and DID documents solution 178-179

public key-based identifiers solution 177

identifiers and public keys 88-94

adapting general-purpose public blockchains for SSI 90-91

DID registries

blockchains as 89-90

conventional databases as 92-93

peer-to-peer protocols as 93-94

PKI 176-178

special-purpose blockchains designed for SSI 91-92

identity

as source of conflict 297-298

as source of peace 298-299

Identity (Fukuyama) 297

identity and access management (IAM) 13,
210-211

identity as money 323-329

going back to starting point 323-324

identity as source of relationships and value 325

properties of money 325-326

three functions of money 326-327

tokenization of value with identity 327-329

identity commons 313

Identity Gang 313

Identity Gang Lexicon 314

identity hubs (encrypted data vaults) 98-99

Identity in a Digital World 319

Identity Is the New Money (Birch) 5, 323

Identity North events 321

Identity System Essentials (Smith and Khovratovich) 316

IDPs (identity providers) 8-9, 131-132

IETF standard 158

IIW (Internet Identity Workshop) 6, 310-311, 314, 320

in-between license, open source 283

Information Fiduciaries and the First Amendment (Baldwin) 269

information trust rules 268

Innovation Meets Compliance (Sovrin Foundation) 231, 241

insurance, digital wallets 209-210

insurers, in Layer 3 governance frameworks
257-258

integer factorization 113

Intention Economy, The (Searls) 328

intentional correlation 123

interface design 97-101

API-oriented interface design using wallet Dapps 97-98

data-oriented interface design using identity hubs (encrypted data vaults) 98-99

message-oriented interface design using agents 99-101

International Planetwork Conference 312-313

Internet Assigned Numbers Authority (IANA) 311

Internet Corporation for Assigned Names and Numbers (ICAAN) 311

Internet Identity Workshop (IIW) 6, 310-311, 314, 320

interoperability, ecosystem governance frameworks and 259

InterPlanetary File System (IPFS) 254

IoT (Internet of Things) 347-355

APG (Austrian Power Grid) 353

connecting everything safely 347-348

SSI and 348-352

SSI Scorecard for 354-355

IPFS (InterPlanetary File System) 254

iRespond NGO 284

issuanceDate property 141

issuer property 140

issuers 24-26, 36, 129-130, 133, 257

Jagers, Chris 317

JavaScript Object Notation (JSON) 135-136

JavaScript Object Signing and Encryption (JOSE) stack 99

Jobs, Steve 279

Jolocom 319

Jordan, Ken 313

JOSE (JavaScript Object Signing and Encryption) stack 99

JSON (JavaScript Object Notation) 135-136

JSON-LD (JSON Linked Data) 104, 136-137

JWS (JSON Web Signature) 138

JWT (JSON Web Token) credential format 99, 102-103, 137-139

Kahn, David 288

KERI (Key Event Receipt Infrastructure) 94, 177, 233-246, 254

delegated self-certifying identifiers for enterprise-class key management 239-240

GDPR compatibility 241

inventor of 220

KERI DID method 242

pre-rotation protection against key compromise 236-238

SCIDs (self-certifying identifiers) as root of trust 234-235

self-certifying key event logs 235

system-independent validation (ambient verifiability) 238-239

trust-spanning layer for internet 242-246

white paper defining 233

witnesses for key event logs 236

KERI DID method 242

kernels 280

key compromise, pre-rotation protection against 236-238

key event logs 235

self-certifying key event logs 235

witnesses for 236

key event receipt 235

key interaction event 240

Key Management Interoperability Protocol (KMIP) 223

key sharding 204

Khovratovich, Dmitry 316

Kiva 91

KMIP (Key Management Interoperability Protocol) 223

Known Traveller, The 319

Kravchenko, Pavel 315

KYC (Know Your Customer) 35, 60

Laws of Identity (Cameron) 313-314

leaf hash 118

Learning Machine 103, 317

least privileges (least authority) 127, 130, 155

ledger locks 238

Ledger middleware DIDs 171

ledger-based DIDs 171, 230-231

legal agreements 268-269

legal person certificates 396

legal tender 327

LEI (Legal Entity Identifier) 210

LESS identity (legally enabled self-sovereign identity) 403

Lessig, Lawrence 283

levels of assurance (LOAs) 146, 264

Levy, Steven 277, 287, 290-291

LGPL (Lesser General Public License) 283

liability and insurance 264-265

limited supply, as property of money 325

LinkTank 312

Linux 280, 282

liveness check 201

LNP (local telephone number portability) 81

LOAs (levels of assurance) 146, 264

Lofretto, Devon 310

logical decentralization 307

loyalty and rewards programs 76-77

Lumedic Exchange 16

Lumedic Health Network Governance Framework 272

Lundkvist, Christian 315

maintainers, blockchain 254

market drivers for SSI 13-17

banking and finance 15

business efficiency and customer experience 13

e-commerce 14-15

healthcare 15-16

resistance to the surveillance economy 13

sovereign individual movement 14

travel 16-17

market forces, as driver of convergence in SSI 109

master document 265-266

Mastercard network example 251

McDonald, Aleecia 79

MD5 hash function 113

Medicine Check app 375

meeting at a conference scenario 41-46

meeting via dating site scenario 49-51

member directories, ecosystem governance frameworks and 260

MemberPass digital credential 60

Merkle proofs 104

Merkle trees 103, 117-119

building 117-118

searching 118-119

Merkle, Ralph 288

message-based protocol design

defined 95

DIDComm and 95-97

message-oriented interface design 99-101

messaging apps 74

metadata component, VC 139

method-specific identifiers 164

MFA (multi-factor authentication) 201-202

miners, blockchain 254

MNP (mobile number portability) 81

mobile banking 15

mobile wallets 27

Morehead, Dan 324, 327

Morrison, Donald R. 119

Mozilla Firefox 281

(MPTs) Merkle-Patricia tries 120

multi-credential proofs 122-123

multi-device recovery 205

multi-factor authentication (MFA) 201-202

multi-signature authorization policies 212

multiple-device support, digital wallets 205

multisig (multisignature) 222

mutual authentication 72-73

MyData conference 317, 320

Nakamoto, Satoshi 5, 290, 301, 307

naming layer, DIDs 186

NASA, use of open source 281-282

National Center for Supercomputing Applications (NCSA) 280

National Health Care Anti-Fraud Association 60

National Security Agency (NSA) 287-288

natural person certificates 396

NCSA (National Center for Supercomputing Applications) 280

Neuromancer (Gibson) 289

Neustar 313

NIC (Network Information Center) 311

NIS Directive (Directive on Security of Network and Information Systems) 80

NIST (U.S. National Institute of Standards and Technology) 222

nodes 303

non-monetary tokens 302

non-repudiation 124

non-repudiation services 395

notifications, digital wallets 198

NSA (National Security Agency) 287-288

OAuth protocol 8

object identifiers (OIDs) 150

OCA (overlay-capture architecture) 208

off-chain transactions 120

official W3C standards 320

offline operations, digital wallets 205-206

offline recovery

automatic encrypted backup with 229

digital wallets 203

OIDC (OpenID Connect) protocol 162

OIDs (object identifiers) 150

OIX (Open Identity Exchange) 250

on-chain transactions 120

One From Many (Hock) 252, 328

one-click purchasing (Amazon) 72

OneName Corporation 312

online forms 68

open governance 283

Open Identity Exchange (OIX) 250

open source

gift license 282

in-between license 283

sharing with rules license 282

time-based license 283

Open Source Initiative 281

open source software 277-286

digital identities and 283-286

in practice 281-283

origin of 278-280

wooing businesses with 280-281

open standards 193-194

open-world data model 137

OpenID Connect 8, 202

OpenID Connect (OIDC) protocol 162

openness 306

Opportunities Created by the Web of Trust for Controlling and Leveraging Personal Data (Young, Edge, Reed and Thorp) 315

Oracle 281

OrgBook 154, 258

Origins of Totalitarianism, The (Arendt) 356

overlay-capture architecture (OCA) 208

P2P (peer-to-peer) networks 302

Palatial Credit (Hudson) 326

Pan-Canadian Trust Framework 272

PandaDoc 202

Papinchak, John 317

password managers 201

passwordless login (auto-authentication) 48-49

Path to Self Sovereign Identity, The (Allen) 316

Patricia tries 119

payloads, JWT 138

payment addresses 90-91

payment and value exchange

business efficiency 67

user experience and convenience 71-72

PCTF (Pan-Canadian Trust Framework) 384-387

mapping SSI stack to 391

SSI Scorecard for 392-393

peace through digital identity 293-299

global civil society 295-297

identity as source of conflict 297-298

identity as source of peace 298-299

technology and 294-295

peer DIDs 44-45, 171, 181

peer-based DID methods (self-certifying roots of trust) 231-232

peer-to-peer (P2P) networks 302

peer-to-peer digital certificates 176

peer-to-peer protocols, as DID registries 93-94

peer-to-peer relationships 9, 41

penetration testing 212

Perens, Bruce 282-283

permanent connections 73-74

permissioned ledgers 89

persistent (permanent) identifiers 159, 169

person identification data, in eIDAS Regulation 398

Personal Data Ecosystem Consortium 314

personal information, losing control over 311-312

Peterson, Christine 281

PGP (Pretty Good Privacy) 176, 233, 289, 312

pharma supply chain, SSI Scorecard for 380-382

Phillips, John 333

phishing 72

physical keys vs. digital keys 221-222

conventional model 174-176

DID documents 178-179

identifiers 176-178

web-of-trust model 176

PKI-based trust framework 402

PKIs 395-396

Policy on Service and Digital 385

political governance decentralization 307

portability, as property of money 326

positive peace 293

PoW (proof-of-work) algorithm 307

power imbalance, TLS 95

Practice Fusion 15

pre-rotation 236-238

predicate proofs 122

premium private channels 74-75

Pretty Good Privacy (PGP) 176, 233, 289, 312

Preukschat, Alex 320

Principles of Identity 316

privacy by design 194-195

privacy by design at scale, DIDs 182-183

privacy-protected connections 195

private blockchains 254

private DID-to-DID connections 196

proof component, VC

proof property 140

proof-of-work (PoW) algorithm 307

proofs 120-125

veracity and 124-125

ZKP (zero-knowledge proofs) 120-125

anti-correlation 123

multi-credential proofs 122-123

predicate proof 122

privacy and personal control 121

revocation 123

selective disclosure 122

signature blinding 121-122

protocol design 94-97

message-based protocol design using DIDComm 95-97

web-based protocol design using TLS 95

provider governance frameworks 255-256

PSD2 (Second Payment Services Directive) 80

public permissioned blockchains 254

public-key cryptography 288

public-key-to-identifier binding problem

conventional PKI solution 174-175

public key-based identifiers solution 177-178

public/private key cryptography 10, 31

QR codes

as offline recovery technique 203

commenting on blog 48

connecting through online blog 47

making direct, private connection 42-44

Quorum 254

Raczkowski, Chris 356

radix tries (compact prefix tries) 119

re-decentralization 294

Rebooting the Web of Trust (RWoT) 314-315, 320

Recommendation for Key Management 222

recursive trust triangles 36

Red Hat 281

Reed, Drummond 314-316

Rees-Mogg, William 14

refreshService property, VCs 143-144

RegTech (Regulation Technology) 81-84

Regulatory compliance category, SSI scorecard 77-84

data portability 80-81

data privacy 78-79

data protection 79-80

data security 77-78

RegTech (Regulation Technology) 81-84

Relationship management category, SSI scorecard 72-77

loyalty and rewards programs 76-77

mutual authentication 72-73

permanent connections 73-74

premium private channels 74-75

relationships, identity as source of 325

relying party (RP) 8, 173, 223

representations, defined 158

reputational incentives 271

Requirements for DIDs (Reed and Chasen) 316

resistance to preimage, hash functions 113

Respect Network 314

Respect Trust Framework 314, 316

REST (representational state transfer) 95, 100

Reusable Proof-of-Work (RPOW) 290

revocation 104, 123

revocation registries 92

revocation registry 351

RFC (Request for Comments) 206

RFID chips 357, 360, 363

right of erasure 230

right to be forgotten 231

ring signatures 151

Ripple20 348

risk assessment 266-267

Rivest, Ron 288-289, 324

Rivest-Shamir-Adleman (RSA) algorithm 115

Roberts, Dave 383

Rodríguez, Álvaro 326

Rometty, Ginni 5, 77

root certificate 223

root path 118

roots of trust

decentralized key management 223-225

SCIDs (self-certifying identifiers) as 234-235

Rotten Tomatoes 367

Rowan, Andrew 356

RP (relying party) 8

RPOW (Reusable Proof-of-Work) 290

RSA (Rivest-Shamir-Adleman) algorithm 115

RSA Security 289

Ruddy, Mary 313

RWoT (Rebooting the Web of Trust) 314-315, 320

Sabadello, Markus 314-315

SAML (Security Assertion Markup Language) protocol 8

Sawtooth 302

SBIR (Small Business Innovation Research) topic 6

scale, enterprise wallets 210-211

Scandinavian centralized identity model 7

schemas 92, 136-137, 208-209

SCIDs (self-certifying identifiers) 233

as roots of trust 234-235

for enterprise-class key management 239-240

SDG (Sustainable Development Goal) 16.9
316-317

SDS (secure data stores) 30, 207

Searls, Doc 72, 277, 310, 313-314, 328

Second Payment Services Directive (PSD2) 80

secure data storage (vault) support 207-208

Security Assertion Markup Language (SAML) protocol 8

security by design 195-196

selective disclosure 102, 122, 127, 140, 155, 397

self-certifying roots of trust 224-225, 231-233

selling a car scenario 54-56

semantic interoperability 92

semantic level, DIDs 183-188

addresses 183-184

DID subjects 186-188

digital trust ecosystems 184-185

human-meaningful naming problem 185-186

server-side wallets (custodial wallets, cloud wallets) 27

service endpoint 44

service endpoint discovery, DIDs 180

SGF (Sovrin Governance Framework) 269-271

SHA-1 hash function 113

SHA-256 hash function 112-113

Shamir, Adi 288, 324

SHARE user group 278

sharing with rules license, open source 282

signature blinding 121-122

signatures, JWT 138

Silk Road 91

Silver, Roland 288

simple credential-sharing model 104

single sign-on (SSO) 8

Slepak, Greg 315

Small Business Innovation Research (SBIR) topic 6

Smith, Sam 220

Smith, Samuel 316

social login buttons 8

social recovery

automatic encrypted backup with 229

digital wallets 204-205

software developers, Layer 2 governance and 255

Sovereign Individual, The (Davidson and Rees-Mogg) 14

Sovrin 254

Sovrin Foundation 91

Sovrin Glossary 266

Sovrin Governance Framework (SGF) 269-271

Sovrin ledger 316

SPKI (Simple Public Key Infrastructure) 289

Sporny, Manu 23, 314

SSI (self-sovereign identity)

architecture 109-110

blockchains 33-34

blockchains and DLTs relevant to 303-304

building ecosystem 17

Canada enabling 383-393

Canadian approach and policy framework 384-385

Canadian context 384

digital ecosystem roles 388-390

enabling SSI 392

mapping SSI stack to PCTF model 391

mutual recognition 388

normative core 387-388

PCTF (Pan-Canadian Trust Framework)
385-387

SSI Scorecard for PCTF (Pan-Canadian Trust Framework) 392-393

supporting infrastructure 390

using VCs (Verifiable Credentials) 391-392

challenges to adoption 17-20

community, origins of 248-273, 310-322

Agenda for Sustainable Development
315-316

ASN (Augmented Social Network) and identity commons 313

birth of internet 311

DIF (Decentralized Identity Foundation) 318

early state interest 316-317

Ethereum identity 319

first production government demo of SSI-supporting ledger 319

Hyperledger Indy 318

ID2020 Summit 315-316

IIW (Internet Identity Workshop) 314

increasing state support for SSI 318

International Planetwork Conference
312-313

Laws of Identity 313-314

MyData and Learning Machine 317

official W3C standards 320

personal information, losing control over 311-312

PGP (Pretty Good Privacy) 312

RWoT (Rebooting Web of Trust) 314-315

SSI Meetup 320

user control, increasing support of 314

Verifiable Claims Working Group 318

WEF (World Economic Forum) reports 319

decentralization by design 196

decentralized identifiers 30-32

decentralized key management 18

digital agents 29-30

digital guardianship 269-270

digital wallets 26-29

examples 271-273

explaining value of to business 333-346

failed experiments with 335-337

learning from other domains 337-338

SSI Scorecard for apartment leasing 345-346

with stories 339-343

for animals 363

governance authority, role of 261

governance frameworks 34-36, 265-269

background of 248-250

business rules 267

glossary 266

governance rules 267

inclusion, equitability, and accessibility rules 268

information trust rules 268

legal agreements 268-269

master document 265-266

problems solved by 262-265

risk assessment, trust assurance, and certification 266-267

technical rules 267-268

governance trust triangle 250-252

healthcare supply chain powered by 374-382

authentication and quality 380

eliminating waste 379-380

future supply chain transformation across industries 379

industry ecosystem efficiency powered by SSI 377-379

SSI Scorecard for pharma supply chain
380-382

supply chain transparency and efficiency SSI 376-377

holders 24-26

importance of 12-13

IoT (Internet of Things) and 348-352

issuers 24-26

legal enforcement 270-271

market drivers for 13-17

banking and finance 15

scenarios for adoption of in EU identity metasystem 403-406

ToiP (Trust over IP) governance stack 252-260

credential governance frameworks 256-258

ecosystem governance frameworks 258-260

provider governance frameworks 255-256

utility governance frameworks 253-255

value of eIDAS for 402-403

verifiable credentials 22-24

verifiable data registries 33-34

verifiers 24-26

voting and 365-373

advantages of 369-373

Estonia case study 367-368

problems with e-voting 367

problems with postal voting 366

three pillars of voting 368-369

SSI eIDAS Legal Report 403

SSI Meetup 320

SSI scenarios 39-57

applying for bank account 51-52

buying a car 52-54

commenting on blog 48-49

connecting through online blog 46-47

meeting at a conference 41-46

meeting via dating site 49-51

notation for 40-41

selling a car 54-56

SSI Scorecard 58-84

Bottom line category 60-62

improved e-commerce sales 61

new credential issuer revenue 62

reduced customer onboarding costs 60-61

reduced customer service costs 61-62

Business efficiencies category 62-67

auto-authentication 63

auto-authorization 63-65

delegation and guardianship 66

payment and value exchange 67

workflow automation 65

for animals 364

for apartment leasing 345-346

for EBSI (European Blockchain Services Infrastructure) 406-407

for IoT (Internet of Things) 354-355

for pharma supply chain 380-382

for voting 370-373

Regulatory compliance category 77-84

data portability 80-81

data privacy 78-79

data protection 79-80

data security 77-78

RegTech (Regulation Technology) 81-84

Relationship management category 72-77

loyalty and rewards programs 76-77

mutual authentication 72-73

permanent connections 73-74

premium private channels 74-75

User experience and convenience category
68-72

auto-authentication 68

auto-authorization 68-69

delegation and guardianship 70-71

payment and value exchange 71-72

workflow automation 69-70

SSI stack 88-109

communication and interfaces 94-101

API-oriented interface design using wallet Dapps 98

data-oriented interface design using identity hubs 98-99

interface design options 97-101

message-based protocol design DIDComm 95-97

message-oriented interface design using agents 99-101

protocol design options 94-97

web-based protocol design using TLS 95

credentials 101-106

Blockcerts format 103-104

exchange protocols 106

JWT format 102-103

W3C verifiable credential formats 104-106

governance frameworks 107-109

identifiers and public keys 88-94

adapting general-purpose public blockchains for SSI 90-91

blockchains as DID registries 89-90

conventional databases as DID registries
92-93

peer-to-peer protocols as DID registries 93-94

special-purpose blockchains designed for SSI 91-92

overview 88

SSI wallets 28

SSI4DE project 320

SSL visibility appliances 95

SSL/TLS PKI 181

SSO (single sign-on) 8

Stallman, Richard 279, 281-282

Static DIDs 171

Stellar 254

stewards

blockchain 255

in Sovrin Governance Framework 270

Stone, Matt 318

storability, as property of money 326

stories, SSI 339-345

current physical world 340-341

what's wrong with many current digital identity models 344-345

world like current physical world, but better 342-343

subjects, VC 129, 133

surveillance capitalism 13

SUSE 281

sustainable development goals (SDGs) 315-317

Sutton, Willie 71

Sybil attacks 76

Sybils 367

symmetric-key (secret-key) crypto-
graphy 114-115

syntactic representations 135-139

adding standardized properties 136

JSON 135-136

JSON-LD 136-137

JWT 137-139

system-independent validation (ambient verifiability) 238-239

Szabo, Nick 290, 324

TAF (trust assurance framework) 266

technical rules 267-268

technical trust, human trust vs. 252

Technology-Free Definition of Self Sovereign Identity, A (Andrieu) 317

TEE (trust execution environment) 350

Telecommunications Act of 1996 81

TeleSign Consumer Account Security Report (2015) 63

termsOfUse property, VCs 145

third-party controllers (controllership) 180

Thorp, Noah 315

time-based license, open source 283

TLS (Transport Layer Security) 95

ToIP (Trust over IP) governance stack 252-260

credential governance frameworks 256-258

ecosystem governance frameworks 258-260

provider governance frameworks 255-256

utility governance frameworks 253-255

ToIP (Trust over IP) stack 37, 108-109, 184-185

ToIP Concepts and Terminology Working Group 266

ToIP Foundation 108, 267

ToIP Governance Stack Working Group 252

ToIP Layer 1 networks in Finland 272

ToIP standard specifications (TSSs) 268

ToIP technology stack 268

Torvalds, Linus 280

TPMs (trusted platform modules) 240

transaction authors

blockchain 255

in Sovrin Governance Framework 270

transaction endorsers

blockchain 255

in Sovrin Governance Framework 270

transactional approach, identifier-to-controller binding problem 177

transactional roots of trust) 224

transitive trust 109, 259, 262

transparent, community-wide policies 270

Transport Layer Security (TLS) 95

travel, as market driver for SSI 16-17

Trevithick, Paul 313-314

triple play of cryptography 34

Triple-Signed Receipts protocol 93

trust assurance 263-264, 266-267

trust assurance framework (TAF) 266

trust assurance frameworks 212

trust frameworks 107

trust marks, ecosystem governance frameworks and 260

trust relationships, VC trust model 132-133

trust roots 88

trust spanning layer 242, 244

trust triangle 25-26, 34-36, 101, 172-173, 199

trust-spanning layer for internet 242-246

trustable interaction, DID documents 162

TSSs (ToIP standard specifications) 268

TTPs (Trusted Third Parties) 174-175

type property 140

U.S. Department of Homeland Security (DHS) 32, 225, 316

U.S. Free Banking Era 328

Ubuntu 295

UNCITRAL (United Nations Commission on International Trade Law) 386

unconference 314

unidirectional functions (one-way functions) 113

uniformity, as property of money 325

unintentional correlation 123

Universal Declaration on Cultural Diversity 298

Unix 278

uPort 97, 315

URIs (Uniform Resource Identifiers) 158

URLs (Uniform Resource Locators) 158-159

URNs (Uniform Resource Names) 159-160,
169-170

usability, ecosystem governance frameworks and 260

user control, increasing support of 314

User experience and convenience category, SSI scorecard 68-72

auto-authentication 68

auto-authorization 68-69

delegation and guardianship 70-71

payment and value exchange 71-72

workflow automation 69-70

user-centric identity 8, 313

using wallet Dapps 97

utility governance frameworks 253-255

value

identity as source of 325

tokenization of with identity 327-329

VCs (verifiable credentials) 9, 22-24, 126-156, 258, 391-392

advanced properties 143-148

credentialSubject property 147-148

DisputeCredential property 144

evidence property 145-146

refreshService property 143-144

termsOfUse property 145

applying for bank account 51-52

auto-authorization 64-65

basic properties 139-142

buying a car 52, 54

challenges to overcome 155-156

defined 36

delegation credentials 66, 70-71

ecosystem 128-131

electronic prescriptions 128

extensibility and schemas 150-151

for proof of identity 228

in healthcare example 375

online dating site 49

opening bank account 127

protocols and deployments 153-154

receiving free local access pass 127-128