1 Why the internet is missing an identity layer—and why SSI can finally provide one
1.1 How bad has the problem become?
1.2 Enter blockchain technology and decentralization
1.3 The three models of digital identity
1.3.1 The centralized identity model
1.3.2 The federated identity model
1.3.3 The decentralized identity model
1.6.1 E-commerce
1.6.2 Banking and finance
1.6.3 Healthcare
1.6.4 Travel
1.7 Major challenges to SSI adoption
1.7.1 Building out the new SSI ecosystem
1.7.2 Decentralized key management
1.7.3 Offline access
2 The basic building blocks of SSI
2.2 Issuers, holders, and verifiers
2.3 Digital wallets
2.4 Digital agents
2.5 Decentralized identifiers (DIDs)
2.6 Blockchains and other verifiable data registries
2.8 Summarizing the building blocks
3 Example scenarios showing how SSI works
3.1 A simple notation for SSI scenario diagrams
3.2 Scenario 1: Bob meets Alice at a conference
3.3 Scenario 2: Bob meets Alice through her online blog
3.4 Scenario 3: Bob logs in to Alice’s blog to leave a comment
3.5 Scenario 4: Bob meets Alice through an online dating site
3.6 Scenario 5: Alice applies for a new bank account
3.7 Scenario 6: Alice buys a car
3.8 Scenario 7: Alice sells the car to Bob
3.9 Scenario summary
4 SSI Scorecard: Major features and benefits of SSI
4.1 Feature/benefit category 1: Bottom line
4.1.1 Fraud reduction
4.1.2 Reduced customer onboarding costs
4.1.3 Improved e-commerce sales
4.1.4 Reduced customer service costs
4.1.5 New credential issuer revenue
4.2 Feature/benefit category 2: Business efficiencies
4.2.1 Auto-authentication
4.2.2 Auto-authorization
4.2.3 Workflow automation
4.2.4 Delegation and guardianship
4.2.5 Payment and value exchange
4.3 Feature/benefit category 3: User experience and convenience
4.3.1 Auto-authentication
4.3.2 Auto-authorization
4.3.3 Workflow automation
4.3.4 Delegation and guardianship
4.3.5 Payment and value exchange
4.4 Feature/benefit category 4: Relationship management
4.4.1 Mutual authentication
4.4.2 Permanent connections
4.4.3 Premium private channels
4.4.4 Reputation management
4.4.5 Loyalty and rewards programs
4.5 Feature/benefit category 5: Regulatory compliance
4.5.1 Data security
4.5.2 Data privacy
4.5.3 Data protection
4.5.4 Data portability
4.5.5 RegTech (Regulation Technology)
5 SSI architecture: The big picture
5.1 The SSI stack
5.2 Layer 1: Identifiers and public keys
5.2.1 Blockchains as DID registries
5.2.2 Adapting general-purpose public blockchains for SSI
5.2.3 Special-purpose blockchains designed for SSI
5.2.4 Conventional databases as DID registries
5.2.5 Peer-to-peer protocols as DID registries
5.3 Layer 2: Secure communication and interfaces
5.3.1 Protocol design options
5.3.2 Web-based protocol design using TLS
5.3.3 Message-based protocol design using DIDComm
5.3.4 Interface design options
5.3.5 API-oriented interface design using wallet Dapps
5.3.6 Data-oriented interface design using identity hubs (encrypted data vaults)
5.3.7 Message-oriented interface design using agents
5.4.1 JSON Web Token (JWT) format
5.4.2 Blockcerts format
5.4.3 W3C verifiable credential formats
5.4.4 Credential exchange protocols
5.5 Layer 4: Governance frameworks
6 Basic cryptography techniques for SSI
6.1 Hash functions
6.1.1 Types of hash functions
6.1.2 Using hash functions in SSI
6.2 Encryption
6.2.1 Symmetric-key cryptography
6.2.2 Asymmetric-key cryptography
6.4 Verifiable data structures
6.4.1 Cryptographic accumulators
6.4.2 Merkle trees
6.4.3 Patricia tries
6.4.4 Merkle-Patricia trie: A hybrid approach
6.5 Proofs
6.5.1 Zero-knowledge proofs
6.5.2 ZKP applications for SSI
6.5.3 A final note about proofs and veracity
7.1.1 Opening a bank account
7.1.2 Receiving a free local access pass
7.1.3 Using an electronic prescription
7.2 The VC ecosystem
7.3.1 Federated identity management vs. VCs
7.3.2 Specific trust relationships in the VC trust model
7.3.3 Bottom-up trust
7.4 W3C and the VC standardization process
7.5.1 JSON
7.5.2 Beyond JSON: Adding standardized properties
7.5.3 JSON-LD
7.5.4 JWT
7.8 More advanced VC properties
7.8.1 Refresh service
7.8.2 Disputes
7.8.3 Terms of use
7.8.4 Evidence
7.8.5 When the holder is not the subject
7.11 Protocols and deployments
7.12 Security and privacy evaluation
7.13 Hurdles to adoption
8.1 The conceptual level: What is a DID?
8.1.1 URIs
8.1.2 URLs
8.1.3 URNs
8.1.4 DIDs
8.2 The functional level: How DIDs work
8.2.1 DID documents
8.2.2 DID methods
8.2.3 DID resolution
8.2.4 DID URLs
8.2.5 Comparison with the Domain Name System (DNS)
8.2.6 Comparison with URNs and other persistent Identifiers
8.2.7 Types of DIDs
8.3 The architectural level: Why DIDs work
8.3.1 The core problem of Public Key Infrastructure (PKI)
8.3.2 Solution 1: The conventional PKI model
8.3.3 Solution 2: The web-of-trust model
8.3.4 Solution 3: Public key-based identifiers
8.3.5 Solution 4: DIDs and DID documents
8.4 Four benefits of DIDs that go beyond PKI
8.4.1 Beyond PKI benefit 1: Guardianship and controllership
8.4.2 Beyond PKI benefit 2: Service endpoint discovery
8.4.3 Beyond PKI benefit 3: DID-to-DID connections
8.4.4 Beyond PKI benefit 4: Privacy by design at scale
8.5 The semantic level: What DIDs mean
8.5.1 The meaning of an address
8.5.2 DID networks and digital trust ecosystems
8.5.3 Why isn’t a DID human-meaningful?
8.5.4 What does a DID identify?
9 Digital wallets and digital agents
9.1 What is a digital wallet, and what does it typically contain?
9.2 What is a digital agent, and how does it typically work with a digital wallet?
9.4 Design principles for SSI digital wallets and agents
9.4.1 Portable and Open-By-Default
9.4.2 Consent-driven
9.4.3 Privacy by design
9.4.4 Security by design
9.5 Basic anatomy of an SSI digital wallet and agent
9.6 Standard features of end-user digital wallets and agents
9.6.1 Notifications and user experience
9.6.2 Connecting: Establishing new digital trust relationships
9.6.3 Receiving, offering, and presenting digital credentials
9.6.4 Revoking and expiring digital credentials
9.6.5 Authenticating: Logging you in
9.6.6 Applying digital signatures
9.7.1 Automatic encrypted backup
9.7.2 Offline recovery
9.7.3 Social recovery
9.7.4 Multi-device recovery
9.8 Advanced features of wallets and agents
9.8.1 Multiple-device support and wallet synchronization
9.8.2 Offline operations
9.8.3 Verifying the verifier
9.8.4 Compliance and monitoring
9.8.5 Secure data storage (vault) support
9.8.6 Schemas and overlays
9.8.7 Emergencies
9.8.8 Insurance
9.9.1 Delegation (rights, roles, permissions)
9.9.2 Scale
9.9.3 Specialized wallets and agents
9.9.4 Credential revocation
9.9.5 Special security considerations
9.10 Guardianship and delegation
9.10.1 Guardian wallets
9.10.2 Guardian delegates and guardian credentials
9.11 Certification and accreditation
9.12 The Wallet Wars: The evolving digital wallet/agent marketplace
9.12.1 Who
9.12.2 What
9.12.3 How
10 Decentralized key management
10.1 Why any form of digital key management is hard
10.2 Standards and best practices for conventional key management
10.3 The starting point for key management architecture: Roots of trust
10.4 The special challenges of decentralized key management
10.5 The new tools that VCs, DIDs, and SSI bring to decentralized key management
10.5.1 Separating identity verification from public key verification
10.5.2 Using VCs for proof of identity
10.5.3 Automatic key rotation
10.5.4 Automatic encrypted backup with both offline and social recovery methods
10.5.5 Digital guardianship
10.6 Key management with ledger-based DID methods (algorithmic roots of trust)
10.7 Key management with peer-based DID methods (self-certifying roots of trust)
10.8 Fully autonomous decentralized key management with Key Event Receipt Infrastructure (KERI)
10.8.1 Self-certifying identifiers as a root of trust
10.8.2 Self-certifying key event logs
10.8.3 Witnesses for key event logs
10.8.4 Pre-rotation as simple, safe, scalable protection against key compromise
10.8.5 System-independent validation (ambient verifiability)
10.8.6 Delegated self-certifying identifiers for enterprise-class key management
10.8.7 Compatibility with the GDPR “right to be forgotten”
10.8.8 KERI standardization and the KERI DID method
10.8.9 A trust-spanning layer for the internet
10.9 Key takeaways
11.1 Governance frameworks and trust frameworks: Some background
11.2 The governance trust triangle
11.3 The Trust over IP governance stack
11.3.1 Layer 1: Utility governance frameworks
11.3.2 Layer 2: Provider governance frameworks
11.3.3 Layer 3: Credential governance frameworks
11.3.4 Layer 4: Ecosystem governance frameworks
11.4 The role of the governance authority
11.5 What specific problems can governance frameworks solve?
11.5.1 Discovery of authoritative issuers and verified members
11.5.2 Anti-coercion
11.5.3 Certification, accreditation, and trust assurance
11.5.4 Levels of assurance (LOAs)
11.5.5 Business rules
11.5.6 Liability and insurance
11.6 What are the typical elements of a governance framework?
11.6.1 Master document
11.6.2 Glossary
11.6.3 Risk assessment, trust assurance, and certification
11.6.4 Governance rules
11.6.5 Business rules
11.6.6 Technical rules
11.6.7 Information trust rules
11.6.8 Inclusion, equitability, and accessibility rules
11.6.9 Legal agreements
11.7 Digital guardianship
11.8 Legal enforcement
11.9 Examples
Part 3 Decentralization as a model for life
12 How open source software helps you control your self-sovereign identity
12.1 The origin of free software
12.2 Wooing businesses with open source
12.3 How open source works in practice
12.4 Open source and digital identities
13 Cypherpunks: The origin of decentralization
13.1 The origins of modern cryptography
13.2 The birth of the cypherpunk movement
13.3 Digital freedom, digital cash, and decentralization
13.4 From cryptography to cryptocurrency to credentials
14 Decentralized identity for a peaceful society
14.3 Identity as a source of conflict
14.4 Identity as a source of peace
15 Belief systems as drivers for technology choices in decentralization
15.2 Blockchain and DLT as belief systems
15.2.1 Blockchain “believers”
15.2.2 DLT “believers”
15.3 How are blockchains and DLTs relevant to SSI?
15.4 Characterizing differences between blockchain and DLT
15.4.1 Governance: How open is the network to open participation?
15.4.2 Censorship resistance: How centralized is trust?
15.4.3 Openness: Who can run a node?
15.5 Why “believers” and not “proponents” or “partisans”?
15.5.1 How do we measure decentralization?
15.6 Technical advantages of decentralization
16 The origins of the SSI community
16.1 The birth of the internet
16.2 Losing control over our personal information
16.3 Pretty Good Privacy
16.4 International Planetwork Conference
16.5 Augmented Social Network and Identity Commons
16.6 The Laws of Identity
16.7 Internet Identity Workshop
16.8 Increasing support of user control
16.9 Rebooting the Web of Trust
16.10 Agenda for Sustainable Development and ID2020
16.11 Early state interest
16.12 MyData and Learning Machine
16.13 Verifiable Claims Working Group, Decentralized Identity Foundation, and Hyperledger Indy
16.14 Increasing state support for SSI
16.15 Ethereum identity
16.16 World Economic Forum reports
16.17 First production government demo of an SSI-supporting ledger
16.18 SSI Meetup
16.19 Official W3C standards
16.20 Only the beginning
17.1 Going back to the starting point
17.2 Identity as the source of relationships and value
17.4 The three functions of money
17.5 The tokenization of value with identity
17.6 References
Part 4 How SSI will change your business
18 Explaining the value of SSI to business
18.1 How might we best explain SSI to people and organizations?
18.1.1 Failed experiment 1: Leading with the technology
18.1.2 Failed experiment 2: Leading with the philosophy
18.1.3 Failed experiment 3: Explaining by demonstrating the tech
18.1.4 Failed experiment 4: Explaining the (world’s) problems
18.2 Learning from other domains
18.3 So how should we best explain the value of SSI?
18.4 The power of stories
18.5 Jackie’s SSI story
18.5.1 Part 1: The current physical world
18.5.2 Part 2: The SSI world—like the current physical world, but better
18.5.3 Part 3: Introducing the Sparkly Ball—or, what’s wrong with many current digital identity models
18.6 SSI Scorecard for apartment leasing
19 The Internet of Things opportunity
19.1 IoT: Connecting everything safely
19.3 The business perspective for SSI and IoT
19.4 An SSI-based IoT architecture
19.5 Tragic story: Bob’s car hacked
20 Animal care and guardianship just became crystal clear
20.1 Enter Mei and Bailey
20.1.1 Bailey gets a self-sovereign identity
20.1.2 Guardianship transfer
20.1.3 Vacation for Mei and Bailey
20.1.4 A storm and separation
20.1.5 Lost and found at your fingertips
20.2 Digital identity unlocks opportunities for the well-being of animals and people
20.3 SSI for animals reaffirms their inherent worth
20.4 SSI Scorecard for pets and other animals
21 Open democracy, voting, and SSI
21.1 The problems with postal voting
21.2 The problems with e-voting
21.4 The three pillars of voting
21.4.1 A state’s bill of needs
21.4.2 A voter’s bill of rights
21.5.1 SSI Scorecard for voting
22 Healthcare supply chain powered by SSI
22.1 Emma’s story
22.2 Supply chain transparency and efficiency through SSI
22.3 Industry ecosystem efficiency powered by SSI
22.4 Future supply chain transformation across industries: The big picture
22.5 Eliminating waste
22.6 Authentication and quality
22.7 SSI Scorecard for the pharma supply chain
23 Canada: Enabling self-sovereign identity
23.1 The Canadian context
23.2 The Canadian approach and policy framework
23.3 The Pan-Canadian Trust Framework
23.4 The normative core
23.5 Mutual recognition
23.7 Supporting infrastructure
23.8 Mapping the SSI stack to the PCTF model
23.9 Using the Verifiable Credentials Model
23.10 Enabling Self-Sovereign Identity
23.11 SSI Scorecard for the Pan-Canadian Trust Framework
24 From eIDAS to SSI in the European Union
24.1 PKI: The first regulated identity service facility in the EU
24.3 The EU identity federation
24.3.1 The legal concept of electronic identification (eID)
24.3.2 The scope of the eIDAS FIM Regulation and its relationship with national law
24.4 Summarizing the value of eIDAS for SSI adoption
24.5 Scenarios for the adoption of SSI in the EU identity metasystem
24.6 SSI Scorecard for the EBSI
A Appendix A Additional Livebook chapters
B Appendix B Landmark essays on SSI
C Appendix C The path to self-sovereign identity
D Appendix D Identity in the Ethereum blockchain ecosystem
E Appendix E The principles of SSI