History Surrounding Self-Sovereign, Decentralized, Identity.

13 minute read

Update

I’ve been studying DID history over the course of a year, for a few different projects. During the course of that time, I had the opportunity to learn quite a lot from Kaliya @IdentityWoman, who helped fill in some of the gaps (because she was actually there).

ID History Discord Chat

I’ve now been organizing information on the history of decentralized identity in the channels of a new discord server. I’ve been searching through all the places this research has been collected, from the ID Commons Wiki, to the four corners of the internet.

If you don’t feel like exploring the wonders of discordapp, the contents of that server will be periodically published here:

⇉⇉ Collab-Curation Historical Archive ⇇⇇

Identity Commons

Ultimately, the idea is to funnel this information into the identity-commons historical repository:

Here is a community timeline that was created at IIW in 2011 & renewed at IIW 28 in 2019 You are welcome to add more to the timeline and links to the things referenced.

⇉⇉ identitywoman/identity-commons ⇇⇇

Losing Control Over our Personal Information

  • Security without Identification: Transaction Systems to Make Big Brother Obsolete - David Chaum, 1985.
    • The large-scale automated transaction systems of the near future can be designed to protect the privacy and maintain the security of both individuals and organizations.

      Computerization is robbing individuals of the ability to monitor and control the ways information about them is used. As organizations in both the private and the public sectors routinely exchange such informa- tion, individ.uals have no way of knowing if the information is inaccurate, obsolete, or otherwise inap- propriate. The foundation is being laid for a dossier society, in which computers could be used to infer individuals’ life-styles, habits, whereabouts, and asso- ciations from data collected in ordinary consumer transactions. Uncertainty about whether data will re- main secure against abuse by those maintaining or tapping it can have a “chilling effect,” causing people to alter their observable activities. As computerization becomes mclre pervasive, the potential for these prob- lems will grow dramatically.

  • Information Technology and Dataveillance - Roger Clarke, 1988.

    The concept of ‘dataveillance’ is introduced, and defined as the systematic monitoring of people’s actions or communications through the application of information technology. Dataveillance’s origins are traced, and an explanation provided as to why it is becoming the dominant means of monitoring individuals and populations.

    The paper identifies, classifies and describes the various dataveillance techniques. It then examines the benefits, and especially the dangers, arising from dataveillance. It considers the intrinsic and extrinsic controls that act to keep the application of dataveillance under control, and suggests some appropriate policy measures.

PGP - Web of Trust

Phil Zimmerman creates PGP, 1991.

  • First time strong encryption widely available to general public.
  • PGP’s web-of-trust provide early foundation for SSI. However, PGP is known as difficult to use and failed to reach wide adoption for personal communication\identification.

  • PGP -Web of Trust -linux.com

Evolution of Identity -wso2

The Evolution of Internet Identity</a> from Prabath Siriwardena</a>

International Planetwork Conference

The first International Planetwork Conference - Global Ecology and Information Technology, San Francisco, May 2000.

The community that developed around the Planetwork conferences, including Linktank, form an intellectual foundation for what became Self Sovereign Identity.

XNS Public Trust Organization

XNS Public Trust Organization. Founded in July 2000, shortly after Planetwork Conference. -xdi.org - History

to promote the concept of individuals owning their own digital identity and data based on a nascent technology being produced by two Technical Committees at OASIS: XRI (Extensible Resource Identifier) and XDI (Extensible Data Interchange).

Augmented Social Network

  • The Augmented Social Network: Building Identity and Trust into the Next-Generation Internet, presented at the June 2003 Planetwork conference and published in First Monday the Peer-Reviewed Journal on the Internet 8/4/03.

    This paper proposes the creation of an Augmented Social Network (ASN) that would build identity and trust into the architecture of the Internet”

IDCommons

The Identity Commons (2001-Present) was originally created by Owen Davis and Andrew Nelson in 2001 to evangelize the creation of a decentralized user-centric identity infrastructure and to address the resulting social trust issues.

  • Kaliya Young began working with Identity Commons following June 2004 Planetwork Conference. Working with Social Physics team, led by Paul Trevithick and Mary Ruddy, and included Doc Searls and Phil Windley, they wove a community around user-centric id that came together at the Digital Identity World conference, of 2004.

Resuling in a mailing list:

  • community@lists.idcommons.net

    The general community mailing list for Identity Commons. The list is also called the Identity Gang mailing list and was formerly idworkshop at googlegroups.

Identity Gang

  • The original identity gang Doc Searls invited identity leaders to appear on the Gilmore Gang podcast, where the name “Identity Gang” was coined.

    At the encouragement of Doc Searls, a number of people began blogging about user-centric identity.

  • The Gillmor Gang - December 31, 2004 Featuring:

    • Steve Gillmor, contributing editor, ZDNet
    • Doc Searls, senior editor, Linux Journal
    • Craig Burton, founding member, Novell; co-founder, The Burton Group
    • Kim Cameron, Microsoft’s Architect of Identity and Access Systems
    • Dave Winer, father of RSS and more
    • Marc Canter, Broadband Mechanics
    • Bryan Field-Elliot, CTO, Ping Identity Corporation
    • Phil Windley, Brigham Young University
    • Drummond Reed, CTO, Cordance

“Their most important contribution may have been the creation, in association with the Identity Gang, of the Internet Identity Workshop (2005-Present) working group.” -Path to Self Sovereign Identity

Kim Cameron - Laws of Identity

Internet Identity Workshop

In 2005, Kaliya Young[T], Phil Windley[T][V][G], Drummond Reed[T][B], and Doc Searls[T][B] hosted the first Internet Identity Workshop(IIW)[T] in Berkeley to discuss “architectural and governance proposals for Internet-wide identity services and their underlying philosophies.” -Announcing IIW 2005

Since then, the IIW has met bi-anually, actively supporting the development of the identity software-ecosystem, including OpenID(‘05), OpenID 2.0(‘06), OAuth(‘10), FIDO(‘13) and OpenID Connect(‘14).


  • Markus Sabadello began work on Project Danube, on the creation of an XDI based personal data store, always under the control of its users, as early as 2010.

Founded in 2011, the Personal Data Ecosystem Consortium advocates a user-centric approach to managing personal data

IIW participants began the effort towards creating a truly user centric identity, in contrast to identity solutions whos focus has been fulfilling the needs of the enterprise. The pioneers of decentralized identity have long struggled against the “identity silo paradox,” that while the identerati continually work on solutions to break up these silos, the enterprise has had a strong financial incentive to retain them.

Respect Network

Around 2011, Respect Network began working to promote the idea of personal data clouds for the protection of personal information:

  • Respect Network is the world’s first trusted personal data network that will let customers and companies connect over direct, personal channels that are always under the customer’s control. Every member of the Respect Network agrees to the award-winning Respect Trust Framework so customers can be sure that the privacy and security of their personal data will always be respected.

The foundation of the Respect Network is the Respect Trust Framework, which was listed with the Open Identity Exchange in May 2011 and honored with the Privacy Award at the 2011 European Identity Conference. This is the umbrella legal contract to which every member (person or business) of the Respect Network agrees when they join the network

  • The Respect Trust Framework establishes a set of five simple yet universal principles governing the control and protection of identity and personal data­­—principles that operate at a higher level than conventional privacy policies. These five principles can be summed up by “the 5 p’s” in one sentence: A promise of permission, protection, portability, and proof.

W3C Credentials Community Group

8/14 The Credentials Community Group[ϟ] forms, hosted by World Wide Web Consortium(W3C)[T] [G] : “to forge a path for a secure, decentralized system of credentials that would empower both individual people and organizations on the Web to store, transmit, and receive digitally verifiable proof of qualifications and achievements.” —proposed by Manu Sporney[T] (of digitalbazaar.com)

Bitnation

9\15 Bitnation “seeks to establish the concept of ‘world citizenship’ via a bitcoin based identity, offering ‘Blockchain Emergency IDs’ to refugees. [>]

United Nations Sustainable Development Goals

The same month, the UN unveiled it’s Agenda for Sustainable Development:

  • Promote peaceful and inclusive societies for sustainable development, provide access to justice for all and build effective, accountable and inclusive institutions at all levels
  • Substantially reduce corruption and bribery in all their forms Develop effective, accountable and transparent institutions at all levels
  • By 2030, provide legal identity for all, including birth registration
  • Ensure public access to information and protect fundamental freedoms, in accordance with national legislation and international agreements—(emphasis mine)
  • DIGITAL IDENTITY AS A BASIC HUMAN RIGHT
  • AID:Tech [T] — “is a voucher and digital identity solution for refugees. A digital record of a person’s identity is stored on a smart card, along with various additional information. Blockchain technology is used to distribute all resources in a highly traceable manner.” (another early example of blockchain for humanitarian aide)
  • World Bank - Digital IDs for Development
  • Additional Info on Blockchain and the United Nations

Rebooting the Web Of Trust

In relation to SSI, ‘Web of Trust’ is a network of relationships that attest to our identity claims. Each party attesting to your identity information becomes a strand in your web of trust.

The first Rebooting Web of Trust(RWoT) workshop was held during November 2015; attracting the likes of Vitalik Buterin, Peter Todd, Gregory Maxwell, Joel Dietz, Christopher Allen, and Jon Callas, according to Andreas Antonopolis.

That workshop, produced 5 technical white papers:\ 5 WoT-usecasesDecentralized PKISmart SignaturesCreating a New World of Trust

  • Opportunities Created by the Web of Trust for Controlling and Leveraging Personal Data

    “Decentralized systems that are engineered to prevent concentrating power as they grow avoid this. They can in fact increase their credibility as more users provide their assessments as input. Protocols and structures that are distributed and self-sovereign also offer significantly improved robustness, portability, and versatility than conventional centralized or escrowed processes — especially when combined with secure cryptography.”

  • Rebranding the Web of Trust

    The Web of Trust is a buzzword for a new model of decentralized self-sovereign identity. It’s a phrase that dates back almost twenty-five years, the classic definition derives from PGP […] the vibrant blockchain community is also drawing new attention to the concept we aim to reboot it.

At the end of 2015, the Department of Homeland Security announced that it had funds available for the development of Blockchain Security and Identity Verification Technologies.

Evernym

ID2020 and the GDPR

Evident from the other whitepapers submitted to the second RWoT Workshop, the DID identifier had begun to emerge:

  • Decentralized Identifiers (DIDs) and Decentralized Identity Management (DIDM)

    “Decentralized Identifiers (DID) stored in a permissioned blockchain enable principals to directly control their own identities with cryptographic proofs and secure, addressable network endpoints. DIDs further enable a Decentralized Identity Management (DIDM) infrastructure that will empower people and organizations to securely and confidentially manage and assert their identities.”

  • Requirements for DIDs

    “Respect Network is conducting a research project for the U.S. Department of Homeland Security, HSHQDC-16-C-00061, to analyze the applicability of blockchain technologies to a decentralized identifier system. Our thesis is that blockchains, or more generically distributed ledgers, are a potentially powerful new tool for “identity roots” — the starting points for an Internet identity. However “blockchain identity” may not fully address the core security and privacy principles needed in a complete identity system. In this case DIDs — Decentralized Identifiers rooted on a distributed ledger — may end up being a foundational building block for higher level identity management solutions. -

Late 2016

  • News Release: DHS S&T Awards $1.3 Million to Small Businesses for Cyber Security Research and Development -2016
    • Applying Blockchain to Decentralized Identity

      Respect Network will research and develop a decentralized registry and discovery service for Decentralized Identifiers (DIDs) to integrate with the public blockchain. DIDs will allow principals to directly control their own identities with cryptographic proofs and secure, addressable network endpoints. DIDs will enable a Decentralized Identity Management (DIDM) infrastructure that will empower people and organizations to securely and confidentially manage and assert their identities. Open standards and established industry protocols will permit principals to selectively disclose identity claims, and to manage their privacy and digital relationships. Respect Network’s thesis is that the combination of DIDs and DIDM architecture, using public and/or private blockchains as “identity backbones”, can meet traditional information security principles of confidentiality, integrity, availability, non-repudiation and provenance. Further, our approach applies privacy-by-design principles, including user control, selective disclosure of information and pseudonymity.

    • Credentials on Public/Private Linked Ledgers

      A wide variety of applications could benefit from combining identity management technology with decentralized ledgers (aka blockchains). However, not every application uses the same data or requires the same consensus or authorization models. While a single solution is unlikely, we assert each application could benefit from a standard, configurable, decentralized ledger with flexible semantics. We will study the feasibility of this concept by building a proof-of-concept Linked Data ledger format and architecture.

  • Pan Canadian Trust Framework - 2016

    The Pan-Canadian Trust Framework (PCTF) enables Canada’s full and secure participation in the global digital economy through economic sector innovation and the enablement of modernized digital service delivery. The PCTF supports open government principles.

  • Phil Windley announces formation of the Sovrin Foundation charged with maintaining its, public-permissioned, distributed ledger for identity, donated by Evernym -September 2016.

    Sovrin Foundation is a private-sector, international non-profit established to govern a global public utility for self-sovereign identity.

  • MyData founded to give structure to an international movement, promoting the rights of individuals to have control over our personal information - August, 2016

  • Learning Machine working with MIT on an open standard for blockchain credentials for the past year. Led by Chris Jagers, Kim Hamilton Duffy, and John Papinchak their Blockcerts prototype was released in October 2016.

Identity Foundation

On May 22 at Consensus 2017 the formation of the Decentralized Identity Foundation (DIF) was announced:

Standards History

The Story of Open SSI Standards - Drummond Reed/Evernym SSIMeetup.org [ϟ]

Resources