Do you trust technology and government to protect your data? On this week’s State of Identity podcast, host, Cameron D’Ambrosi is joined by Gareth Narinesingh, Head of Digital Identity at HooYu to discuss the bridge between payments and identity wallets, the UK’s next big push in adopting shared identity standards, and the foundation of decentralized identity verification across Web3 applications and the metaverse.
PKI has created a global trust framework for the web. But the war in Ukraine has shone a light on its weaknesses. Hierarchies are not good architectures for building robust, trustworthy, and stable digital systems.
- The state of the art in digital identification are trust frameworks that accommodate diverse technologies, systems and stakeholders
- Risks remain even within the most rigorous trust framework:
- Achieving inclusion requires addressing both technical and political dimensions
- Trust frameworks are complicated so getting governance right requires an ecosystems approach
- Building the future of digital identification means reckoning with an analogue past
Trust frameworks are a foundational component of the web of trust. A trust framework is a common set of best practice standards-based rules that ensure minimum requirements are met for security, privacy, identification management and interoperability through accreditation and governance. These operating rules provide a common framework for ecosystem participants, increasing trust between them.
The trust infrastructure is concerned with the question of how and why the presented information can be trusted. It defines the rules for all stakeholders and enables legally binding relationships with the combination of governance frameworks, which are built on top of trust frameworks.
includes a section on the core components of identity architecture that includes a graphic based on a post by Phil Windley
Governance, Trust Registry, Ecosystem, Transitive Trust, Architecture
Presentation Deck: GHP Ecosystem Trust Architecture PDF
Links from chat:
Bart Suichies to Everyone : the eidas demo is here: https://essif.adaptivespace.io/
https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/deliverables not sure if this an open repo
It’s a great pleasure to share with you DINZ Reflections Report, a seminal piece of work that DINZ’s Digital Identity Trust Framework working group has developed over several months.
He points at the NIST documents about it Developing Trust Frameworks to Support Identity Federations published in 2018. He also points at the Canadian government’s definition of standards.
“a document that provides a set of agreed-upon rules, guidelines or characteristics for activities or their results. Standards establish accepted practices, technical requirements, and terminologies for diverse fields.” He goes on to highlight a lot of the work being done in Canada and where it all sits relative to being a standard - “In closing, there are lots of trust frameworks being developed today. But to be truly trusted, a trust framework needs to either apply existing standards or become a standard itself.”
Right now, we are alpha testing the framework with different kinds of actors, both public and private, and with assessors. Through this process, we’re going to learn what may need to change, and what may not need to change. We’re going to get real knowledge there. I will say that what we’re seeing already, is that DIACC and our priorities are really driven by members.
Trust registries also need to be interoperable. The Trust Over IP Foundation has a specification for an interoperable trust registry, and ours is the first implementation of this spec. Because of this, Trinsic’s Trust Registry Service is architected so that one ecosystem could reference or incorporate a trust registry from a separate ecosystem if needed.
The concept behind a Trust Registry is that a Wallet needs to know which decentralized identifiers (DIDs) to “trust” as a source of truth. At many levels, this “trust” translates to “authority” – knowing that somebody, centralized or decentralized, is responsible for maintaining a list of trusted DIDs.