Binary Globe by GDj

Identity Decentralized

31 minute read

  • White Papers, Specifications & Proofs of Concept

    Our goal for this initial #RebootingWebOfTrust design workshop is to:

    • Focus on the creation of the next generation of decentralized web-of-trust based identity systems.
    • To generate 5 technical white papers on topics decided by the group that will have the greatest impact on the future”

    To this end, I thought it would be useful to define what is a white paper, and as some people desire to go beyond this, what is a specification and proof of concept code.

  • WebOfTrust.info - Upcoming Events

See the WebofTrust.Info or github.com/WebOfTrustInfo for more information.

Web of Trust’ is a network of relationships that attest to our identity claims. Each party attesting to your identity information becomes a strand in your web of trust.

Selected ‘Rebooting Web of Trust’ Whitepapers

Primers

  • White Papers, Specifications & Proofs of Concept

    Our goal for this initial #RebootingWebOfTrust design workshop is to:

    • Focus on the creation of the next generation of decentralized web-of-trust based identity systems.
    • To generate 5 technical white papers on topics decided by the group that will have the greatest impact on the future”

    To this end, I thought it would be useful to define what is a white paper, and as some people desire to go beyond this, what is a specification and proof of concept code.

  • Rebranding the Web of Trust Original RWoT whitepaper
  • WebofTrust.info/papers.html

Use Cases

Completed Papers

Rebooting the Web of Trust I

The first Rebooting the Web of Trust design workshop, held in San Francisco, CA - November 3rd & 4th, 2015.

  • Rebranding the Web of Trust
    • A history of the Web of Trust and a look at what the term could mean for the future.
      • Shannon Appelcline, Dave Crocker, Randall Farmer, and Justin Newton

        The Web of Trust is a buzzword for a new model of decentralized self-sovereign identity. It’s a phrase that dates back almost twenty-five years, the classic definition derives from PGP […] the vibrant blockchain community is also drawing new attention to the concept we aim to reboot it.

  • Opportunities Created by the Web of Trust for Controlling and Leveraging Personal Data
    • Five use cases, from two relatively simple cases of managing selective disclosure to the most extreme case of establishing government-verifiable credentials from nothing for a stateless refugee.
      • du5t, Kaliya “Identity Woman” Young (@identitywoman), John Edge, Drummond Reed, and Noah Thorp
  • Decentralized Public Key Infrastructure
    • A massive overview of a decentralized public-key infrastructure (DPKI).
      • Christopher Allen, Arthur Brock, Vitalik Buterin, Jon Callas, Duke Dorje, Christian Lundkvist, Pavel Kravchenko, Jude Nelson, Drummond Reed, Markus Sabadello, Greg Slepak, Noah Thorp, and Harlan T Wood
  • Smart Signatures
    • A system to explicitly outline and fully program conditions for verification, inspired by Bitcoin Script.
      • Christopher Allen, Greg Maxwell, Peter Todd, Ryan Shea, Pieter Wuille, Joseph Bonneau, Joseph Poon, and Tyler Close
  • Creating the New World of Trust
    • A summary of the next step for the Rebooting the Web of Trust group.
      • Shannon Appelcline

Rebooting the Web of Trust II - ID2020

The second Rebooting the Web of Trust design workshop, in San Francisco, CA, on May 21st & 22nd, 2016. It was run in conjunction with the UN ID2020 Summit on Identity, which occurred at the UN in New York on May 20th, 2016.

Rebooting the Web of Trust III

The design workshop exceeded its mandate by producing seven papers:

  • DID (Decentralized Identifier) Data Model and Generic Syntax 1.0 Implementer’s Draft 01
    • The complete draft of the Decentralized IDentifier (DID) model and syntac, a project that has run through the RWOT workshops to date.
      • Drummond Reed, Les Chasen, Christopher Allen, and Ryan Grant
  • Digital Verification Advancements at RWoT III
    • A short overview of enhancements to Digital Verification that came out of RWOT III.
      • Manu Sporny with Christopher Allen, Harlan Wood, and Jason Law
  • Embedding Human Wisdom in Our Digital Tomorrow
    • A discussion of the dangers of transferring wisdom into the digital world, seen through the lenses of vulnerability, shadows, healing, tensions, complexity and gestalt, and organizational choices.
      • Daniel Hardman, Kaliya “Identity Woman” Young, and Matthew Schutte
  • Hubs
    • An overview of the hubs datastore system.
      • Daniel Buchner, Wayne Vaughan, and Ryan Shea
  • Joram 1.0.0
    • An Information Lifecycle Engagement Model that offers a use case for a Syrian refugee.
      • Joe Andrieu and Bob Clint
  • Portable Reputation Toolkit Use Cases
    • A model and proof-of-concept implementation for decentralized verification.
      • Christopher Allen, Tim Daubenschütz, Manu Sporny, Noah Thorp, Harlan Wood, Glenn Willen, and Alessandro Voto
  • Smart Consent Protocol
    • Bringing together COALA IP and Consent to deal with digital intellectual property.
      • Dr. Shaun Conway, Lohan Spies, Jonathan Endersby, and Tim Daubenschütz

Rebooting the Web of Trust IV

The fourth Rebooting the Web of Trust design workshop ran in Paris, France, on April 19th-21st, 2017.

Rebooting the Web of Trust V

  • ActivityPub: From Decentralized to Distributed Social Networks
    • Christopher Lemmer Webber & Manu Sporny
    • An overview of the W3C ActivityPub protocol.
  • Amira 1.0.0
    • Joe Andrieu & Team
    • This paper […] presents a human-centric illustration of an individual’s experience in a self-sovereign, decentralized realization of the Web of Trust as originally conceived by Phil Zimmerman for PGP.
  • The DCS Theorem
    • Greg Slepak & Anya Petrova
    • A probability proof of the DCS Triangle. Why can’t decentralized consensus systems have all three of decentralization, consensus, and scale? Plus, two methods for getting around these limitations.
  • A Decentralized Approach to Blockcerts Credential Revocation
    • João Santos & Kim Hamilton Duffy
    • Blockcerts are blockchain-anchored credentials with a verification process designed to be decentralized and trustless. This proposal describes an alternate method of issuing Blockcerts using Ethereum, which allows for a new form of revocation by either the issuer or the recipient.
  • Engineering Privacy for Verified Credentials: In Which We Describe Data Minimization, Selective Disclosure, and Progressive Trust
    • Lionel Wolberger, Brent Zundel, Zachary Larson, Irene Hernandez & Katryna Dow
    • we have identified three related but distinct privacy enhancing strategies: “data minimization,” “selective disclosure,” and “progressive trust.” These enhancements are enabled with cryptography. The goal of this paper is to enable decision makers, particularly non-technical ones, to gain a nuanced grasp of these enhancements along with some idea of how their enablers work.
  • Identity Hubs Capabilities Perspective
    • by Adrian Gropper, Drummond Reed & Mark S. Miller

      Identity Hubs as currently proposed in the Decentralized Identity Foundation (DIF) are a subset of a general Decentralized Identifier (DID) based user-controlled agent, based on ACLs rather than an object-capabilities (ocap) architecture. Transitioning the Hubs design to an ocap model can be achieved by introducing an UMA authorization server as the control endpoint.

  • Linked Data Capabilities
    • Christopher Lemmer Webber & Mark S. Miller

      Linked Data Signatures enable a method of asserting the integrity of linked data documents that are passed throughout the web. The object capability model is a powerful system for ensuring the security of computing systems.

  • Veres One DID Method
    • Manu Sporny & Dave Longley

      The Veres One Ledger is a permissionless public ledger designed specifically for the creation and management of decentralized identifiers (DIDs). This specification defines how a developer may create and update DIDs in the Veres One Ledger.

  • When GDPR becomes real, and Blockchain is no longer Fairy Dust
    • Marta Piekarska, Michael Lodder, Zachary Larson & Kaliya Young (Identity Woman)

      This document describes the GDPR requirements and the different approaches to digital identity solutions and finally explains why distributed ledger technology may offer an opportunity for enterprises to simplify data management solutions that are GDPR compliant.

Rebooting the Web of Trust VI

The sixth Rebooting the Web of Trust design workshop ran in Santa Barbara, California, on March 6th to 8th, 2018.

  • BTCR DID Resolver Specification
    • Kim Hamilton Duffy, Christopher Allen, Ryan Grant, and Dan Pape

      This describes the process of resolving a BTCR DID into a DID Document. The draft reference implementation is available at https://github.com/WebOfTrustInfo/btcr-did-tools-js (see didFormatter.js). Note that not all steps described in this document are implemented yet.

  • Decentralized Autonomic Data (DAD) and the three R’s of Key Management
    • by Samuel M. Smith Ph.D. with Vishal Gupta

      This paper proposes a new class of data called decentralized autonomic data (DAD). The term decentralized means that the governance of the data may not reside with a single party. A related concept is that the trust in the data provenance is diffuse in nature. Central to the approach is leveraging the emerging DID (decentralized identifier) standard. The term autonomic means self-managing or self-regulating. In the context of data, we crystalize the meaning of self-managing to include cryptographic techniques for maintaining data provenance that make the data self-identifying, self-certifying, and self-securing. Implied thereby is the use of cryptographic keys and signatures to provide a root of trust for data integrity and to maintain that trust over transformation of that data, e.g. provenance. Thus key management must be a first order property of DADs. This includes key reproduction, rotation, and recovery. The pre-rotation and hybrid recovery methods presented herein are somewhat novel.

  • Decentralized Identifiers v1.0
    • A Status Note

The Decentralized Identifiers specification editors and implementers spent some time at Rebooting the Web of Trust 6 processing the remaining issues in the issue tracker. This document summarizes the proposed resolutions that the group has put forward to resolve all of the DID specification issues that were submitted before 2018-03-05.

Technology commons come in a variety of flavors and have achieved varying levels of financial success. For-profit corporate activities have in few historical cases been set up with a financial feedback mechanism to support the commons upon which they depend and capitalize. Why do the commons and the technology sectors’ available forms of capitalism act as incompatible as oil and water, even though they support each other’s aims? When capitalist benefactors support the technology commons that they utilize, it creates a sustainable and thriving commons which enables and supports additional capitalistic technology innovation. Having worked on both sides of the equation, the authors of this piece propose a vocabulary to nourish these interactions between the two sides; identified characteristics of a sustainable technology commons; identified commons models and variations; applied Appreciative Inquiry principles to one commons model; and identified future research areas.

In this document, we define a set of user flows and describe the associated Action Objects that support a Hub-centric approach to the request, issuance, presentation, verification, and revocation of interoperable attestations. This document extends the Identity Hub Explainer.

  • Introduction to DID Auth
    • by Markus Sabadello, Kyle Den Hartog, Christian Lundkvist, Cedric Franz, Alberto Elias, Andrew Hughes, John Jordan & Dmitri Zagidulin

The term DID Auth has been used in different ways and is currently not well-defined. We define DID Auth as a ceremony where an identity owner, with the help of various components such as web browsers, mobile devices, and other agents, proves to a relying party that they are in control of a DID. This means demonstrating control of the DID using the mechanism specified in the DID Document’s “authentication” object. This could take place using a number of different data formats, protocols, and flows. DID Auth includes the ability to establish mutually authenticated communication channels and to authenticate to web sites and applications. Authorization, Verifiable Credentials, and Capabilities are built on top of DID Auth and are out of scope for this document. This paper gives on overview of the scope of DID Auth, supported protocols and flows, and the use of components of the DID Documents that are relevant to authentication, as well as formats for challenges and responses.

We identify use cases and requirements that connect threads of work happening in the Rebooting Web of Trust community around: educational achievement claims (particularly using the Open Badges vocabulary); use of decentralized identifiers (DIDs) within web services where educational claims circulate; and integrating blockchain-reliant verification layers. We illustrate each of these cases with a set of example documents and describe user stories for Open Badges ecosystem software in the roles of Issuer, Host/Backpack, Displayer, and Verifier that need to be implemented in order to enable the capabilities described.

This document proposes the formation of a short-term team to develop consistent messaging for the Self-Sovereign Identity (SSI) market. It will target key stakeholders who would actively promote SSI adoption. The goal is to create an SSI market roadmap. This roadmap will help SSI leaders, standards bodies, developers, academics, media, and investors coordinate and clarify their messaging for the market, to accelerate the SSI adoption.

Rebooting the Web of Trust VII

The seventh Rebooting the Web of Trust design workshop, ran near Toronto, Canada, on September 26th to 28th, 2018.

The Bitcoin Reference (BTCR) DID method supports DIDs using the Bitcoin blockchain. This method has been under development through Rebooting Web of Trust events and hackathons over the past year. The BTCR method’s reliance on the Bitcoin blockchain presents both advantages and design challenges. During RWOT7, the authors made a number of design and implementation decisions – largely scope-cutting in nature – in order to lock down a Minimum Viable Product (MVP) version, which we’ll refer to as v0.1. This paper documents those decisions, which will apply to the upcoming v0.1 BTCR method specification and associated v0.1 BTCR reference implementation.

  • A DID for Everything (Text)
    • Shaun Conway, Andrew Hughes, Moses Ma, Jack Poole, Martin Riedel, Samuel M. Smith Ph.D., and Carsten Stöcker

The decentralized identifier (DID) is a new and open standard type of globally unique identifier that offers a model for lifetime-scope portable digital identity that does not depend on any centralized authority and that can never be taken away by third-parties. DIDs are supported by the W3C community and the Decentralized Identity Foundation (DIF). They are the “atomic units” of a new layer of decentralized identity infrastructure. However, DIDs can be extended from identifiers for people to any entity, thus identifying everything. We can use DIDs to help us identify and manage objects, machines, or agents through their digital twins; we can expand them to locations, to events, and even to pure data objects, which we refer to as decentralized autonomic data (DAD) items.

The paper will present novel use-cases for DIDs and DADs and propose a new cryptographic data structure that is a self-contained blockchain of DADs. This enables the verification of the provenance of a given data flow. It builds on a prior paper and an associated reading.

One of the major problems with bootstrapping self-sovereign identity is that it requires adoption by a large number of people. Pushing self-sovereign identity from the top-down is most likely to result in a technology that’s not actually used, but instead encouraging the average person to demand self-sovereign identity from the bottom-up will result in the organic development of a vibrant, well-utilized decentralized web-of-trust ecosystem.

This paper addresses that need by offering arguments to a variety of people who might be reluctant to use self-sovereign identity, uninterested in its possibilities, or oblivious to the dangers of centralization. By focusing on the needs of real people, we hope to also encourage developers, engineers, and software business owners to create the apps that will address their reluctance and fulfill their needs, making self-sovereign identity a reality.

Since the emergence of the Decentralized Identifier (DID) specification at the Fall 2016 Rebooting the Web of Trust [1], numerous DID method specifications have appeared. Each DID method specification defines how to resolve a cryptographically-tied DID document given a method-specific identifier. In this paper, we describe a way to represent the DID document as a content-addressed Merkle Directed Acyclic Graph (DAG) using Interplanetary Linked Data (IPLD). This technique enables more cost-efficient, scaleable creation of DIDs and can be applied across different DID method specifications.

Aunthenticity is a challenge for any identity solution. In the physical world, at least in America, it is not difficult to change one’s identity. In the digital world, there is the problem of bots. The botnet detection market is expected to be worth over one billion USD by 2023, in a landscape where most digital activity is still heavily centralized. These centralized digital solutions have the advantage of being able to track IP addresses, request phone verification, and present CAPTCHAs to users in order to authenticate them. If this problem is so difficult to solve in the centralized world, how much more challenging will it be in the decentralized world, where none of these techniques are available?

In this paper, we explore the idea of using a web of trust as a tool to add authenticity to decentralized identifiers (DIDs). We define a framework for deriving relative trust degrees using a given trust metric: a “trustworthiness” score for a given identity from the perspective of another identity. It is our intent that this framework may be used as a starting point for an ongoing exploration of graph-based, decentralized trust. We believe this approach may ultimately be used as a foundation for decentralized reputation.

Currently, the Web provides a simple yet powerful mechanism for the dissemination of information via links. Unfortunately, there is no generalized mechanism that enables verifying that a fetched resource has been delivered without unexpected manipulation. Would it be possible to create an extensible and multipurpose cryptographic link that provides discoverability, integrity, and scheme agility?

This paper proposes a linking solution that decouples integrity information from link and resource syntaxes, enabling verification of any representation of a resource from any type of link. We call this approach Resource Integrity Proofs (RIPs). RIPs provide a succinct way to link to resources with cryptographically verifiable content integrity. RIPs can be combined with blockchain technology to create discoverable proofs of existence to off-chain resources.

In this paper we cover various scenarios where some or all parties have intermittent, unreliable, untrusted, insecure, or no network access, but require cryptographic verification (message protection and/or proofs). Furthermore, communications between the parties may be only via legacy voice channels. Applicable situations include marine, subterranean, remote expeditions, disaster areas, refugee camps, and high-security installations. This paper then recommends solutions for addressing offline deployments.

Topics and Advance Readings

In advance of the design workshop, all participants are requested to produce a one-or-two page topic paper to be shared with the other attendees on either:

  • A specific problem that they wanted to solve with a web-of-trust solution, and why current solutions (PGP or CA-based PKI) can’t address the problem?
  • A specific solution related to the web-of-trust that you’d like others to use or contribute to?

RWoT 1

RWoT ID2020

RWoT 3

RWoT 4

RWoT 5

The following advanced readings have been prepared as primers, intended to give you a foundation in some of the topics that may be discussed at the design workshop:

Here are the rest of the advance readings to date:

RWoT 6

RWoT 7

License

Unless otherwise noted, all RWoT Completed Papers, Topics and Advance Readings are licensed Creative Commons CC-BY.

RWoT Github Listing

Workshops

See Also


Ecosystem Overview

This page includes a breakdown of the Web Standards, Protocols,Open Source Projects, Organizations, Companies, Regions, Government and Policy surrounding Verifiable Credentials and Self Sovereign Identity.

Updated: 2024-02-26 4 minute read

Tags:

Verifiable Credentials with JSON-LD and BBS+ Signatures

BBS signatures were implicitly proposed by Boneh, Boyen, and Shacham (CRYPTO ’04) as part of their group signature scheme, and explicitly cast as stand-alone signatures by Camenisch and Lysyanskaya (CRYPTO ’04). A provably secure version, called BBS+, was then devised by Au, Susilo, and Mu (SCN ’...

Updated: 2023-09-29 8 minute read

Tags:
BBS
Data Integrity
JSON-LD
Verifiable Credentials
W3C

Verifiable Credentials with JOSE (JWT) / COSE (CBOR)

Digital proof mechanisms, a subset of which are digital signatures, are required to ensure the protection of a verifiable credential. Having and validating proofs, which may be dependent on the syntax of the proof (for example, using the JSON Web Signature of a JSON Web Token for proofing a key h...

Updated: 2023-09-09 12 minute read

Tags:
COSE
IANA
JOSE
JWT
Verifiable Credentials
W3C

Verifiable Credentials (ZKP-CL) Anoncreds

This credential format was created specifically to leverage the CL Signatures. JSON-JWT and JSON-LD Signatures each have their own way of representing the meaning of the attributes within a VC. JSON-JWT references an IANA registry and assumes a “closed world” authority model based on that authori...

Updated: 2023-09-29 6 minute read

Tags:
Anoncreds
Evernym
Hyperledger Foundation
IBM
IDEMIX
Sovrin Foundation
Verifiable Credentials
W3C
ZKP-CL