Rebooting the Web of Trust VII: Toronto (September 2018)

This repository contains documents related to RWOT7, the seventh Rebooting the Web of Trust design workshop, which ran near Toronto, Canada, on September 26th to 28th, 2018. The goal of the workshop was to generate five technical white papers and/or proposals on topics decided by the group that would have the greatest impact on the future.

Please see the Web of Trust Info website for more information about our community. Watch for our next event March 1st-3rd in Barcelona, Spain.

Final Papers

BTCR v0.1 Decisions (Text)

Kim Hamilton Duffy, Christopher Allen, and Dan Pape

The Bitcoin Reference (BTCR) DID method supports DIDs using the Bitcoin blockchain. This method has been under development through Rebooting Web of Trust events and hackathons over the past year. The BTCR method's reliance on the Bitcoin blockchain presents both advantages and design challenges. During RWOT7, the authors made a number of design and implementation decisions -- largely scope-cutting in nature -- in order to lock down a Minimum Viable Product (MVP) version, which we'll refer to as v0.1. This paper documents those decisions, which will apply to the upcoming v0.1 BTCR method specification and associated v0.1 BTCR reference implementation.

A DID for Everything (Text)

Shaun Conway, Andrew Hughes, Moses Ma, Jack Poole, Martin Riedel, Samuel M. Smith Ph.D., and Carsten Stöcker

The decentralized identifier (DID) is a new and open standard type of globally unique identifier that offers a model for lifetime-scope portable digital identity that does not depend on any centralized authority and that can never be taken away by third-parties. DIDs are supported by the W3C community and the Decentralized Identity Foundation (DIF). They are the "atomic units" of a new layer of decentralized identity infrastructure. However, DIDs can be extended from identifiers for people to any entity, thus identifying everything. We can use DIDs to help us identify and manage objects, machines, or agents through their digital twins; we can expand them to locations, to events, and even to pure data objects, which we refer to as decentralized autonomic data (DAD) items.

The paper will present novel use-cases for DIDs and DADs and propose a new cryptographic data structure that is a self-contained blockchain of DADs. This enables the verification of the provenance of a given data flow. It builds on a prior paper and an associated reading.

Digital Credential Wallets (Text)

Mikerah Quintyne-Collins, Heather Vescent, Darrell O'Donnell, Greg Slepak, Michael Brown, Christoper Allen, Michael Ruther

Digital Credential Wallets (DCWs) are becoming more commonplace as more of our physical credentials become digital. In this paper, we provide requirements for digital credential wallet design, offer considerations for key management of DCWs, and go over several real-life use cases.

Five Mental Models of Identity (Text)

Joe Andrieu, Nathan George, Andrew Hughes, Christophe MacIntosh, and Antoine Rondelet

Engineers of identity systems, both digital and non-digital, have assumptions and requirements that often lead to fundamentally different ideas about useful solutions. One’s preferred use cases establish mental models tailored to those uses, which in turn shape discussion and engineering of identity systems. The differences between these mental models consistently cause confusion and disagreement when advocates of different models collaborate, often without the parties realizing that others may be speaking from a distinctly different, yet valid, notion of identity. Considering different mental models allows for constructive dialogue and reconciliation of requirements, creating opportunities to address a wider set of use cases and to build systems with better overall applicability and quality.

We present five distinct mental models observed in conversations among technologists and laypeople when discussing identity. We then discuss observed patterns of discussion and design that result from the intersection of some pairs of mental models. Finally, we close with guidance for incorporating all five mental models when evaluating or designing any real-world or digital-identity system. We propose that understanding and considering these different mental models will result in more fruitful collaboration and ultimately in better identity systems.

How to Convince Dad of the Importance of Self-Sovereign Identity* (Text)

Shannon Appelcline, Kenneth Bok, Lucas Parker, Peter Scott, and Matthew Wong

One of the major problems with bootstrapping self-sovereign identity is that it requires adoption by a large number of people. Pushing self-sovereign identity from the top-down is most likely to result in a technology that’s not actually used, but instead encouraging the average person to demand self-sovereign identity from the bottom-up will result in the organic development of a vibrant, well-utilized decentralized web-of-trust ecosystem.

This paper addresses that need by offering arguments to a variety of people who might be reluctant to use self-sovereign identity, uninterested in its possibilities, or oblivious to the dangers of centralization. By focusing on the needs of real people, we hope to also encourage developers, engineers, and software business owners to create the apps that will address their reluctance and fulfill their needs, making self-sovereign identity a reality.

IPLD as a general pattern for DID documents and Verifiable Claims (Text)

jonnycrunch, Anthony Ronning, Kim Duffy, Christian Lundkvist

Since the emergence of the Decentralized Identifier (DID) specification at the Fall 2016 Rebooting the Web of Trust [1], numerous DID method specifications have appeared. Each DID method specification defines how to resolve a cryptographically-tied DID document given a method-specific identifier. In this paper, we describe a way to represent the DID document as a content-addressed Merkle Directed Acyclic Graph (DAG) using Interplanetary Linked Data (IPLD). This technique enables more cost-efficient, scaleable creation of DIDs and can be applied across different DID method specifications.

Peer to Peer Degrees of Trust (Text)

Harrison Stahl, Titus Capilnean, Peter Snyder, and Tyler Yasaka

Aunthenticity is a challenge for any identity solution. In the physical world, at least in America, it is not difficult to change one's identity. In the digital world, there is the problem of bots. The botnet detection market is expected to be worth over one billion USD by 2023, in a landscape where most digital activity is still heavily centralized. These centralized digital solutions have the advantage of being able to track IP addresses, request phone verification, and present CAPTCHAs to users in order to authenticate them. If this problem is so difficult to solve in the centralized world, how much more challenging will it be in the decentralized world, where none of these techniques are available?

In this paper, we explore the idea of using a web of trust as a tool to add authenticity to decentralized identifiers (DIDs). We define a framework for deriving relative trust degrees using a given trust metric: a "trustworthiness" score for a given identity from the perspective of another identity. It is our intent that this framework may be used as a starting point for an ongoing exploration of graph-based, decentralized trust. We believe this approach may ultimately be used as a foundation for decentralized reputation.

Resource Integrity Proofs (Text)

Ganesh Annan and Kim Hamilton Duffy

Currently, the Web provides a simple yet powerful mechanism for the dissemination of information via links. Unfortunately, there is no generalized mechanism that enables verifying that a fetched resource has been delivered without unexpected manipulation. Would it be possible to create an extensible and multipurpose cryptographic link that provides discoverability, integrity, and scheme agility?

This paper proposes a linking solution that decouples integrity information from link and resource syntaxes, enabling verification of any representation of a resource from any type of link. We call this approach Resource Integrity Proofs (RIPs). RIPs provide a succinct way to link to resources with cryptographically verifiable content integrity. RIPs can be combined with blockchain technology to create discoverable proofs of existence to off-chain resources.

Use Cases and Proposed Solutions for Verifiable Offline Credentials (Text)

Michael Lodder, Samantha Mathews Chase, and Wolf McNally

In this paper we cover various scenarios where some or all parties have intermittent, unreliable, untrusted, insecure, or no network access, but require cryptographic verification (message protection and/or proofs). Furthermore, communications between the parties may be only via legacy voice channels. Applicable situations include marine, subterranean, remote expeditions, disaster areas, refugee camps, and high-security installations. This paper then recommends solutions for addressing offline deployments.

Topics & Advance Readings

In advance of the design workshop, all participants produced a one-or-two page topic paper to be shared with the other attendees on either:

A specific problem that they wanted to solve with a web-of-trust solution, and why current solutions (PGP or CA-based PKI) can't address the problem?
A specific solution related to the web-of-trust that you'd like others to use or contribute to?

Here are the advanced readings to date:

Addressing Global/Local Barriers to Adoption of Decentralized Identity Systems by Eric Brown
Agent to Agent Communication Protocol Overview by Kyle Den Hartog
Blockcerts -- Where we are and what's next by Kim Hamilton Duffy, Anthony Ronning, Lucas Parker, and Peter Scott
Can Curation Markets Establish a Sustainable Technology Commons by Sam Chase
CapAuth by Manu Sporny, Dave Longley, Chris Webber, and Ganesh Annan
A Concept Diagram For RWOT Identity Terms by Andrew Hughes
Cryptocurrency Wallets as a Form of Functional Identity by Mikerah Quintyne-Collins and Abdulwasay Mehar
Decentralized Error Reporting by Jack Poole
Decentralized Identities and eIDAS by Oliver Terbu
Decentralized Identity: Hub Authentication & Message Encryption by Daniel Buchner
DIDDoc Conventions for Interoperability by Stephen Curran & Olena Mitovska
DIDs In DPKI by Greg Slepak
DID Resolution Topics by Markus Sabadello
Digital Identity for the Homeless by Matthew Wong, T. Tian & CG Chen
Exploring Browser Web of Trust Use Cases by Peter Snyder and Ben Livshits
Five Mental Models of Identity by Joe Andrieu
Identity Hub Permissions / Authorization by Daniel Buchner
IPLD as a general pattern for DID Documents by Christian Lundkvist
Is a Decentralized Collective Identity Possible? by Heather Vescent
Magenc Magnet URIs: Secure Object Permanence for the Web by Christopher Lemmer Webber
Measuring Trust by Tyler Yasaka
More Control for Identity Holders by Arturo Manzaneda and Ismenia Galvao
Nobody REALLY Trusts the Blockchain by Dan Burnett, Shahan Khatchadourian, and Chaals Nevile
Not-a-Bot: A Use Case for Decentralized Identity using Proximity Verification to generate a Web of Trust by Moses Ma & Claire Rumore
The Political Economy of Naming by Kate Sills
A Public Web of Trust of Public Identities by Ouri Poupko and Ehud Shapiro
Resource Integrity Proofs by Ganesh Annan, Manu Sporny, Dave Longley, and David Lehn
RWoT Tribal Knowledge: Cryptographic and Data Model Requirements by Manu Sporny, Dave Longley, and Chris Webber
The Role of Standards in Accelerating Innovation by Michael B. Jones
Scoped Presentation Request on Verifiable Credentials by Martin Riedel
Secure Crypto-Wallet Introductions by Wolf McNally, Ryan Grant
Standards for Agency and Decentralized Information Governance - Early Experience by Adrian Gropper, MD, Michael Chen, MD, and Lydia Fazzio, MD
Towards Proof of Person by Peter Watts
A Trustless Web-of-Trust by Ouri Poupko
The United Humans by Bohdan Andriyiv
Verifiable Displays by Kim Hamilton Duffy, Bohdan Andriyiv, and Lucas Parker
Verifiable Offline Credentials by Michael Lodder
What (and Who) Is In Your Wallet by Darrell O'Donnell
Digital Identity for the Homeless by Matthew Wong, T. Tian & CG Chen
Zero Trust Computing with DIDs and DADs by Samuel M. Smith

Primers

These primers overview major topics which are likely to be discussed at the design workshop. If you read nothing else, read these. (But really, read as much as you can!)

DID Primer — Decentralized Identifiers (extended version also available)
Functional Identity Primer — A different way to look at identity
Verifiable Credentials Primer — the project formerly known as Verifiable Claims
DIDs In DPKI - how DIDs fit into Decentralized Public-key Infrastructure

Complete Rebooting the Web of Trust Listing

A different repository is available for each of the Rebooting the Web of Trust design workshops:

License

All of the contents of this directory are licensed Creative Commons CC-BY their contributors.

Addressing Global/Local Barriers to Adoption of Decentralized Identity Systems

Eric Brown — [email protected] // Cultu.re – https://cultu.re/

Introduction

Decentralized identity protocols have the potential to overhaul the way we understand and interact with sovereign individuals on a micro and macro level.

With a technical infrastructure set to have such a profound impact on networks, culture, and governance, how can we ensure that the standards are openly adopted, widely integrated, and effectively embraced?

This includes individual user adoption, community implementations, and vast social, national, and global recognition and adoption of the standards. It contains communication, marketing, and community questions.

Here, we explore considerations for and barriers to adoption of decentralized identity systems.

Major Considerations

Awareness and Adoption
Community Engagement
Interoperability
Interaction Layers

Awareness and Adoption

All standards must build initial momentum to reach a critical threshold of adoption. Decentralized identity systems present a fundamental shift away from the existing infrastructure, a paradigm shift in thinking through identity, individuals, and collective organization.

This presents a problem on two fronts: building awareness of the value of this technology, and also facilitating adoption of the technology into everyday interactions. The later is likely more difficult, as it will require behaviour modification and new ways of thinking for users and organizations.

We must address questions such as:

How do you convey the value of this system to an individual user?
How do you convey the value of this to organizations, societies, and nation states that have relied, relatively successfully, on centralized structured and fragmented identity silos?
How do you get a society to embrace fundamental change?

An idea, no matter how glorious, will fall short of its goal if it is unable to reach adoption from the majority, and to integrate seamlessly and alleviate pains of the dominant, pre-existing model.

Community Engagement

The resiliency and long-term success of decentralized identity systems will come from the community that stewards it, the community that embraces it, and the community that builds it.

Open sources models have proven time and time again their ability to affect change and to improve existing systems. This happened because of a the community.

As the system evolves, incentive structures, moderation, review, audit, and development systems must be in place to maintain the integrity and innovation inherent to the systems.

Looking forward, we will need to address:

How do you attract and incentivize the appropriate talent, decision makers, and movement creators?
What components contribute to resilient, anti-fragile systems?
How do you distill wisdom from core contributors to the outer edges to increase participation and complete understanding of a complex, evolving system?

Interoperability

The freedom of choice of the individual and of the collective is paramount for the future success of governance and individual sovereignty. Individuals must be free to choose and act on these decisions. As a result, the technological underpinnings of the systems must be interoperable, or said differently, technologically agnostic.

It must not prefer, nor force, individuals into a particular modality, technology, or identity/governance model. This level of flexibility is necessary for the adoption and growth of the standards/systems.

There are more technical questions to address on the topic of interoperability:

Can the standards are systems be, or eventually become, technology and blockchain agnostic?
How can we build bridges from the existing infrastructure into the new systems, facilitating ease of adoption and reducing friction?
Is the technology accessible to all members of the community?

Interaction Layers

A particularly interesting barrier to adoption is the interaction layer, the gateway from everyday accessibility to the underlying infrastructure.

Regardless of the technical level of the technological underpinnings, the interaction layers must be approachable, intuitive, and fluid to fit any implementation size.

There are many examples of projects thinking through these interaction layers, one example being Sovrin. There is also Cultu.re, working to facilitate the integration and adoption of the web of trust standards.

The interaction layers act as the bow, tying together the gift of decentralized identity and presenting it to the commons. They bring the aforementioned considerations (awareness, community, interoperability) together in a Gestalt that allows for deep engagement and lasting resiliency.

Given the importance here, there are a few considerations we must consider:

What is the core offering that must be presented in a UX to the user?
How do you facilitate change through usability?
Can design thinking change the world? How can it contribute to this?
How can a system, designed for the individual, contribute to the collective?
What is the role of the technological infrastructure in facilitating development of the interaction layer?

Closing Thoughts

Decentralized identity systems are well poised to fundamentally alter our digital, physical, social, and global interactions. It is nothing short of a re-imagining of what identity means.

As a result, we need to re-imagine the full spectrum of its presentation, from stewarding the community, to presenting it to the world. Each stage of this process fuels the next, and in order to grow the technology and allow for adoption, we have a lot of questions to be answered.

If you have any thoughts or answers to these questions, please send them over. If you’d like, we’d love to hear what you think over at Cultu.re.

weboftrustinfo / rwot7-toronto Goto Github PK

rwot7-toronto's Introduction