This repository contains documents related to RWOT8, the eighth Rebooting the Web of Trust design workshop, which will run in Barcelona, Spain on March 1st to 3rd, 2019. The goal of the workshop was to generate five technical white papers and/or proposals on topics decided by the group that would have the greatest impact on the future.
Visit http://rwot8.eventbrite.com for more information and to purchase tickets.
Event details for attendees (schedule, hotels, transportation) (pdf 14MB)
In advance of the design workshop, all participants produced a one-or-two page topic paper to be shared with the other attendees on either:
- A specific problem that they wanted to solve with a web-of-trust solution, and why current solutions (PGP or CA-based PKI) can't address the problem?
- A specific solution related to the web-of-trust that you'd like others to use or contribute to?
NOTE: To add a paper, create a pull request to this repo with your contribution (preferably .md file or PDF), along with updates to the README.md here and in the Topics and Advanced Readings folder with a link to your paper and your name. Please also include a byline with contact information in the paper itself.
Here are the advanced readings to date:
These primers overview major topics which are likely to be discussed at the design workshop. If you read nothing else, read these. (But really, read as much as you can!)
- DID Primer — Decentralized Identifiers (extended version also available)
- Functional Identity Primer — A different way to look at identity
- Verifiable Credentials Primer — the project formerly known as Verifiable Claims
- Glossary of Terms — A terse lexicon of Web of Trust words
-
A DID for Every Thing: Driving Event Data Chain
- by Carsten Stöcker and Michael Rüther
- "Our broader objective is to establish a scalable digital twin protocol and a technology layer for autonomous things."
- #verifiableclaims #reputation #IoT
-
- by André Cruz, João Santos, and Pedro Teixeira
- The Identity Manager is a unified identity wallet that aims to support multiple DIDs and multiple DID-methods
- #DID #VC #DID-Auth #apps #UI #UX #wallet
- Specification
-
- by Drummond Reed
- "Besides discoverability of different decentralized networks, DID namespace linking also enables building bridges between different governance frameworks and trust assurance models—key building blocks of a global web of trust."
- #reputation
-
- by Brent Zundel
- "Work on a DID Method spec for P2P DIDs as a special subset of DIDs that are not universally resolvable on some ledger or central storage infrastructure, but only within the group where they are used."
- #ledgerless
- Specification
-
Proof of Key Ownership with OpenID Connect Self-Issued Identities
- by Michael B. Jones
- "Proving ownership of a DID requires proving ownership of a private key corresponding to a public key for the DID. Microsoft is experimenting with using OpenID Connect Self-Issued Identities to prove ownership of DIDs."
- #OpenID #Connect #Self-Issued #DID
-
Querying Bitcoin blockchain for BTCR support
- by Kulpreet Singh
- "I describe the progress made during the BTCR hackathon towards providing a community service for querying the bitcoin blockchain as a means to support clients building BTCR DID resolvers using the BTCR DID method."
-
- by Shigeya Suzuki
- "One of the ways to support references for multiple ID scheme everywhere is developing a general Universal ID Reference scheme, which covers not only the references to DID but also Distinguish Name-based scheme or possibly others."
- #PKI #interoperability
-
Identity Containers. Blockchain implementation proposal with DIDs & ERC725
- by Alex Puig
- "Long story short, We suggest to store just a Merkle Root of the keys and claims being holded by an entity (user, organization..,) and set a list standard endpoints to query and interact between entities. This way most of the information is transferred off-chain and the whole system should be GDPR compliant."
- #VC #ERC725 #DKPI #GDPR
- Full Proposal
-
- by Carsten Keutmann and Tim Pastoor
- "The Digital Trust Protocol (DTP) is a solution for the handling of trust in the digital space. The protocol is broadly designed to work with all aspects of trust; this includes identity, reputation, and security. The Protocol allows anyone, including software, to issue their own cryptographic identities, for the use of trust and reputation and be able to verify those of others, without the need for a trusted third party."
- #VC #DPKI #reputation
-
Current Status of the DID Specification
- by Amy Guy and Dmitri Zagidulin
- A summary of open issues and discussion topics for moving the DID Specification forward.
- #DID #W3C #CCG
-
- by Markus Sabadello and Nader Helmy
- "Interest in building blockchain-agnostic SSI solutions is increasing, so let's expand the concept of the Universal Resolver to more DID operations, like Create, Update and Revoke."
- #DID #DPKI
-
- by David Stark
- If we use DIDs and Verifiable Credentials how can we make sure that users are not being tracked across the web.
-
Decentralized Identity Fee Market
- by Yancy Ribbens
- Micro-payments and DID (Decentralized Identities) can enable a user to curate their online identity, request payment or mark data private. This article proposes allowing a fee market to develop around what information a user chooses to reveal about their identity in the context of verifiable credentials.
-
A Self-Sovereign Identity Framework/Thought Model proposal
- by Rieks Joosten
- "The SSIF provides a thought model and corresponding terminology that allows us to think in a precise manner about SSI within the context of its purpose(s) - which for us is the generic enablement of electronic support for (administrative) business transactions."
- #commonlanguage
- Model
-
Aligning SSI with European Union identity legislation (aka eIDAS Regulation)
- by Nacho Alamillo and Santi Casas
- "This paper aims to advance the alignment of SSI solutions with the eIDAS Regulation regarding electronic identification."
- #DID #eIDAS
-
Decentralized Digital Identity: The Book
- by Alex Preukschat and Drummond Reed
- Outline for a book on decentralized digital identity
-
- by Eric Welton
- "The technical cost of experimenting with and evaluating web-of-trust technology, SSI and other, remains bewilderingly high. This situation hinders broad adoption."
-
- by Michael Shea
- "This paper aims aims to provide a strategic analysis of the SSI space to identify the areas where additional focus is needed to prevent a mis-direction, hijacking or failure to reach a critical market presence."
- #ssi #strategy
- On Interpersonal Data
- by Philip Sheldrake
- "It turns out that there is very few data that may be described as purely personal data. That lunch date, that genome map, those photos, that joint bank account — all turn out to be interpersonal data."
- #data #reputation
- Structures of Identity PDF MD
- by Ethan Brown
- Graphical explorations of current identity structures and alternatives.
- #namespace
- Contextual Non-Discrete Identity
- by Siu Kei Chung
- Philosphical exploration of non-discrete identities based on context of application.
- #context #data #relative
- Legal Frameworks for Humanity in the Digital Age
- by Elizabeth M. Renieris
- "We are allowing the tides of technology and commerce to haphazardly turn everything into commodifiable data. But will we allow ourselves to be reduced to data points and, worse yet, commodified? If we are not deliberate about designing the correct legal frameworks for humanity in the data-driven age, we risk losing sight of our fundamental rights as humans."
- #data #rights
-
- by Jack Poole
- How can users be educated of the privacy implications of sharing multiple attributes about one’s identity, and what role can software agents have?
-
Decentralized Trust for Software Components
- by Sean Gilligan
- "A computing device cannot be secure if an attacker is able to surreptitiously insert malicious code on it. Current solutions for signing and verifying computer software — both source code and binaries — generally rely on the same flawed, hierarchical systems as our network connections do."
-
- by Oleg Burundukov and Eduardo Moraes de Morais
- In accordance to GDPR law, an owner of data has the right to withdraw the initial consent and to request to erase the data. To execute this the owner has to hold an evidence of the interaction. The owner of digital data needs to obtain the digital proof of what and with whom the data have been disclosed.
-
- by Boyma Fahnbulleh
- Handshake is a decentralized, permissionless naming protocol compatible with DNS. The aim of the protocol is to replace the root zone file and the root servers with a public commons.
-
Introductory Capability DHT Concept
- by James Foley
- Considering the concept of a DHT for Introductory Capability Routing for object capability based decentralized applications.
-
- by Oliver Terbu and Andres Junge
- "The goal is to continue the work on an OIDC profile for SSI based on [NS18] and [II18], and finalize the first version of it."
- #VC
-
PSDAD - Data Format with Secure Semantics
- by Sandro Hawke
- "Existing data serialization formats like JSON, JSON-LD, XML, and even ASN.1 (with its various encoding rules) work well enough for conventional computing environments, but they fall short when high levels of both trust and decentralization are required. PSDAD (plaintext self-describing assertional data) is a proposed new approach which uses natural language strings simultaneously as identifiers, delimiters, and documentation, resulting in a surprisingly simple and robust system with distinct advantages over known approaches in certain environments."
- #data
- Specification
-
Rethinking Priorities: Should Identity Systems Divide or Unite People?
- by Bryan Ford
- "The problem of identity has become a hot topic, with the idea of self-sovereign identity in particular attracting significant excitement. The essence of the idea, in short, is to put users in charge of how their identities and personal data are used. Self-sovereign identity posits that users should decide how much and what aspects of their identities to disclose in any situation, and should know and have control over what that information is used for."
-
- by David Lamers
- "The universal ledger agent (ULA) is a component that is implemented by the app and the verifier. The ULA makes it possible to retrieve credentials from issuers, independently which standards and blockchain they use. Also, a verifier can accept and verify credentials from multiple standards."
- #DID #VC #GDPR #ERC780
-
Zero-knowledge proofs in identity systems
- by Jordi Baylina and David Suarez
- "Privacy is key to identity systems, and Zero-knowledge proofs (ZKP) are core to maintain confidentiality over user data, but still being able to transact by receiving claims and proving these to a third party."
-
A New Approach to Social Key Recovery
- by Christopher Allen and Mark Friedenbach
- "The goal of social key recovery is for the user to specify groups of individuals that together possess the ability to recover the root secret of a wallet."
- #shamirsecretsharing #sss #keymanagement #masterseed #keyrecovery
-
Security Considerations of Shamir's Secret Sharing
- by Peg
- "Issues with private key management often pose barriers to the adoption of empowering decentralised technologies and this is exactly what this project aims to address. ... Threshold-based secret sharing schemes provide a powerful tool to address the private-key custody problem. There are promising solutions to the issues explored in this article. However, we have focussed here mainly on technical limitations of such schemes."
- #reputation #shamirsecretsharing #keymanagement
-
Implementing of threshold schemes
- by Daan Sprenkels
- "Shamir secret sharing is a method to split secrets into shares, and to later recombine them. However, it does not feature integrity protection of the secret. This article elaborates on Feldman VSS and Pederson VSS, which do protect the message integrity. Furthermore, we show how hashing the shares also protects the message integrity, but is vulnerable to a cheating dealer.
- #shamirsecretsharing #keymanagement
-
Social Key Recovery Design and Implementation
- by Hank Chiu, Hankuan Yu, Justin Lin & Jon Tsai
- "Social Key Recovery aims to provide an alternative and interesting way to help user backup their cryptocurrency mnemonic phrase. Currently user needs manually to write down all his mnemonic phrase on a piece of paper and locks it in a safe, which is troublesome to user. To solve user’s pain in backup, Social Key Recovery tries to propose a social way to help user backup their mnemonic phrase."
- #shamirsecretsharing #sss #keymanagement #keyrecovery
-
Bringing the Dependencies of a BTCR Wallet to the Swift Ecosystem
- by Wolf McNally for Blockchain Commons
- "While all the code to implement something as complex as a DID resolver or registrar could be written entirely in Swift, it makes sense to leverage code already written in other languages, and use Swift as a top-level language used to tie heterogenous modules into a unified application, whether it be a mobile application or server. This document surveys programing languages and technologies of interest, discusses issues of interoperating with Swift, and lists software packages of note."
- #Swift #UX #iOS #DID
-
Digital Identity for the Homeless
- by Mike Varley and Matthew Wong
- "The focus of this topic is how to apply existing decentralized digital ID solution to help individuals experiencing homelessness in the city (Toronto). E.g. how to reserve services such as overnight shelters with digital ID, keep track of certificate offered by free public organized re-training programs, and built credibility via repeat use the the same digital ID with varies services run by non-profit organizations in the city etc."
- #reputation
-
Designing an Educational Credentialing Ecosystem
- by Kim Hamilton Duffy, J. Philipp Schmidt, and Joe Andrieu
- "One goal of this exercise was to understand whether (1) certain emerging SSI standards -- including Verifiable Credentials (VCs), Decentralized Identifiers (DIDs) -- and (2) blockchain anchoring are essential to the simplified digital verifiable credentialing system. If so, we wanted to trace them to specific requirements. An additional goal was defining a threat model, to understand which aspects could be handled by the system, and which must be addressed by other systems. ... Our concern is that an effective digital credentialing ecosystem would make fraud within an issuing organization more appealing, so our final goal of this paper is to raise awareness among the broader SSI community."
- #DID #VC
-
Assist underrepresented groups when entering the labour market through self sovereign identity
- by Karolin Siebert
- "As a consequence of increasing migration we have workers educated by a wild mix of educational systems, this should not be limiting them from approaching and receiving positions that they actually would like to work in and would be suitable for. Official diplomas and certificates, proving previous studies and work experience, are not necessarily recognised, available in physical form or easily translatable in a certified manner. In addition to that and estimate of the World Bank states that 1 Billion of people are without a formal identity. Being assigned one would give them better access to the work market since just their physical presence and knowledge is not enough in many cases, but rather we require proof for education and experience."
- #DID #VC
-
- by Alberto Elias
- "I've been doing some user testing with both developers and non-technical folks and every single one of them has complained about the authentication and registration flows. We all agree that this work is for nothing if people don't end up using them. This community is definitely human-focused, but initial DID implementations haven't nailed the user experience yet."
- #DID #VC #socialkeyrecovery
-
Designing Identity for People & Places
- by Venn Agency - Sam Chase, Joni McKervey, and Benji Miller
- "This paper will explore how we may architect a more complete individual sovereignty via privacy and place identity as a person moves between private and public physical locations (home, transit, work etc). By mapping our rights and reasonable expectations to privacy across different contexts and comparing with the rights of devices in our spaces, we’ll seek to outline systems of access and control that work in accordance with the rights and needs of both sides."
- #DID #IoT
-
Journalistic use-cases for SSI: signatures, verified claims, and canonical-text registries
- by Juan Caballero and Jefferson Sofarelli
- "Our long-term proposal is to design an SSI-platform-agnostic DID widget or middle-ware system for CMSs such that at the time of committing a canonical version of a published piece on a given publication's CMS, that canonical version could be hashed and signed, with signature and hash being stored in an immutable, external record against which the signature could later be checked (i.e., making a verifiable claim of authorship linking the article's original published form to a DID controlled by its author)."
- #DID #VC #reputation
-
Financing a Self-sovereign Technology Stack
- by Adrian Gropper
- Business models for autonomy through self-sovereign identity and self-sovereign technology are experimental. The standards are just starting to gel. Business structures for sustainable decentralized and potentially autonomous systems are still to be invented.
- #agent #business
-
Designing Trust in Identity Systems
- By Bentley Farrington & Bart Suichies
- Putting the ID holder at the center of an identity system comes with great opportunity, but also introduces new risks and barriers to adoption. Many of these are non-technical and such, should be explored in multi-disciplanary way. We propose a human centered design approach to tackle some of these issues and help shift the focus to not just the technical feasibility, but also inclusive usability. This is a prerequisite to creating an identity system which combines technical and human trust elements.
- #UX #trust #adoption #design
-
EU Digital Signature vs. VC Model
- by L. Boldrin
- To some extent a pdf signed document (or xml, json...) can be used to make trustworthy information about me available to a verifier. People ask: Why do we need VCs? What is the additional value they bring? This note provides an initial hyoothesis which I would like you to challenge: VCs without ledger provide, as added value, subject confirmation and anonymity/pseudonimity support. VCs with ledger provide, as a further value, just VC revocation."
- #digitalsignature
-
Exploring adoptation of VC sharing to provide value today
- by Snorre Lothar von Gohren Edwin
- "With Verifiable Credentials it is important to ask the question what are we expecting the issuer, the holder, and / or the verifier to do? While still making it simple enough for all the users and keeping the needed level of trustworthiness. Sharing is what provides the end value for both the verifying and the sharing party. If there is no sharing, the issuance of the VC has gone to waste. Hence if we are to provide value for the sharing party today, we have to ask the questions of where is this adopted, how can we make this adoption effortless? Can we put most of the work on the service providers? Is the user or another service expected to install software? If so, install software where? Is that software domain-specific or integrated with some existing software?"
-
How Do We Bootstrap the Web of Trust for VC
- by Matt Stone and Dan Burnett
- "In the world of Verifiable Credentials, it is essential that Verifiers can trust Issuers. To this end, there must be a common understanding of the 'functional identity' of the Issuer. How do humans establish the appropriate level understanding to trust the artifact with conviction? i.e. how does one link 'this key' to 'that real world entity (person, company, etc)'"
- #DID #reputation
-
- By Will Abramson
- "Developing flexible mechanisms for judging the trust of an attribute presentation is going to be essential to driving the network affects needed for widespread adoption of Verifiable Credential based identity networks."
-
Verifiable Claims for Postal Address
- by Moses MA
- "This is a proposal to facilitate the collaborative drafting of a technical paper that describes the principles and key design considerations for a use case for verifiable physical address claims. Individuals within the global postal network now seek to understand the “decentralization revolution” and help to develop game-changing, blockchain-powered new business models for the world."
-
Using Immutable Data Objects by Ken Ebert
- by Ken Ebert
- "Verifiable Credentials are strengthened by providing immutable data objects that provide a full definition of the data being signed. This is particularly true for objects with ZKP style signatures, where a more granular description of the data is required in order to support disclosure and predicate proofs on a per-property basis."
- #VC #Schema #ZKP
-
Multiformat Superfriends (The Multibase, Multihash, and Hashlink Specifications)
- by Manu Sporny and Ganesh Annan
-
Current Status of the DID Specification
- by Amy Guy and Dmitri Zagidulin
- A summary of open issues and discussion topics for moving the DID Specification forward.
- #DID #W3C #CCG
-
Identity Manager Specification
- by Adin Schmahmann, André Cruz, and Pedro Teixeira
- A draft specification of the Identity Manager components, interfaces and protocols
- #spec #DID #VC #DID-Auth #apps #wallet
-
Peer-to-peer DID Specification
- by Brent Zundel
-
- by Sandro Hawke
-
Verifiable Displays: secure presentation of Verifiable Credentials in HTML
- by Bohdan Andriyiv
- A rough outline of the specification for tamper-proofed, future-proofed, “anywhere renderable”, "truly portable" Verifiable Displays of Verifiable Credentials in HTML format.
- #VerifiableDisplays, #VerifiableCredentials, #Hashlink, #HTML
-
libp2p for DID Authentication and the exchange of Verifiable Credentials
- by jonnycrunch
- "In our last paper we presented how IPLD could be used as a generalized framework to repesent and resolve the DID document. In this paper, we will describe a way to perform DID authenication and thereby proove ownership of the private key that is presented in the DID document utilizing the libp2p protocol."
- #DID Auth #libp2p #ipfs #ipid #verifiableclaims