- Please propose a definition of digital identity. Invite others to collaborate
Antonyms: anonymity, sibyl, clone.
Framework to consider identity in OVN
Trend --> identity and reputation will be increasingly detached from vertical integration and provided as powered by composable protocols (think about Lens protocol, a composable social graph and social interaction protocol that is gaining ground in the web3 space);
Identities must be verifiable, unique, secure, private, and portable.
Note that most ideas about identity are construed in a paradigm of control and domination. Birth certificate, passport, social security number, driver’s license are instruments used to link the physical you to actions that are in the interest of the government, for various purposes such as paying your taxes and accessing benefits provided by the governmental institutions. At the opposite of this is the anarchist thinking or paradigm. But the important thing to consider here is that these instruments are mistaken for identity. Identity is not to be understood from a bureaucratic perspective, but from a psychological and social perspective - see Wikipedia.
In the context of OVN / OVNi, one of the most important function of identity is access (to resources and processes). In this context, the question becomes how do we provide access to an individual to economic activity in a very low friction way, in the spirit of openness. What does it take to make p2p economic activity efficient and effective, and at the same time humane, rewarding, enriching.
For example, partaking in the activities of the Bitcoin Network (as a minor or engaging in transactions) is totally anonymous, doesn’t require one to provide information about one’s life. In this context permissionless only requires a piece of hardware, the open source software and energy, all situated outside of the network, under total control of the individual. Identity becomes irrelevant (who I am, where I live, what culture I partake in, etc.). This is the essence of a trustless environment. The OVN model, is built on similar principle of minimal information required about social aspects of agents. In other words, OVN is not about control, but about maximizing economic freedom. This is not a matter of ideology or preferences, there are economic arguments for it (more on the Openness page).
To contribute to an open venture an agent doesn't need show credentials, similar to contributing to an open source project or to Wikipedia. Benefits are distributed based on work done, not based on a promise of work, with a peer review process in place for validating the pertinence of the work done. An agent doesn't need to demonstrate prior knowledge or experience, doing it right it’s all that matters.
Privacy vs network efficiency
Privacy: provide maximal control over data to agents. Data from the history of contributions (what, how much and how) can be gathered to form an individual profile. These emergent qualities can be used by other peers and by automated agents (bots) to improve / smooth economic activity. For example, an agent can be notified of new tasks that match past activity. To be true to our principles, the agent is given the choice to make available information about his/her participation, to share it only with a set of agents, to keep it private, or to treat every new interaction with the system as first one (like deleting the browser cash after every connection to a website). In other words, the agent must be given the choice allow an individual profile to be formed from past activity or not, weighing the pros and cons, the benefits and the potential harm. Moreover, zero-knowledge proof technology allows agents to prove that they are able to to something based on their past experience (personal data about their past activities), without providing access to that data.
Portability of personal data-sets, transfer or share such data based on user choice. How can numerous datasets and requests for processing can be managed effectively while securing privacy and having users as the owners of their data?
- Automatic anonymisation of data and strengthening identity management systems.
- On permissionless blockchains ephemeral signing keys are used, but that hinders auditability and transparency purposes (track back a user). Explore cryptographic tools such as anonymous credentials (e.g. Idemixer) to allow users to sign transactions without disclosing their actual identity and to prevent any two different transactions from being linked.
- Use public/private keys and zero-knowledge proofs. Implementations: Sovrin and uPort.
- Allow smart contracts to verify strongly encrypted transactions. Explore zero-knowledge proofs and multi-party computation to enable verifiability without hindering privacy. Make trade-offs between efficiency and privacy and the possibility of relying on SGX technology (description only at the CPU level) when cryptographic solutions fall short.
Note that anonymity and individual profile formation through records of activity are not mutually exclusive. One can have a pseudonym identity as an affiliate, a contributor to a project / venture, without linking the individual profile to the physical self. This is also the case of Bitcoin participants, which are represented on the network by a wallet. All activity associated with a wallet is public information, but the link to the physical self is not provided by the network. The risk is that the more information is available the greater the chance to triangulate the physical self.
Some rants about identity
Identification means revealing one's identity and we often mistake credentials for identity. You don't necessarily need to identify yourself to gain access to a process, to perform an action. In the real world, when you take the bus you don’t need to tell the driver all about yourself before boarding, you just show your ticket, which is the credential required to access the transportation service, acquired by paying for the service (condition). When you go to the store to buy a beer you don't need to tell the seller who you are, you just pay. These low-friction transactions is what makes the current economic system scalable and powerful. It is a feature of a transactional economy.
In reality, no one really has access to our identities (note the plural use!). People have multiple identities and they are all shifting in time: one can be a father at home, an employee at work, a friend, an artist, etc. We also need to make a distinction between identity and persona, which is a semiotic construct, a system of symbols that we provide to others so that they can formulate an idea (a model) about “who we are”. The persona is fabricated by us and can be misinterpreted by others.
What about the physical you? When strangers see you on the street they don't identify you, they just see your body and can associate the effects of your actions with the physical you, as causation, you being the cause of these effects. They also have access to symbols that surround your physical body, your dress code, hair cut, accessories, which tells them something about you (religion, ideology, political affiliation, social status, etc.), which composes your persona. But they don't necessarily know that you are a father, that you live in house near the park (because you like green spaces), that you share particular values with your community members, etc. So there is the physical you, the genuine you, based on the life you live and on circumstances, and there are your different personas, at home, at work, at the store, online, etc. Then we can talk about your credentials, or the features about you that make people trust you in a given situation and grants you access to stuff. For example, you're allowed to enter a building because people trust that you cannot do property damage, or to drive a car responsibly and safely. Your culture, family situation and profession are irrelevant when it comes to you driving a car.
Your passport (a credential) has a dual function, to let the authorities know where to find the physical you (your address) and to provide you access to services and benefits in a given national context. Furthermore, your passport is issued in such a way that it is unique and associated only with the physical you. That's why there is a photo of you on it, your signature and perhaps even some bio-metric data. Therefore the passport also serves you to attest that you are the physical you. So there is a one-to-one relation here, authorities can find you and you can attest that that physical being that lives there is the physical you present at that moment.
Technology cannot have a single point of authority or dependency. We should be able to manage and switch between multiple digital identities, each with their own context-sensitive necessary capabilities.”
Current work on digital identity
- the following comes from various sources, to establish the state of the art in this field.
Frameworks for developing web3 identity.
- Legacy identity systems: rely on pieces of papers or identity cards issued and mediated by a 3rd party (a government, university, employer, etc). Provenance is established by calling up the 3rd party for a confirmation.
- Pseudonymous Economy: combining reputation systems with zero-knowledge proof mechanisms to preserve privacy. It envisions people accumulating transferable zero-knowledge (ZK) attestations in their wallets and evading reputational attacks by transferring a subset of attestations to new wallets, or splitting the attestations among multiple wallets, presumably without traceability
- Proof of personhood: provide tokens of individual uniqueness, to prevent Sybil attacks and allow non-financialized applications. They rely on approaches such as global analysis of social graphs , biometrics , simultaneous global key parties, or some combination thereof. Focused on achieving global uniqueness —rather than social identities mapping relationships and solidarities. Treat all humans the same, not as differentiated human beings.
- Verifiable credentials (VCs): sets of claims about an agent (individual or organizations) of which the provenance and immutability can be proved and that can optionally come with additional assurances. Zero-knowledge proofs can be used.
Three digital ID systems being actively used: (a) centralized; (b) third-party based; (c) and self-sovereign ID systems. One of the fundamental requirements is, in fact, that identities remain portable, and that people retain control over their personal data by choosing with whom it can be shared and for what purposes. A true decentralized solution would enable people to maintain full control over their personal data (with a real self-sovereign identity solution).
Decentralize/distributed digital identity management tools eliminate the need of a single credential issuer. This can work with anonymous p2p networks.
- Uniqueness: Each agent in the environment possesses an identity that is unique with a very high level of confidence. Identity as unique vs member, which is location based. When it is important to guarantee the 'unicity' and 'singularity' of these identities? Sibyl resistant.
- Proof of identity is proof that we are entitled to do something, that we can be made accountable. Connect to our digital traces. This leads to improved governance.
Secure biometric key solutions
Self-sovereign identity (SSI)
Can be implemented through DIDs and VCs. It can facilitate an infrastructure for the exchange of 'qualified data', i.e. data must be sufficiently qualified for making the transaction commitment decision; parties can create their own policies about which data is needed for making a particular decision, and what assurances are required to make that data qualify for doing so.
Roles in the SSI ecosystem: issue (issuer), store and provide (wallet), request and obtain (validation), and revoke (revocation) 'qualified data'. Also, digital battlers that respect (machine readable) policies, that provide the guidance needed to issue, store, provide, request, obtain, validate, revoke all kinds of data on behalf of their user, and even to negotiate transactions and make commitment decisions.
Possible outcomes using SSI
- Automatically fill webforms
- No more passwords for login, which is a form
- Reduce bureaucracy (processes and time)
- More accurate processes.
- Security, privacy and inclusion
- No login form and password - no spoofing and phishing.
- No smap
- Mutual authentication, user and service matched, both ways
- More privacy
- Efficiency and effectiveness
- Operational savings with lower validation costs and time - paper attestation, scanning and uploading documents is no longer needed, and form processors no longer need to check data, request updates etc.
- Better user experience, because only qualified data is exchanged.
Data sovereignty & self-sovereign digital identities management must be irreversibly impossible to identify an individual through any of the means “reasonably likely to be used”
Self Sovereign Identity Collaborative effort to draft the standards for digital identity amid some W3C working groups (DID draft, verifiable claims) and various other collaborative organizations such as the DIF.
Decentralized Identifiers (DIDs)
Supported by W3C - Decentralized Identity Foundation. Establishment of technical standards for interoperability, so that a variety of formats of digital identifiers can form a global identity system. Help build a direct, encrypted channel for p2p communication. DIDs also make these channels portable from one transport or one security context to another.
Some requirements - from loki on Sensorica Discord
- feedback mechanisms for the issuing org and the person/org issued
- doesn't support federated credentials
- needs to be online/offline and so easy to implement that it doesn't become an anti-pattern
- encourages compliance by making access easier, not harder
- interfaces with existing mechanisms, such as contracts, insurance, agreements.
- Control of individual identity, ability to always refer to it, update it, hide it, prevent others to claim it. Use it to access to all individual data, retrieve claims when needed;
- Open and transparent systems and algorithms used to administer and operate digital identities, relevant information and services must be transportable, and not be held by a single third-party entity
- Wide adoption of the identity platform, easily accessible and connected services, scalable and real time services
- Automated data governance to reduce costs. Appropriate metadata and data quality definition methods;
- Define the appropriate data cataloguing system to offer search and retrieval capabilities.
See Ian Grigg, Internet of Agreements, see this post, An exploration of identity.
Viney Gupta: We are using reputation to try and stop bad things happening, at the cost of enslaving people to their scores and setting up endless scam farms. What we want is not reputation, it's restorative justice. If somebody hurts you, you will guaranteeably be made whole. If I present you with proof that I am insured against bad conduct, and you trust my insurer will pay, REPUTATION is suddenly a whole bunch less important. What you want is insurance, not identity. I can safely deal with anonymous people if I trust their insurers, and their insurers are corporate and are not entitled to anonymity as an individual human is. Bad people will wind up with high premiums, and very bad people uninsurable. See discussion.
Tibi: Do we need identity or uniqueness of agent? ’’Machines can analyses a pattern of past activities of an agent and make a prediction about Bob will do x. At the same time, machines can process reports from other agents about it. I don't see these as mutually exclusive, but complementary. Therefore identity is not as important as the uniqueness of an agent/avatar. The link between the individual and the avatar (OT digital twin) can be a hard one and its uniqueness can be enforced and guaranteed but it can be obscured from the public.’’ See discussion.
Develop a Decentralised Identity Document (DID), namely a document that defines the entity's unique identity and means of verification? Some propose a Level of Assurance (LoA) score, where high scores are required in critical processes. A solution could be composed of the following elements: (i) Digitization Portal: generate and manage digital identities; (ii) Wallet App: for the user to manage and control their own identity; (iii) Integration API: communication of the identity module with different stakeholder systems.
Christopher Allen: ”The user must be central to the administration of identity. That requires not just the interoperability of a user’s identity across multiple locations, with the user’s consent, but also true user control of that digital identity, creating user autonomy. To accomplish this, a self-sovereign identity must be transportable; it can’t be locked down to one site or locale. A self-sovereign identity must also allow ordinary users to make claims, which could include personally identifying information or facts about a personal capability or group membership. It can even contain information about the user that was asserted by other persons or groups.” - For an OVN this can be achieved by using the role system.
- absolute privacy by default,
- absolute pseudonymity by default,
- strong, open source encryption always open and standard protocols and formats for all data,
- what, not who, for authorization and
- revocable, consent- based power structure.
Tools: Self-Sovereign Identity (SSI) - digital record or container of identity transactions that you control | (cryptographically) proving ownership and allowing a contract-based sharing of identity data
Move from the present fixed-identity paradigms to more flexible or fluid frameworks of “entitlements”, to allow the formulation of context-specific and attribute-based identities. Enable portability of personal data sets and allow the users to transfer or share such data with organizations of their choice for purposes and under conditions they decide and control.
About access to resources, digital of physical
See Sensorica’s Blockchain access report paper, some interesting insights about access management in general.
[Tibi] Access credentials can be automatically constructed from contribution / participation data, if the agent allows participation data to be aggregated and associated with some form of digital identity provided by the context. The idea here is to create portable credentials that can be interpreted in other contexts and used. For example, my activity at the Sensorical lab, the use of a 3D printer there, can leave digital traces in NRP-CAS and from that data one could build 3D printing usage credentials that can be recognized by other labs, elsewhere. These credentials must be in some way associated with the physical individual, in case this individual presents himself in another lab and wants to gain access to a 3D printer. The other context / lab can verify if these credentials match their own requirements for access. The credentials must be credible / trustworthy. That is a property that can be derived from the original context that has issued the credentials in the first place. But the identity of that place and other information about the individual can be hidden (zero-knowledge proof). In a way, the context (the Sensorica lab) can have credentials for issuing credentials for accessing X or Y, as the lab can be seen as an agent (of type organization).
From a discussion on hREA Discord channel (Nov 2022): Is it OK if I understand "human agency" as you described (a series of keys) as "credencials) that provide access? There's a lot to be said about agency, credentials, reputation, identity... So this is related to how we represent an agent. That construct is related to how we represent a group, an organization, project or venture. Here access becomes important, i.e. how agents interact with organizations. There are different solutions, based on different philosophies and preferences. But I think that if we want to demonstrate / showcase the power of Holochain we should probably talk about permissionless access, or what we call openness. There's nothing new or excited in demonstrating on Holichain the capability of representing gatekeeping, or access to data and processes mediated by an admin, who gives you access based on some external considerations. That already exists, nothing sexy nor powerful about it. Web2 implementations of more open systems is Wikipedia (you don't need an account see everything -transparency, or to edit page -openness). Another example is Discourse, which grants you access to increasingly sensitive functions based on your participation or involvement. So there are no gatekeepers and the process of acquiring credentials is automated, based on the data that you generate while interacting in that particular context. No third party involved to guarantee who you are and what you can do, it's all emergent, based on some predefined rules. But all that happens in a database. Holochain can make these credentials portable, so I can gain some based on activities in one organization/context and have that, or only a part of it, being recognized in another context. One cryptographic key for one context and another cryptographic key for another context will not cut it. It's too simplistic. In practice, what one context wants to "know" for example is if I know how to use a 3D printer. Having access to a lab is one thing. But once in, I may want to know if you can do this or the other thing. With the current NRP-CAS I can scan your contributions for tasks about 3D printing and get an idea about your abilities to safely use a 3D printer. But that info sits in one database and if I go to another lab they don't have access to that info. So it's not portable. Work has been done using zero-knowledge proof to prove that you can do x without providing access to what you have done in the past. That's nice because it preserves privacy, if you want to have control over what you share or how much you share. Question is, what sexy example / demo can we show of an agent, that has some grounding in current practices and has a WAW! effect as in "how is Holochain able to manage that!?" One concept that we use for this is roles. Roles can be the user's data, owned privately, and at the extreme zero-knowledge proof can be used to prove that you can do x or y, without providing access to your data. So can roles be the key to "human agency"? The data can be very rich. But the accreditation process can be very simple. The data comes from participation in processes, taking a task, delivering something, in a context of work. These are events or verified logs of contributions.
See more on Individual profile.
Problems with current identity systems
- are very difficult to use and are complex to deploy;
- do not support many common security features, such as secret recovery, or support for multiple
- are not always sure since access to an identity may be completely lost due theft or device loss.