Definition

Please propose a definition of digital identity. Invite others to collaborate

Framework to consider identity in OVN

Note that most ideas that are vehiculated about identity are construed in a paradox of control and domination. Birth certificate, passport, social security number, driver’s license are instruments used to link the physical you to actions that are in the interest of the government, for various purposes such as paying your taxes and accessing benefits provided by the governmental institutions. At the opposite of this is the anarchist thinking or paradigm. But the important thing to consider here is that these instruments are mistaken for identity. Identity is not to be understood from a bureaucratic perspective, but from a psychological and social perspective - see Wikipedia.

In the context of OVN / OVNi identity should be understood as access. The question is how do we provide access to an individual to economic activity. What does it take to make this economic activity efficient and effective, and at the same time humane, rewarding, enriching.

For example, partaking in the activities of the Bitcoin Network doesn’t require one to provide information about one’s life. I just need to buy a piece of hardware, install the software in it and plug it into the wall. It is irrelevant who I am, where I live, what culture I partake in, etc. Sensorica, the OVN model, is built on the same principle of minimal information. OVN is not about control, but about maximizing economic freedom.

To contribute to an open venture you only don’t even need to show credentials. Benefits are distributed based on work done, not based on a promise of work, with a peer review process in place for validating the pertinent of the work done. You don’t need to demonstrate that you can do something, doing it right it’s all that counts. That’s how open source development and Wikipedia work, that’s also the case in an OVN.

There are some descriptions about you that emerge from your contributions in an OVN, which form your identity as an affiliate. These are dimensions of reputation, based on the quality of your work, your commitment, your regularity, etc. These emergent properties of you in an OVN context are used by other peers and by automated agents to improve / smooth economic activity. For example, you can be asked to contribute to a task because your record shows that you have performed this task well in the past. To be true to our principles, you should decide if you want information about your participation to be accrued and made available, or if you want every one of your interactions with the system to be like a fresh, new one. In other words, you need to decide if you allow a digital identity to be formed from your activity or not, weighing the pros and cons, the benefits and the potential harm.

Note that anonymity and digital identity formation through records of your activity are separate things. You can have an identity as a contributor to the project by remaining anonymous, meaning not linking the emerging digital identity to the physical you.

Some rants about identity

Most people today mistake credentials and access for identity. You don't necessarily need to identify yourself to perform an action. In the real world, when I take the bus I don’t need to tell the driver all about myself before I get in. Identification means revealing one's identity and we often mistake credentials for identity. When I go into the bus I just need to show my ticket, which is essentially saying that I paid for my ride, a credential that is required for this service.

No one really has access to our identities. People have multiple identities and they are all shifting in time: one can be a father at home, an employee at work, a friend, an artist, etc.

We also need to make a distinction between identity and persona, which is a semiotic construct, a system of symbols that we provide to others so that they can formulate an idea (a model) about “who we are”. The persona is fabricated by us and can be misinterpreted.

What about the physical you? When strangers see you on the street they don't identify you, they just see your body and can associate the effects of your actions with the physical you, as causation, you being the cause of these effects. They also have access to symbols that surround your physical body, your dress code, hair cut, accessories, which tells them something about you, which composes your persona. But they don't necessarily know that you are a father, you live in a given community and share particular values with your community members, etc. So there is the physical you, the genuine you, based on the life you live and on circumstances, there is your different persona, at home, at work, at the store, online, etc. Then there are your credentials, or features about you that male people trust you in a given situation. For example, you're allowed to enter a building because people trust that you cannot do property damage, or to drive a car responsibly and safely. Your culture, family situation and profession are irrelevant when it comes to you driving a car.

Your passport has a dual function, to let the authorities know where to find the physical you (your address) and to provide you access to services and benefits in a given national context. Furthermore, your passport is construed in such a way that it is unique and associated only with the physical you. That's why there is a photo of you on it, your signature and perhaps biometric data. The passport also serves you to attest that you are the physical you. So there is a one-to-one relation here, authorities can find you and you can attest that that physical being that lives there is the physical you present at that moment.

Technology cannot have a single point of authority or dependency. We should be able to manage and switch between multiple digital identities, each with their own context-sensitive necessary capabilities.”

Current work on digital identity

NOTE: Do not take the following for cash. Adapt it to our context.

Each agent in the environment possesses an identity that is unique with a very high level of confidence - Proof of identity - proof that we are entitled to do something, that we can be made accountable. Connect to our digital traces. This leads to improved governance. Decentralized identity management tools. Eliminate the need of a single credential issuer. Can work with anonymous pep networks.

Identity (you are who you say you are) and credentials (now you can do what you are asking to do - about access), entitlement.

See also about Universal Wallets.

Explore secure biometric key solutions.

Privacy: provide total control over data to agents.

On permissionless blockchains ephemeral signing keys are used, but that hinders auditability and transparency purposes (track back a user). Explore cryptographic tools such as anonymous credentials (e.g. Idemixer) to allow users to sign transactions without disclosing their actual identity and to prevent any two different transactions from being linked.

Allow smart contracts to verify strongly encrypted transactions. Explore zero-knowledge proofs and multi-party computation to enable verifiability without hindering privacy. Make trade-offs between efficiency and privacy and the possibility of relying on SGX technology (description only at the CPU level) when cryptographic solutions fall short.

Self sovereign identity: see also Decentralized Identifiers (DIDs), supported by W3C. Use public/private keys and zero-knowledge proofs. Implementations: Sovrin and uPort.

Identity (unique) vs member (location based).

identity free approaches to every-day tasks, automatic anonymisation of data and strengthening identity management systems.

Give users more control of their own data. User control to ease the decision making and customisation of settings to give the user a role in their internet. Portability of personal data-sets, transfer or share such data based on user choice.

Three digital ID systems being actively used: (a) centralized; (b) third-party based; (c) and self-sovereign ID systems. One of the fundamental requirements is, in fact, that identities remain portable, and that people retain control over their personal data by choosing with whom it can be shared and for what purposes. A true decentralized solution would enable people to maintain full control over their personal data (with a real self-sovereign identity solution). Need to guarantee the 'unicity' and 'singularity' of these identities. As digital identifiers can be in a variety of formats, an important requirement for a global identity system is the establishment of technical standards for interoperability like the Decentralized Identifier (DID) - supported by the Decentralized Identity Foundation.

Challenge:

1. Control of individual identity ability to always refer to it, update it, hide it, prevent others to claim it. Use it to access to all individual data, retrieve claims when needed;
2. Open and transparent systems and algorithms used to administer and operate digital identities, relevant information and services must be transportable, and not be held by a single third-party entity
3. Wide adoption of the identity platform, easily accessible and connected services, scalable and real time services
4. Automated data governance to reduce costs. Appropriate metadata and data quality definition methods;
5. Define the appropriate data cataloguing system to offer search and retrieval capabilities.

How can numerous datasets and requests for processing can be managed effectively while securing privacy and having users as the owners of their data.

Decentralised identifiers (DIDs), help build a direct, encrypted channel for p2p communication. DIDs also make these channels portable from one transport or one security context to another.

Verifiable credentials (VCs), sets of claims about an agent (individual or organizations) of which the provenance and immutability can be proved and that can optionally come with additional assurances. “zero-knowledge proofs” can be used.

Self-sovereign identity (SSI) can be implemented through DIDs and VCs. It can facilitate an infrastructure for the exchange of 'qualified data', i.e. data must be sufficiently qualified for making the transaction commitment decision; parties can create their own policies about which data is needed for making a particular decision, and what assurances are required to make that data qualify for doing so.

Roles in the SSI ecosystem: issue (issuer), store and provide (wallet), request and obtain (validation), and revoke (revocation) 'qualified data'. Also, digital battlers that respect (machine readable) policies, that provide the guidance needed to issue, store, provide, request, obtain, validate, revoke all kinds of data on behalf of their user, and even to negotiate transactions and make commitment decisions.

Possible outcomes using SSI

• Convenience

Automatically fill webforms

• • No more passwords for login, which is a form
  • Reduce bureaucracy (processes and time)
  • More accurate processes.
• Security, privacy and inclusion
  • No login form and password - no spoofing and phishing.
  • No smap
  • Mutual authentication, user and service matched, both ways
  • More privacy
• Efficiency and effectiveness
  • operational savings with lower validation costs and time - paper attestation, scanning and uploading documents is no longer needed, and form processors no longer need to check data, request updates etc.
  • Better user experience, because only qualified data is exchanged.

Distributed digital identity management

Data sovereignty & self-sovereign digital identities management - it must be irreversibly impossible to identify an individual through any of the means “reasonably likely to be used”

Agent

• Anything that can perform an action
• Has agency

Agents can be individuals, groups, projects, networks.

Agents can also be bots, machines (IoT)

Are verified, unique, secure, private, portable, …

• Identities for individuals,
• Identities for resources (equipment, tools, physical spaces, ...),
• Identity for AI agents.

Self Sovereign Identity Collaborative effort to draft the standards for digital identity amid some W3C working groups (DID draft, verifiable claims) and various other collaborative organizations such as the DIF. The only infrastructure project to date that fulfills the principles of SSI, Sovrin from Evernym.

See Ian Grigg, Internet of Agreements, see this post, An exploration of identity.

https://identityinsurance.org/

Viney Gupta: We are using reputation to try and stop bad things happening, at the cost of enslaving people to their scores and setting up endless scam farms. What we want is not reputation, it's restorative justice. If somebody hurts you, you will guaranteeably be made whole. If I present you with proof that I am insured against bad conduct, and you trust my insurer will pay, REPUTATION is suddenly a whole bunch less important. What you want is insurance, not identity. I can safely deal with anonymous people if I trust their insurers, and their insurers are corporate and are not entitled to anonymity as an individual human is. Bad people will wind up with high premiums, and very bad people uninsurable. See discussion.

Tibi: Do we need identity or uniqueness of agent? ’’Machines can analyse a pattern of past activities of an agent and make a prediction about Bob will do x. At the same time, machines can process reports from other agents about it. I don't see these as mutually exclusive, but complementary. Therefore identity is not as important as the uniqueness of an agent/avatar. The link between the individual and the avatar can be a hard one and its uniqueness can be enforced and guaranteed but it can be obscured from the public.’’ See discussion.

Develop a Decentralised Identity Document (DID), namely a document that defines the entity's unique identity and means of verification? Some propose a Level of Assurance (LoA) score, where high scores are required in critical processes. A solution could be composed of the following elements: (i) Digitization Portal: generate and manage digital identities; (ii) Wallet App: for the user to manage and control their own identity; (iii) Integration API: communication of the identity module with different stakeholder systems.

Christopher Allen: ”The user must be central to the administration of identity. That requires not just the interoperability of a user’s identity across multiple locations, with the user’s consent, but also true user control of that digital identity, creating user autonomy. To accomplish this, a self-sovereign identity must be transportable; it can’t be locked down to one site or locale. A self-sovereign identity must also allow ordinary users to make claims, which could include personally identifying information or facts about a personal capability or group membership. It can even contain information about the user that was asserted by other persons or groups.”

user sovereignty

1. absolute privacy by default,
2. absolute pseudonymity by default,
3. strong, open source encryption always open and standard protocols and formats for all data,
4. what, not who, for authorization and
5. revocable, consent- based power structure.

Tools: Self-Sovereign Identity (SSI) - digital record or container of identity transactions that you control | (cryptographically) proving ownership and allowing a contract-based sharing of identity data

move from the present fixed-identity paradigms to more flexible or fluid frameworks of “entitlements”, to allow the formulation of context-specific and attribute-based identities. enable portability of personal data sets and allow the users to transfer or share such data with organisations of their choice for purposes and under conditions they decide and control

Access

About access to resources, digital of physical

See Sensorica’s Open Access project

See Sensorica’s Blockchain access report paper, some interesting insights about access management in general.

Some ideas

[Tibi] Access credentials can be automatically constructed from contribution / participation data, if the agent allows participation data to be aggregated and associated with some form of digital identity provided by the context. The idea here is to create portable credentials that can be interpreted in other contexts and used. For example, my activity at the Sensorical lab, the use of a 3D printer there, can league digital traces in NRP-CAS and from that data one could build 3D printing usage credentials that can be recognized by other labs, elsewhere. These credentials must be in some way associated with the physical individual, in case this individual presents himself in another lab and wants to gain access to a 3D printer. The other context / lab can verify if these credentials match their own requirements for access. The credentials must be credible / trustworthy. That is a property that can be derived from the original context that has issued the credentials in the first place. But the identity of that place and extra information about the individual can be hidden (zero knowledge proof). In a way, the context (the Sensorica lab) can have credentials for issuing credentials for accessing X or Y, as the lab can be seen as an agent (organization).

Agent profile

A digital identity representation of an agent. Builds on the considerations above about identity. In fact, we can even think that this profile can also have agency, if enhanced with AI, to act on behalf of the real agent in some circumstances, sign contracts based on predefined rules, etc.

Profiles play an important role in self-organisation. They allow other agents and automated processes to evaluate an agent with respect to an action/process.

The profile should also contain information about affiliations, or contexts, organisations, networks in which the agent also operates. This information about affiliations can be used by agents in the context of a project to assess the organic reach into other organisational contexts, beyond the immediate zone of influence of the project or of the OVN.

Profiles should also contain Reputation.