Identity: Research

[pgte]

Research mechanisms for nodes to provide, transmit and prove identity of actors in a decentralised web application that uses IPFS.

[pgte]

Some links to the latest research I've been following:

• A Gentle Introduction to Self-Sovereign Identity
• Decentralised Identity Foundation
• Rebooting Web-of-Trust
• Decentralized Public Key Infrastructure

cc // @b5

[pgte]

Just found another source of definitions on Self-Sovereign Identity, this time from Sovrin (which IBM just joined):
https://sovrin.org/wp-content/uploads/2018/03/Sovrin-Protocol-and-Token-White-Paper.pdf

//cc @b5

[b5]

Thanks for the links @pgte, I've started compiling research into a hackpad:
https://hackmd.io/s/H17TwVqsz
I'm going to keep cranking on that until I feel up to speed on the DID (Distributed Identity) & SSI (Self Soverign Identity) landscape. Others, feel free to edit!

[pgte]

@b5 That's awesome, keep us posted!

[pgte]

Interesting paper to read regarding Self-Sovereign Identity (SSI):
Technical details of Sovrin:

[lanzafame]

@pgte I am linking to this ipfs/notes#292 here as a more complex use case for identities. I haven't elaborated the identities part thoroughly yet, but there are quite a few scenarios that I learnt about when participating in the medical software industry that I think would be beneficial to at least be aware of when designing ipfs identity system. I will try and get them up by the next WG meeting, which I will also attempt to attend, but no guarantees as it is 1 am for me.

[pgte]

@lanzafame thank you for those notes, they're super helpful!
@satazor are working on something that will lead to a collaborative knowledge-base, where they have many of these problems, he should take a look at your notes!

Obviously, the medical industry has very strong requirements regarding these subjects, with strong emphasis in identity self-sovereignty, privacy, etc. It's invaluable that you bring your knowledge to the table! :)

Also adding @joaosantos15, he's been helping us out a lot with figuring out the identity system.

[pgte]

This may interest you: Identity Management RFC: peer-base/peer-star#14

[pgte]

May be interesting checking out this article: Managing Identity with a UI for ERC 725

(via @satazor)

[satazor]

The IdentityManager proposed on peer-base/peer-star#15 is very similar to what the UI for ERC 725 is but with a few differences:

• The IdentityManager embraces several DID methods and, as a consequence, several blockchains. We will probably focus on Ethereum based DID methods first, such as uport or erc725, as Ethereum is more widely adopted and stable. You may check registry for all the available DID methods.
• The IdentityManager is, for now, focused on a subset of Verifiable Claims: self-signed Verifiable Claims on social networks. Still, as noted in the Identity RFC & Research peer-base/peer-star#15 RFC, we should later consider all types of Verifiable Claims.
• It's just a UI and doesn't seems to interact with DApps directly. This makes it harder for DApps developers to KYC and to handle sessions.
• They do not tackle the problem of users interacting with DApps on several devices. It's sub-optimal to have the private key of the Wallets being replicated cross-devices. Our proposal solves this by embracing "Delegate Keys" whenever the DID method supports them. Delegate keys are regular keys that are also listed in the DID Document but have granular capabilities, like used only for authentication and signing.

[lanzafame]

@pgte @satazor @b5 @joaosantos15 Sorry, got bogged down in cluster stuff, but I have updated the ipfs/notes#292 issue with the first identity scenario (it is at the bottom, apparently markdown anchors don't work in GitHub issues 😞 ) and it is a scenario I believe, though would love to be corrected, doesn't have a solution within any existing identity/auth infrastructure. Would love to hear some feedback 😄

[pgte]

Research culminated in the peer-star Identity RFC & Research PR.

[aschrijver]

I was wondering if anyone could provide some good pointers to DID and SSI initiatives and projects that do not involve blockchain? Or is peer-star such project? Just asked at DID spec too: w3c-ccg/did-spec#113

[satazor]

Yes, the blockchain is not a requirement. There’s a working (although outdated) DID method on IPFS, see https://github.com/jonnycrunch/ipid

This did method will probably be the first one to be supported in the IDM project that is referenced in the RFC that @pgte linked.

[aschrijver]

Thank you @satazor I'll continue to follow the development.