RE: Self-Sovereign Identity Model: Identity and Identity Data Usage Licensing - solution approaches?

Thank you Phil,

As I understand it, Solid’s current permissions model is based on file system-like access control-based ACLs (Read, Write, Control, etc.) …which is significantly different (lower level) than those expected by the SSI model I’ve described below.

Solid, in fact, is a target for the type of functionality I’m envisioning.

Best regards,
Michael

From: Phillip D. Long <phil@rhzconsulting.com>
Sent: January 18, 2021 12:36 PM
To: Michael Herman (Parallelspace) <mwherman@parallelspace.net>
Cc: public-credentials@w3.org
Subject: Re: Self-Sovereign Identity Model: Identity and Identity Data Usage Licensing - solution approaches?

Michael, for personal secure data storage that allows read access on a permissioned transactional basis consider looking further into SOLID’s data pods.

Good luck.

 Phil

Phillip Long, Ph.D., T3 Innovation Network, LER Pilot Projects Community Manager
e: <mailto:phil@rhzconsulting.com> phil@rhzconsulting.com<mailto:phil@rhzconsulting.com>,
SNS: Twitter/Telegram @RadHertz
LinkedIn: https://www.linkedin.com/in/longpd

—
RHz Consulting, LLC.
Inquire-Listen-Design-Prototype-Analyze-Repeat
e:phil@rhzconsulting.com<mailto:phil@rhzconsulting.com>
LinkedIn:http://www.linkedin.com/in/longpd

—
Senior Scholar, Georgetown University
Center for New Designs in Learning & Scholarship (CNDLS)
e: pl673@georgetown.edu<mailto:pl673@georgetown.edu>
—
Schedule me: https://calendly.com/phil-t3/45min




On Jan 18, 2021, at 1:11 PM, Michael Herman (Parallelspace) <mwherman@parallelspace.net<mailto:mwherman@parallelspace.net>> wrote:

I’m looking for projects, technologies, and/or notations/schema for specifying/declaring/processing the terms of a *user driven* SSI identity and identity data usage license presented to a consuming app or service (Consumer).  …for example, being able to declare terms like:


  *   App X can refer to but can not read and persist my content to any external storage system (beyond where the original content currently resides) without my expressed permission.
  *   App X cannot attach it's own ancillary information to my Identity (e.g. DID) without my expressed permission.
  *   App X can read my content but cannot aggregate it (anonymously or not) to create its own new content without my permission.
  *   etc.

I think the overall SSI usage license negotiation process (story?) might looks something like:


  1.  User personally declares their SSI usage terms (claims?) based on their needs and the particular consuming app or service (Consumer)


  2.  User uses software to package their SSI usage terms into an SSI usage license (credential?) …possibly a Presentation of selected Claims from the User’s personal library of SSI usage claims (personal master SSI usage credential)


  3.  In lieu or in advance of a Consumer presenting their Terms of Service, User presents their SSI usage license credential for the Consumer


  4.  [perhaps some sort of semi-automated SSI usage terms negotiation takes place to arrive at an SSI usage contract (SSI usage contract credential) agreeable to both the User and Consumer.]


  5.  A Consent Receipt is sent to both parties along with the negotiated SSI usage contract

Any suggestions?  …in terms of projects, technologies, notations, approaches?

Best regards,
Michael Herman
Self-Sovereign Blockchain Architect
Hyperonomy Digital Identity Lab
Parallelspace Corporation

<image002.jpg>

Received on Monday, 18 January 2021 20:05:25 UTC