W3C home > Mailing lists > Public > public-credentials@w3.org > March 2021

Re: The "self-sovereign" problem (was: The SSI protocols challenge)

From: Jeremy Townson <jeremy.townson@gmail.com>
Date: Tue, 23 Mar 2021 19:10:19 +0000
Message-ID: <CAAic94EEgMO-0TbZgrQoM268d43pzrQh-shiAgSe566sDEKWUg@mail.gmail.com>
To: David Chadwick <D.W.Chadwick@kent.ac.uk>
Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Everybody could benefit here by consulting Sam Smith's talk introducing
KERI (given to the SSI meetup). He starts the process of redefining often
overloaded terms more objectively -- 'infrastructure independence' for
instance.

On Tue, 23 Mar 2021 at 18:47, David Chadwick <D.W.Chadwick@kent.ac.uk>
wrote:

> Hi Drummond
>
> your characterisation is interesting but is not either a full or correct
> picture.
>
> Firstly centralised could give a false impression of a single system,
> whereas all your centralised systems are distributed systems
>
> Secondly Federated systems build on the former and cannot work without
> them.
>
> Thirdly Verifiable Credentials are not inherently decentralised. They are
> no more decentralised than X.509 Attribute Certificates. Remember that VC
> IDs are defined as URIs in the standard, not DIDs. And X.509 ACs can bind
> attributes to keys in the same way as VCs do.
>
> Fourthly, I have heard several academics describe blockchains as
> centralised systems, surprising as you may find this.
>
> Fifth, self signed X.509 PKCs are just as decentralised as DIDs.
>
> Kind regards
>
> David
> On 23/03/2021 16:57, Drummond Reed wrote:
>
> Michael, the definition is in the first sentence of Chapter 1:
>
> Self-sovereign identity—commonly abbreviated SSI—is a new model for
>> digital identity on the internet: i.e., how we prove who we are to the
>> websites, services, and apps with which we need to establish trusted
>> relationships to access or protect pri- vate information.
>
>
> That broad definition was a deliberate choice on behalf of Alex Preukschat
> and I as co-authors of the book. SSI is a digital identity model (not just
> an architectural model, but also a governance model) that is significantly
> different than in the digital identity models of the previous two eras of
> Internet trust infrastructure, per this diagram that I now show at the
> start of all my talks on SSI and ToIP to establish the overall context.
>
> [image: image.png]
>
>
> On Tue, Mar 23, 2021 at 9:27 AM Michael Herman (Trusted Digital Web) <
> mwherman@parallelspace.net> wrote:
>
>> Hi Drummond, I’ve read through Chapter 1 of the Manning book just now (
>> https://livebook.manning.com/book/self-sovereign-identity/chapter-1/v-11/88)
>> and couldn’t a succinct nor operational definition for the term/concept of
>> Self-Sovereign Identity.
>>
>>
>>
>> The chapter talks “all around” the topic of Self-Sovereign Identity but
>> didn’t seem to conclude with an actual definition.  Did I miss it?
>>
>>
>>
>> Michael Herman
>>
>> Far Left Self-Sovereignist
>>
>>
>>
>> *From:* Drummond Reed <drummond.reed@evernym.com>
>> *Sent:* March 23, 2021 10:02 AM
>> *To:* sankarshan <sankarshan@dhiway.com>
>> *Cc:* W3C Credentials CG (Public List) <public-credentials@w3.org>
>> *Subject:* Re: The "self-sovereign" problem (was: The SSI protocols
>> challenge)
>>
>>
>>
>> +1 to Adrian Doerk's definition in his thesis (which I highly recommend,
>> BTW—Adrian's work is very comprehensive and thorough).
>>
>>
>>
>> FWIW, even though the forthcoming Manning book
>> <https://www.manning.com/books/self-sovereign-identity> of which I'm a
>> co-author (along with 54 contributing authors) is titled "Self-Sovereign
>> Identity: Decentralized Digital Identity and Verifiable Credentials", in
>> the opening chapter we explain the origin of the term and then recommend
>> (and enforce throughout the rest of the book) simply calling it "SSI"—which
>> is also what I see happening in the market. I predict that within the next
>> 2-3 years, many who have become comfortable with the term "SSI" won't even
>> know that it is an acronym or what it stands for (just as many today don't
>> know what "IBM" or "ATM" stand for).
>>
>>
>>
>> As a final point, I was a speaker this morning on a webinar hosted
>> by Condatis called "Scaling Digital Trust in Healthcare" where Charlie
>> Walton, VP Digital Identity at Mastercard, shared the following slide,
>> which is the first time I've seen the term "Commercial SSI".
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> On Tue, Mar 23, 2021 at 6:54 AM sankarshan <sankarshan@dhiway.com> wrote:
>>
>> On Tue, 23 Mar 2021 at 18:40, Michael Herman (Trusted Digital Web) <
>> mwherman@parallelspace.net> wrote:
>>
>> RE: "Decentralized identity" is a *better* choice. Others use
>> "self-asserted," I think this has some of the same socio-cultural issues
>> that "Self-sovereign" has.
>>
>>
>>
>>    1. QUESTION: Why is there this pervasive (pandemic?) of thinking
>>    spreading across so many of our communities (CCG, SF, ToIP, etc.) about
>>    giving in to this type of authoritarian, centralizationist thinking?
>>    Why are people giving up on self-sovereignty in such large numbers?
>>    Reference:
>>    https://hyperonomy.files.wordpress.com/2021/02/model-2c.-social-evolution-self-sovereignty-political-spectrum-1.png
>>
>> The representation such as the above often create an all-or-nothing
>> inference on the topic of SSI. It feels appropriate to cite a recently
>> published work Doerk, Adrian. (2020). The growth factors of self-sovereign
>> identity solutions in Europe. 10.6084/m9.figshare.14182586. and especially
>>
>>
>>
>> *We use the terminology of self-sovereign identity for describing a
>> concept of giving individuals or organizations control over their digital
>> identity. The identity resides with the identity subject in question, who
>> is central to its administration. Sovereignty implies that individuals are
>> equal among peers and are not administered by a central authority. This
>> doesn't mean that individuals can suddenly issue themselves a new passport.
>> Instead it means that individuals have control over how their personal data
>> is shared and used. Moreover, individuals can now choose whether they would
>> like to reveal their personal data and also which kind of data they would
>> like to share in the event of a transaction or interaction. Through the use
>> of cryptographic proofs SSI enables verifiability for all involved parties.*
>>
>>

image.png
(image/png attachment: image.png)

image001.png
(image/png attachment: image001.png)

Received on Tuesday, 23 March 2021 19:10:46 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 23 March 2021 19:10:47 UTC