W3C home > Mailing lists > Public > public-credentials@w3.org > March 2021

Re: The "self-sovereign" problem (was: The SSI protocols challenge)

From: Drummond Reed <drummond.reed@evernym.com>
Date: Tue, 23 Mar 2021 16:33:23 -0700
Message-ID: <CAAjunnacpQ2=Uyk=LUkfTHdrX0uoCjcJGiqgKSVnv9GUjD9evQ@mail.gmail.com>
To: Leonard Rosenthol <lrosenth@adobe.com>
Cc: "Michael Herman (Trusted Digital Web)" <mwherman@parallelspace.net>, sankarshan <sankarshan@dhiway.com>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Leonard, just to clarify, the diagram is labelled "three eras" because it
is meant to convey three broad paradigm shifts in Internet identity, not
specific technical requirements. Ironically whenever I speak to the diagram
I make the point that each of these paradigms is a superset of the era
before it. I'm always explaining that VCs and DIDs can be used with the
other two paradigms. In fact the Introduction section of the W3C DID Core
Specification (which this month went to Candidate Recommendation status)
concludes with this paragraph that I co-authored with Amy Guy:

This specification does not presuppose any particular technology or
cryptography to underpin the generation, persistence, resolution, or
interpretation of DIDs. For example, implementers can create Decentralized
Identifiers based on identifiers registered in federated or centralized
identity management systems. Indeed, almost all types of identifier systems
can add support for DIDs. This creates an interoperability bridge between
the worlds of centralized, federated, and decentralized identifiers. This
also enables implementers to design specific types of DIDs to work with the
computing infrastructure they trust, such as distributed ledgers,
decentralized file systems, distributed databases, and peer-to-peer
networks.



On Tue, Mar 23, 2021 at 1:27 PM Leonard Rosenthol <lrosenth@adobe.com>
wrote:

> That picture, Drummond, is what causes me the most problems in trying to
> get adoption of the various technologies coming from this group.
>
>
>
> VC and DID are **NOT** decentralized.   They can (and SHOULD!) be used
> just as easily with either Centralized or Federated models.
>
>
>
> But people see diagrams like this and take away the message that if they
> wish to adopt VCs and/or DID, that they **MUST** also adopt a
> decentralized model, possibly involving a blockchain.  And that is simply
> not true!!!  I recently spent an hour or so on a call as part of an
> ETSI/ESI (European Standards around security and signatures) meeting trying
> to express to them how they could adopt VC & DID technologies under the
> current eIDAS regulations (which are X.509 based) without having to change
> them to support BC/DLT technologies.
>
>
>
> So I, for one, would ask you to PLEASE stop using that diagram.
>
>
>
> Leonard
>
>
>
> *From: *Drummond Reed <drummond.reed@evernym.com>
> *Reply-To: *"drummond.reed@evernym.com" <drummond.reed@evernym.com>
> *Date: *Tuesday, March 23, 2021 at 12:59 PM
> *To: *"Michael Herman (Trusted Digital Web)" <mwherman@parallelspace.net>
> *Cc: *sankarshan <sankarshan@dhiway.com>, "W3C Credentials CG (Public
> List)" <public-credentials@w3.org>
> *Subject: *Re: The "self-sovereign" problem (was: The SSI protocols
> challenge)
> *Resent-From: *<public-credentials@w3.org>
> *Resent-Date: *Tuesday, March 23, 2021 at 12:57 PM
>
>
>
> Michael, the definition is in the first sentence of Chapter 1:
>
>
>
> Self-sovereign identity—commonly abbreviated SSI—is a new model for
> digital identity on the internet: i.e., how we prove who we are to the
> websites, services, and apps with which we need to establish trusted
> relationships to access or protect pri- vate information.
>
>
>
> That broad definition was a deliberate choice on behalf of Alex Preukschat
> and I as co-authors of the book. SSI is a digital identity model (not just
> an architectural model, but also a governance model) that is significantly
> different than in the digital identity models of the previous two eras of
> Internet trust infrastructure, per this diagram that I now show at the
> start of all my talks on SSI and ToIP to establish the overall context.
>
>
>
>
>
>
>
> On Tue, Mar 23, 2021 at 9:27 AM Michael Herman (Trusted Digital Web) <
> mwherman@parallelspace.net> wrote:
>
> Hi Drummond, I’ve read through Chapter 1 of the Manning book just now (
> https://livebook.manning.com/book/self-sovereign-identity/chapter-1/v-11/88
> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flivebook.manning.com%2Fbook%2Fself-sovereign-identity%2Fchapter-1%2Fv-11%2F88&data=04%7C01%7Clrosenth%40adobe.com%7C9f40c832883c48b97fd908d8ee1d0832%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637521155750894479%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=jWPnWAT3Um3I36LIpyb7GbXBLuDcrHW%2FPI3ZRXmh00o%3D&reserved=0>)
> and couldn’t a succinct nor operational definition for the term/concept of
> Self-Sovereign Identity.
>
>
>
> The chapter talks “all around” the topic of Self-Sovereign Identity but
> didn’t seem to conclude with an actual definition.  Did I miss it?
>
>
>
> Michael Herman
>
> Far Left Self-Sovereignist
>
>
>
> *From:* Drummond Reed <drummond.reed@evernym.com>
> *Sent:* March 23, 2021 10:02 AM
> *To:* sankarshan <sankarshan@dhiway.com>
> *Cc:* W3C Credentials CG (Public List) <public-credentials@w3.org>
> *Subject:* Re: The "self-sovereign" problem (was: The SSI protocols
> challenge)
>
>
>
> +1 to Adrian Doerk's definition in his thesis (which I highly recommend,
> BTW—Adrian's work is very comprehensive and thorough).
>
>
>
> FWIW, even though the forthcoming Manning book
> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.manning.com%2Fbooks%2Fself-sovereign-identity&data=04%7C01%7Clrosenth%40adobe.com%7C9f40c832883c48b97fd908d8ee1d0832%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637521155750894479%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=CjEl7riFRYu4UGMGYdDEHMPPh5NXTvURmCu%2BjO154Jc%3D&reserved=0>
> of which I'm a co-author (along with 54 contributing authors) is titled
> "Self-Sovereign Identity: Decentralized Digital Identity and Verifiable
> Credentials", in the opening chapter we explain the origin of the term and
> then recommend (and enforce throughout the rest of the book) simply calling
> it "SSI"—which is also what I see happening in the market. I predict that
> within the next 2-3 years, many who have become comfortable with the term
> "SSI" won't even know that it is an acronym or what it stands for (just as
> many today don't know what "IBM" or "ATM" stand for).
>
>
>
> As a final point, I was a speaker this morning on a webinar hosted
> by Condatis called "Scaling Digital Trust in Healthcare" where Charlie
> Walton, VP Digital Identity at Mastercard, shared the following slide,
> which is the first time I've seen the term "Commercial SSI".
>
>
>
>
>
>
>
>
>
>
>
> On Tue, Mar 23, 2021 at 6:54 AM sankarshan <sankarshan@dhiway.com> wrote:
>
> On Tue, 23 Mar 2021 at 18:40, Michael Herman (Trusted Digital Web) <
> mwherman@parallelspace.net> wrote:
>
> RE: "Decentralized identity" is a *better* choice. Others use
> "self-asserted," I think this has some of the same socio-cultural issues
> that "Self-sovereign" has.
>
>
>
>    1. QUESTION: Why is there this pervasive (pandemic?) of thinking
>    spreading across so many of our communities (CCG, SF, ToIP, etc.) about
>    giving in to this type of authoritarian, centralizationist thinking?
>    Why are people giving up on self-sovereignty in such large numbers?
>    Reference:
>    https://hyperonomy.files.wordpress.com/2021/02/model-2c.-social-evolution-self-sovereignty-political-spectrum-1.png
>    <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhyperonomy.files.wordpress.com%2F2021%2F02%2Fmodel-2c.-social-evolution-self-sovereignty-political-spectrum-1.png&data=04%7C01%7Clrosenth%40adobe.com%7C9f40c832883c48b97fd908d8ee1d0832%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637521155750904431%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=h8pMnda%2Busued8pDgePUtMT7049rLlUonnSFilyA3Gg%3D&reserved=0>
>
> The representation such as the above often create an all-or-nothing
> inference on the topic of SSI. It feels appropriate to cite a recently
> published work Doerk, Adrian. (2020). The growth factors of self-sovereign
> identity solutions in Europe. 10.6084/m9.figshare.14182586. and especially
>
>
>
> *We use the terminology of self-sovereign identity for describing a
> concept of giving individuals or organizations control over their digital
> identity. The identity resides with the identity subject in question, who
> is central to its administration. Sovereignty implies that individuals are
> equal among peers and are not administered by a central authority. This
> doesn't mean that individuals can suddenly issue themselves a new passport.
> Instead it means that individuals have control over how their personal data
> is shared and used. Moreover, individuals can now choose whether they would
> like to reveal their personal data and also which kind of data they would
> like to share in the event of a transaction or interaction. Through the use
> of cryptographic proofs SSI enables verifiability for all involved parties.*
>
>

image001.png
(image/png attachment: image001.png)

image002.png
(image/png attachment: image002.png)

Received on Tuesday, 23 March 2021 23:33:50 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 23 March 2021 23:33:51 UTC