W3C home > Mailing lists > Public > public-credentials@w3.org > March 2021

Re: The "self-sovereign" problem (was: The SSI protocols challenge)

From: Taylor Kendal <taylor@learningeconomy.io>
Date: Fri, 26 Mar 2021 11:21:39 -0600
Message-ID: <CA+xGRYK2acd3vfdqrELY+tv_Km9=htYf1_fxhZL=Dk1pZxLbVg@mail.gmail.com>
To: "Michael Herman (Trusted Digital Web)" <mwherman@parallelspace.net>
Cc: Kim Hamilton <kimdhamilton@gmail.com>, Orie Steele <orie@transmute.industries>, Leonard Rosenthol <lrosenth@adobe.com>, "Bill Claxton, NextID Founder & Operations Director" <williamc@nextid.com>, "public-credentials@w3.org" <public-credentials@w3.org>
Thanks all!

Orie, the humor landed exactly as anything "funny" should, which is to
highlight uncomfortable truths hidden in plain sight. There's no* I *without
the *we*.

I tend to take Michael's neutral(ish) view in seeing "SSI"/crypto/web3 as
experiments in social evolution. It's a fairly heavy lift, but this 5-part
series is a great deep-dive with connected threads throughout -
https://waitbutwhy.com/2019/08/story-of-us.html

Wishing everyone well as we wander into the weekend!
TK


On Thu, Mar 25, 2021 at 2:58 PM Michael Herman (Trusted Digital Web) <
mwherman@parallelspace.net> wrote:

> What we’ve gone through is an interesting experiment in Social Evolution
> …in terms of evolving a common set of tribal beliefs…
>
>
>
> A #wanderer is someone who leaves their tribe to share their knowledge and
> wisdom with others; to later form a party of explorers to explore and
> conquer a common set of goals; and, even further on, create a clan, a band,
> a tribe, and a tribal society, a group of people who live and work together
> – a group of tribes organized around kinships.
>
>
>
> To read more, check out:
> https://hyperonomy.com/2019/04/08/social-evolution-and-technology-adoption/
>
>
>
> Michael
>
>
>
> *From:* Kim Hamilton <kimdhamilton@gmail.com>
> *Sent:* March 25, 2021 1:54 PM
> *To:* Orie Steele <orie@transmute.industries>
> *Cc:* Leonard Rosenthol <lrosenth@adobe.com>; Bill Claxton, NextID
> Founder & Operations Director <williamc@nextid.com>;
> public-credentials@w3.org
> *Subject:* Re: The "self-sovereign" problem (was: The SSI protocols
> challenge)
>
>
>
> Thanks for the invitation Orie, I'll pile on.
>
>
>
> As someone who once attempted to define "SSI" in a paper, and in the
> process realized it caused more problems than solutions -- conflating
> technologies, vaguely-aligned principles, and also misunderstanding of what
> tech can/should achieve in implementing the apparent goals -- I decided to
> only use the term "SSI" in scare quotes. It's a distraction to progress.
>
>
>
>
>
>
>
> On Thu, Mar 25, 2021 at 12:44 PM Orie Steele <orie@transmute.industries>
> wrote:
>
> I'll just leave these here:
>
> - https://en.wikipedia.org/wiki/Sovereign_citizen_movement
> -
> https://www.fbi.gov/news/pressrel/press-releases/fbi-expects-a-rise-in-scams-involving-cryptocurrency-related-to-the-covid-19-pandemic
>
> I would love to live in a world where "crypto" didn't imply "currency" and
> where "sovereign" didn't imply disconnected from social and legal norms...
>
> But sadly(?), we cannot control how language and culture evolve.
>
> I think we can all agree that governments, corporations and their less
> common form people (US centric joke), all need identity, confidentiality,
> authentication and authorization in the digital age.
>
> I personally find the term SSI brings almost as much baggage as ICO
> today... maybe it's time for us to find the SSI equivalent of DFI?
>
> The message feels like it should be on twitter, not the ccg mailing list.
>
> Apologies if my humor does not land well with you.
>
> Regards,
>
> OS
>
>
>
>
> On Wed, Mar 24, 2021 at 7:57 AM Leonard Rosenthol <lrosenth@adobe.com>
> wrote:
>
> I should really have said that VCs & DID **need not** be
> decentralized….but that doesn’t change things.
>
>
>
> Bill I have to disagree with your statements below as _*inherent*_ to
> VC’s.  I agree they are properties that **can be** associated with a VC,
> but they don’t have to be.  I think the thing that has you “hung up” is
> statement #2:
>
> > ownership privilege belongs to the identity owner and not the issuer
> (which 'breaks the silo')
>
>
>
> That’s key to SSI, true.  However, as myself and other have pointed out,
> it is not key in any way to VCs which can be used with other types of
> identity.   And once you recognize/accept that, then the rest of your
> positions fall since they are all predicated on that single initial premise.
>
>
>
> Leonard
>
>
>
> *From: *"Bill Claxton, NextID Founder & Operations Director" <
> williamc@nextid.com>
> *Organization: *NextID Pte Ltd
> *Date: *Wednesday, March 24, 2021 at 12:29 AM
> *To: *"public-credentials@w3.org" <public-credentials@w3.org>
> *Subject: *Re: The "self-sovereign" problem (was: The SSI protocols
> challenge)
> *Resent-From: *<public-credentials@w3.org>
> *Resent-Date: *Wednesday, March 24, 2021 at 12:27 AM
>
>
>
> I have been following this discussion with interest.  I disagree that
> (paraphrasing Michael) only the register is decentralised and (quoting
> Leonard) VC and DID are *NOT* decentralized.  Here are some points of
> decentralisation which are inherent to VCs.
>
> - the issuer may delegate data processing and production to one or more
> entities
> - ownership privilege belongs to the identity owner and not the issuer
> (which 'breaks the silo')
> - identity owners have autonomy over what VCs they share and with whom
> they are shared
> - verification services can be created and operate independently of issuers
> - relying parties can verify a VC without reference to the issuer (and
> without being tracked)
>
> In brief - *VC production, usage and verification are all decentralised*
> regardless of whether a blockchain anchor is used to assure immutability.
> I would add that VC storage is separate from a blockchain registry, and
> that storage can also be decentralised using IPFS or similar architectures.
>
> Regards, Bill Claxton (williamc@nextid.com)
> LinkedIn, Facebook, Telegram, Slack, Skype, Twitter or Gmail: wmclaxton
> SG Voice, Text or Whatsapp: +65-9012-4327
> US Voice, Text or Voicemail: +1-415-797-7348
>
>
>
> On 3/24/2021 11:04 AM, Michael Herman (Trusted Digital Web) wrote:
>
> Here’s some simple but precise wording that may appeal to some folks:
>
>
>
> *Digital Identity*
>
> A Digital Identity aggregates:
>
>    1. A Digital Identifier, and
>    2. Associated Digital Identity Data.
>
>
>
> *Decentralized Identity*
>
> A Decentralized Identity is a Digital Identity that is Verifiable.
>
> A Decentralized Identity is often persisted in a Verifiable Data Register.
>
>
>
> The only part that typically relates to *decentralized infrastructure* is
> the Verifiable Data Register.
>
>
>
> Best regards,
>
> Michael
>
>
>
> p.s. Here’s a copy of the big picture that visually relates all of the
> above terms:
> https://hyperonomy.com/2021/03/23/tdw-glossary-the-big-picture/
> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhyperonomy.com%2F2021%2F03%2F23%2Ftdw-glossary-the-big-picture%2F&data=04%7C01%7Clrosenth%40adobe.com%7C1ab657c5eeef42f3e5b408d8ee7d638b%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637521569606502247%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=Jh7W4mBK%2FN%2FOhn76hHp%2BTfay02dysQuXMJ7DF9a6QB4%3D&reserved=0>
>
>
>
> *From:* David Waite <dwaite@pingidentity.com> <dwaite@pingidentity.com>
> *Sent:* March 23, 2021 7:50 PM
> *To:* Jim St.Clair <jim.stclair@lumedic.io> <jim.stclair@lumedic.io>
> *Cc:* Leonard Rosenthol <lrosenth@adobe.com> <lrosenth@adobe.com>;
> Drummond Reed <drummond.reed@evernym.com> <drummond.reed@evernym.com>;
> Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net>
> <mwherman@parallelspace.net>; sankarshan <sankarshan@dhiway.com>
> <sankarshan@dhiway.com>; W3C Credentials CG (Public List)
> <public-credentials@w3.org> <public-credentials@w3.org>
> *Subject:* Re: The "self-sovereign" problem (was: The SSI protocols
> challenge)
>
>
>
> On Tue, Mar 23, 2021 at 2:43 PM Jim St.Clair <jim.stclair@lumedic.io>
> wrote:
>
> “VC and DID are **NOT** decentralized.”
>
>    1. Isn’t the first word in DID decentralized?
>
> The decentralization in DIDs conflates whether it means it represents
> infrastructural decentralization in terms of the impact on reliability of
>  a single point of failure (which just about every internet protocol has
> support for), or decentralization of authority - saying that the
> infrastructure is not run by a single organization but is rather a group of
> parties under a governance model.
>
>
>
> In any case, there is nothing about DID itself that makes it more
> decentralized than your average other URI scheme - it is the DID methods
> which refer to systems which may be _depoyed_ in such a manner to have
> infrastructural and authority decentralization. For all I know, an
> arbitrary DID method might resolve through a PHP script running on a $35/yr
> hosting account.
>
>
>
> The subject may choose to use a DID method that meets their requirements
> here (likely that 99.9% will only do so under guidance, the DID rubric
> document has way more text on this topic). Likewise issuers, verifiers and
> wallets may all choose to reject use of that DID method - supporting a new
> DID method has an unquantified security and reliability cost.
>
>
>
> In terms of deploying "decentralized" technology, there is nothing about
> VCs or DIDs which mandates these concepts of decentralization, or even
> requires a deployment to _allow_ for decentralization. As an example, my
> employer or bank may restrict the DID subject to one they control so that I
> am unable to choose unaudited forms of validation.
>
>
>
> Likewise, there are no DRM-like technical measures to extend a person's
> self-sovereignty outside of their own choice of interactions - a party may
> correlate the user by every piece of information they can get ahold of,
> defeat attempts to use distinct personas, and so on. The inverse is, there
> are no technical reasons you could not use existing protocols like OpenID
> Connect to implement a decentralized system that respects user's consent
> and control - Dick Hardt is attempting to do that with https://signin.org
> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsignin.org%2F&data=04%7C01%7Clrosenth%40adobe.com%7C1ab657c5eeef42f3e5b408d8ee7d638b%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637521569606512206%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=FAlElCrWlElaUAeLFrZAI4NFqgygtCcFX59ES3uwc%2BU%3D&reserved=0>
> as an example. The technology just may have limitations that you would not
> have with a newer protocol choice (as is always the case).
>
>
>
> So basically:
>
> - DIDs and VCs do not mandate organizational decentralization or
> infrastructural decentralization, and implying so both sets unrealistic
> expectations and is negatively impacting adoption
>
> - Self-sovereignty is a societal/legal initiative and construct, not a
> technical one - but there are obviously aspects which make a particular
> technology a better fit for self-sovereignty.
>
>
>
> -DW
>
>
>
>
> *CONFIDENTIALITY NOTICE: This email may contain confidential and
> privileged material for the sole use of the intended recipient(s). Any
> review, use, distribution or disclosure by others is strictly prohibited.
> If you have received this communication in error, please notify the sender
> immediately by e-mail and delete the message and any file attachments from
> your computer. Thank you.*
>
>
>
>
>
>
> --
>
> *ORIE STEELE*
>
> Chief Technical Officer
>
> www.transmute.industries
>
>
>
> <https://www.transmute.industries>
>
>
Received on Friday, 26 March 2021 17:22:54 UTC

This archive was generated by hypermail 2.4.0 : Friday, 26 March 2021 17:22:54 UTC