Thanks Eve. 

I’m looping in Andy Tobin and Drummond Reed. I’ll put a few answers below, but they will probably have other, better ones. :) 

On Nov 26, 2016, at 3:22 PM, Eve Maler <eve.maler@forgerock.com> wrote:

Hey Phil! Hope you're doing well. Cc'ing Thomas here... Based on BSC group discussion over the past few weeks, and reviewing the Sovrin materials, Thomas and I put together a few followup questions on Sovrin for you and Andy. Thanks very much in advance for any thoughts in response...

• In the Sovrin vision, how is the challenge of big data inferences and data fusion seen -- that is, the effects of correlatability in the face of sharing small amounts of data (sometimes just behavioral)?

Sovrin doesn’t address the correlation of data except where that data is identity data specifically linked in Sovrin. Sovrin allows identity owners to create unique DID (digital identifiers) for each relationship to avoid correlation via those identifiers. Of course, of the identity owner then shares a mobile number with two orgs, they can correlate with that. That is outside the scope of Sovrin. 

• How would “right to erasure”/”right to be forgotten” requirements be managed?

Identity owners typically interact with Agencies, organizations that provide identity services to identity owners, run policy engines on their behalf, etc. They would have a right to be forgotten in so far as those agencies had jurisdiction in countries that required it and had identifying data on them (account information). 

Data written to the ledger itself is not erasable. It can be revoked, but the original data on the ledger remains. However, as a general rule, the data written to the ledger is not personal identifying. Best practice is to write that into an appropriate data store and reference it from the ledger. So, deleting it where it lives would delete the data but not necessarily a record that it existed. 

• Thinking of IdPs “becoming identity proofers”, Is it correct to say that a former IdP would become a Sovrin steward in an issuer role and would do proofing as part of provisioning, or is there some further role for former IdPs?

Not necessarily a Steward. There will be relatively few Stewards (around 100). Stewards run the nodes the record transactions on the ledger. A separate Agency function provides DID issuance services, policy services, and identity data management. One of the purposes of an Agency (see The Inevitable Rise of Self-Sovereign Identity) is to provide storage for off-chain assets. 

https://www.sovrin.org/The%20Inevitable%20Rise%20of%20Self-Sovereign%20Identity.pdf

• Is there a notion of “data controllership” (the privacy concept), where an online service has an interest in and accountability for the data? How does this fit with plans for the forthcoming Sovrin Steward Agreement, regarding both issuers and readers?

Drummond? Andy? 

• Is it anticipated that the Sovrin economic model (and/or something else) protects against reputation and trust anchors being susceptible to a Sybil attack?

This is an active area of discussion. Drummond has an entire Google Doc he can share. 

• If there’s some rival but similar identity ecosystem with its own issuers and readers, would the ecosystems have some way to interoperate?

Yes, that’s the point of Digital Identifiers (DID’s) and DID Descriptor Objects. Drummond probably has more here. 

• What about storing data about, and controlling access to, non-individual identities, such as smart things, enterprises, or applications? Would those just use different systems?

Sovrin is designed to be used by individuals and organizations to manage identities for themselves and all the things they care about. There’s no reason Sovrin couldn’t be used for the IoT, but those identifiers and associated data would belong to the person who owns the things. Identity owners (people and organizations) can create as many DIDs as they need to for whatever purposes they have. 

Eve Maler
ForgeRock Office of the CTO | VP Innovation & Emerging Technology
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl

On Sun, Oct 23, 2016 at 5:04 PM, Phil Windley <phil@windley.org> wrote:

Cool. Appreciate the opportunity to contribute. If you need attribution, that was from Andrew Tobin. 

Have fun this week. Talk soon. 

On Sun, Oct 23, 2016 at 5:42 PM -0600, "Eve Maler" <eve.maler@forgerock.com> wrote:

Belated ack/thanks for this! I'm going to send it to our DG for question and comment as we work through it. What we publish may be a combination of quoted sections, paraphrases, commentary, and so on, and since we do our work in the open anyway, of course we'll invite and welcome comment back on the draft.

Eve Maler
ForgeRock Office of the CTO | VP Innovation & Emerging Technology
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl

The ForgeRock Identity Summit is coming to Paris in November!

On Fri, Oct 14, 2016 at 8:30 AM, Phil Windley <phil@windley.org> wrote:

Here’s some answers to the questionnaire. Let me know if something doesn’t make sense or needs more explanation. 

Deficits and benefits of how the problem space was/is being solved

The Internet was built without a standard, explicit way of identifying people or organisations. So websites simply began offering their own local accounts with usernames and passwords, and this has been the predominant solution ever since. 

But the Internet has expanded hugely, and people use more and more services daily. This silo-based approach, where users must maintain identities for every site they interact with, has become untenable. It is not just a usability disaster for individuals, it also creates a multitude of data honeypots for hackers—the breach of which compromises trust in all Internet services. 

To solve this problem we have tried to connect different identity silos together in various federated models. However these have produced inadvertent side effects such as concentrating control around a small number of providers, correlation of personal data through multiple seemingly unrelated transactions, increasing data leakage through inadvertent sharing, and raising privacy concerns, all while not actually giving the individual real control. At the same time, there is a growing economic inefficiency when organisations all around the world have to collect, store and protect the same sort of personal data in their own silos. It is reaching a tipping point. 

The next evolution of the Internet will be the creation of a common identity layer that allows people, organisations and things to have their own self-sovereign identity—a digital identity they own and control, and which cannot be taken away from them. Self-sovereign identity is the natural evolution of an ecosystem which has moved faster than its supporting capabilities.

Proposed benefits of the new solution space

To create the long-missing identity layer of the Internet, a new, trusted infrastructure is required which enables identity owners to share not only identity, but also verified attributes about people, organizations and things, with full permission and consent. 

 

For identities to be truly self-sovereign, this infrastructure needs to reside in an environment of diffuse trust, not belonging to or controlled by any single organisation or even a small group of organisations. Nobody can “turn the lights out”. Distributed ledger technology (DLT) is the breakthrough that makes this possible. It enables multiple institutions, organisations and governments to work together for the first time by forming a decentralised network much like the Internet itself, where data is replicated in multiple locations to be resistant to faults and tampering.

 

When combined with distributed key management and peer-to-peer sharing of encrypted claims, DLT is what finally makes self-sovereign identity possible. Within this identity layer, mechanisms for discovery, routing of requests, secure exchange of information and management of consent, under the full control of the identity owner, finally becomes possible.

 

The Sovrin Identity Network has been design specifically to deliver a globally scalable self-sovereign identity solution. But to be truly self-sovereign, it cannot be owned by anyone. Similarly, to be fully trusted, and to avoid the pitfalls of other initiatives in the distributed ledger space, Sovrin needs a lightweight governance layer. To achieve this, the developers of Sovrin have given away the source code to the Sovrin Foundation, a not-for-profit organisation whose role is to provide a thin layer of governance to Sovrin while not owning or managing any infrastructure. The Sovrin Foundation ensures the effective distribution of the decentralised network and ensures that the network itself functions in the best interest of its users.

Different approaches being taken in the new solution space, e.g. if other approaches are being taken outside of Sovrin

Early examples of identity solutions using distributed ledger technology used ledgers built for other purposes such as the Bitcoin ledger, or general purpose ledgers such as Ethereum. While these capabilities are able to provide fairly simple proofs that something took place on a certain date & time, they are not dedicated to the particular nuances of the identity ecosystem such as non-correlation, revocation and anonymous zero-knowledge proofs. 

 

They also lack governance. For example, the need to secure the network by using hashing power has resulted in a concentration of Bitcoin mining in China. Who are these miners, do we trust them, do they jointly exert too much influence. What governance is in place? The recent forking of Ethereum has also shown the consequences of a lack of governance and direction.

 

Sovrin is the first public-permissioned distributed ledger. It is publicly accessible by anyone, but in order to run one of the nodes which validates the integrity of the network, you need to be permitted to and you must abide by certain rules which include the Sovrin Trust Framework. 

 

Non-distributed ledger solutions are attempting to paper over the problems with silo-based identity. Examples are federated identity models such as the gov.ukVerify system, which uses attribute sharing hubs and identity providers to move information from one silo to another, but without giving the identity owner real control. Personal information management solutions are going a step further, in enabling identity owner control of their data, but are still somewhat lacking in portability and therefore remain as silos.

Strengths, weaknesses, risks, and open issues being seen in practice

The ability for an identity owner to assert multiple verifiable claims about their identity, anonymously if required, and without possibility of correlation, is central to the architecture of Sovrin. With discovery capabilities to ensure that party A can confirm the identity of party B, and vice versa, direct party-to-party data sharing can take place with no need for intermediaries and with full evidence of consent. 

By replacing intermediaries with protocols, immediate digital identity verification can take place with no 3^rd party involvement. There are too many benefits to list, bur here are a few that we are working on: instant employment screening; frictionless bank KYC, identity for the stateless, fast online checkout, globally portable digital identity for travellers, and vaccination recording for developing countries.

Challenges to adoption of Sovrin are those typical of a two-sided market. Both identity issuers and relying parties need to come on board. Sovrin partners are taking a simple approach to this – the initial partners will be both issuers and relying parties. They will provide new identity services for their users to be utilised within their own ecosystem. These islands of functionality will expand and intersect with other islands, and individuals will find that they can use their identity information from one issuer with a completely different relying party. In other cases, coalitions of organisations which are all trying to solve the same problem are coming together to create an ecosystem where they can all use Sovrin to their mutual benefit.

The other major challenge is an educational one. Trying to explain self-sovereign identity to a layman is difficult. Because people have been brought up to understand that the only way the internet works is to give their details to many different organisations repeatedly, they cannot conceive of a better way. Being able to get across the power of every individual having their own digital identity which they control and own and which cannot be taken away, is a new concept which needs to be communicated effectively.

Whether other technologies and techniques are being brought to bear (you can see a list of technologies and techniques we are analyzing in our report TOC)

Sovrin enables/uses the following

-          Public-permissioned distributed ledger technology based on the Plenum Consensus Protocol, involving multiple specialised legers (identity ledger, config ledger etc)

-          Verifiable claims

-          Anonymous credentials

-          Revocation, anonymous if required

-          Distributed and cryptographic identifiers

-          Link contracts & consent receipting

-          Persistent P2P messaging endpoints

-          Key discovery, management recovery & rotation

-          Portable off-ledger private data storage e.g. IPFS/BigChainDB etc.

-          Identity, relationship and reputation graphs

-          3^rd party attested and self-attested claims

On Oct 11, 2016, at 9:41 AM, Eve Maler <eve.maler@forgerock.com> wrote:

Hi Phil-- Thanks for being willing to help the Blockchain and Smart Contracts group understand what Sovrin is doing in the context of our analysis efforts!

If you look at the first paragraph of our draft report's introduction, you'll see a statement of our scope:

• Solving use cases for empowering traditionally disempowered parties (such as individuals)
• taking part in transactions (such as entering into contracts and information-sharing agreements)
• with parties that traditionally hold greater power (such as companies and large countries)
• in the context of decentralization technologies and techniques (such as blockchain and smart contracts)
• and their mixture with identity (both in the course of conducting business/legal transactions and to solve digital identity use cases).

Our Discussion Group is time-boxed to six months, and so we plan to go into only as much depth as can be covered in this time frame. (We started in July!)

With all of this in mind, could you please comment on the following aspects of Sovin?

• Deficits and benefits of how the problem space was/is being solved
  
• Proposed benefits of the new solution space
  
• Different approaches being taken in the new solution space, e.g. if other approaches are being taken outside of Sovrin
  
• Strengths, weaknesses, risks, and open issues being seen in practice
  
• Whether other technologies and techniques are being brought to bear (you can see a list of technologies and techniques we are analyzing in our report TOC)
  

Many thanks! If you have any questions, or would like to discuss responses in a phone call, don't hesitate to let me know.

Eve Maler
ForgeRock Office of the CTO | VP Innovation & Emerging Technology
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
ForgeRock Summits are coming to London and Paris!