Adrian,
Unilateral user actions: "Does the solution enable unilateral user actions that have unambiguously positive outcomes"
Does an action by a user gets honored across all the entities in the identity ecosystem, including by the IdPs and more importantly by the RPs (which could be a business). Or does it have side-effects that may be negative to the user.
Example: If Alice gives access to a resource and then revokes, do all the other entities make this true. And is there any room for misinterpretation of Alice's intent.
/thomas/
________________________________________
From: dg-bsc-bounces@kantarainitiative.org [dg-bsc-bounces@kantarainitiative.org] on behalf of Adrian Gropper [agropper@healthurl.com]
Sent: Monday, December 05, 2016 1:14 AM
To: Eve Maler
Cc: dg-bsc@kantarainitiative.org
Subject: Re: [DG-BSC] User-centric identity materials
Eve,
Thanks for the HIE of One pitch.
We've added self-sovereign ID to HIE of One using uPort. This now gives the resource owner 4 options for authentication at the UMA AS
1. Direct Login to the AS
2. Whitelisting OIDC IDPs as an option of UMA resource registration
3. Federated login using OIDC
4. Self-sovereign Blockchain ID with linked verifiable claims
These 4 options are demonstrated in the latest addition to HIE of One in a 2-minute video: https://youtu.be/FNlAkGauIdw
Your recent slides seem somewhat harsh on self-soveriegn ID. Sovrin is just one of the blockchain-based self-sovereign IDs that are currently being standardizedhttps://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2016/blob/m.... Let's review your concluding slide:
[cid:ii_iwboeqmk1_158cd9925fe40b58]
1. The uPort app doesn't require the user to remember either a username or password
2. I'm not sure how to interpret "unilateral user actions" - please elaborate
3. People have rejected federation for anything other than low levels of assurance. A self-sovereign ID can be high assurance while also protecting pseudonimity through separable verifiable claims.
4. Self-sovereign ID respects the needs of RS (strong authentication), AS (open reputation mechanism and verifiable claims, and RqP (triple-blind attribute handling, privacy-preserving claims, on ID app across all domains).
5. I'm not sure how to interpret "consent more meaningful in this context" - please elaborate
6. The limits of federation are now obvious. Standards-based self-sovereign ID seems much more likely to scale.
Adrian
On Fri, Dec 2, 2016 at 5:01 PM, Eve Maler