User-centric identity materials
As promised... Here are my slides <https://www.dropbox.com/s/wwxgzpykhq0ja2n/2016Q4-GartnerIAM-UserCentricIdentityStandards-20161129%28revised%29.pdf?dl=0> from the presentation this week, my 2008 slides <https://www.dropbox.com/s/ahsy3eusmdto3pb/Maler-NZIDConf-Apr2008.pdf?dl=0>, and the accompanying journal paper <https://www.dropbox.com/s/fcl0txic8mtrr8k/Maler-NZIDConf-Apr2008-paper-Jan09rev.pdf?dl=0> . *Eve Maler*ForgeRock Office of the CTO | VP Innovation & Emerging Technology Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
Eve, Thanks for the HIE of One pitch. We've added self-sovereign ID to HIE of One using uPort. This now gives the resource owner 4 options for authentication at the UMA AS 1. Direct Login to the AS 2. Whitelisting OIDC IDPs as an option of UMA resource registration 3. Federated login using OIDC 4. Self-sovereign Blockchain ID with linked verifiable claims These 4 options are demonstrated in the latest addition to HIE of One in a 2-minute video: https://youtu.be/FNlAkGauIdw Your recent slides seem somewhat harsh on self-soveriegn ID. Sovrin is just one of the blockchain-based self-sovereign IDs that are currently being standardized <https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2016/blob/master/draft-documents/DID-Spec-Implementers-Draft-01.pdf>. Let's review your concluding slide: 1. The uPort app doesn't require the user to remember either a username or password 2. I'm not sure how to interpret "unilateral user actions" - please elaborate 3. People have rejected federation for anything other than low levels of assurance. A self-sovereign ID can be high assurance while also protecting pseudonimity through separable verifiable claims. 4. Self-sovereign ID respects the needs of RS (strong authentication), AS (open reputation mechanism and verifiable claims, and RqP (triple-blind attribute handling, privacy-preserving claims, on ID app across all domains). 5. I'm not sure how to interpret "consent more meaningful in this context" - please elaborate 6. The limits of federation are now obvious. Standards-based self-sovereign ID seems much more likely to scale. Adrian On Fri, Dec 2, 2016 at 5:01 PM, Eve Maler <eve.maler@forgerock.com> wrote:
As promised... Here are my slides <https://www.dropbox.com/s/wwxgzpykhq0ja2n/2016Q4-GartnerIAM-UserCentricIdentityStandards-20161129%28revised%29.pdf?dl=0> from the presentation this week, my 2008 slides <https://www.dropbox.com/s/ahsy3eusmdto3pb/Maler-NZIDConf-Apr2008.pdf?dl=0>, and the accompanying journal paper <https://www.dropbox.com/s/fcl0txic8mtrr8k/Maler-NZIDConf-Apr2008-paper-Jan09rev.pdf?dl=0> .
*Eve Maler*ForgeRock Office of the CTO | VP Innovation & Emerging Technology Cell +1 425.345.6756 <%28425%29%20345-6756> | Skype: xmlgrrl | Twitter: @xmlgrrl
_______________________________________________ DG-BSC mailing list DG-BSC@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-bsc
-- Adrian Gropper MD PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/
Adrian, Unilateral user actions: "Does the solution enable unilateral user actions that have unambiguously positive outcomes" Does an action by a user gets honored across all the entities in the identity ecosystem, including by the IdPs and more importantly by the RPs (which could be a business). Or does it have side-effects that may be negative to the user. Example: If Alice gives access to a resource and then revokes, do all the other entities make this true. And is there any room for misinterpretation of Alice's intent. /thomas/ ________________________________________ From: dg-bsc-bounces@kantarainitiative.org [dg-bsc-bounces@kantarainitiative.org] on behalf of Adrian Gropper [agropper@healthurl.com] Sent: Monday, December 05, 2016 1:14 AM To: Eve Maler Cc: dg-bsc@kantarainitiative.org Subject: Re: [DG-BSC] User-centric identity materials Eve, Thanks for the HIE of One pitch. We've added self-sovereign ID to HIE of One using uPort. This now gives the resource owner 4 options for authentication at the UMA AS 1. Direct Login to the AS 2. Whitelisting OIDC IDPs as an option of UMA resource registration 3. Federated login using OIDC 4. Self-sovereign Blockchain ID with linked verifiable claims These 4 options are demonstrated in the latest addition to HIE of One in a 2-minute video: https://youtu.be/FNlAkGauIdw Your recent slides seem somewhat harsh on self-soveriegn ID. Sovrin is just one of the blockchain-based self-sovereign IDs that are currently being standardized<https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2016/blob/master/draft-documents/DID-Spec-Implementers-Draft-01.pdf>. Let's review your concluding slide: [cid:ii_iwboeqmk1_158cd9925fe40b58] 1. The uPort app doesn't require the user to remember either a username or password 2. I'm not sure how to interpret "unilateral user actions" - please elaborate 3. People have rejected federation for anything other than low levels of assurance. A self-sovereign ID can be high assurance while also protecting pseudonimity through separable verifiable claims. 4. Self-sovereign ID respects the needs of RS (strong authentication), AS (open reputation mechanism and verifiable claims, and RqP (triple-blind attribute handling, privacy-preserving claims, on ID app across all domains). 5. I'm not sure how to interpret "consent more meaningful in this context" - please elaborate 6. The limits of federation are now obvious. Standards-based self-sovereign ID seems much more likely to scale. Adrian On Fri, Dec 2, 2016 at 5:01 PM, Eve Maler <eve.maler@forgerock.com<mailto:eve.maler@forgerock.com>> wrote: As promised... Here are my slides<https://www.dropbox.com/s/wwxgzpykhq0ja2n/2016Q4-GartnerIAM-UserCentricIdentityStandards-20161129%28revised%29.pdf?dl=0> from the presentation this week, my 2008 slides<https://www.dropbox.com/s/ahsy3eusmdto3pb/Maler-NZIDConf-Apr2008.pdf?dl=0>, and the accompanying journal paper<https://www.dropbox.com/s/fcl0txic8mtrr8k/Maler-NZIDConf-Apr2008-paper-Jan09rev.pdf?dl=0>. Eve Maler ForgeRock Office of the CTO | VP Innovation & Emerging Technology Cell +1 425.345.6756<tel:%28425%29%20345-6756> | Skype: xmlgrrl | Twitter: @xmlgrrl _______________________________________________ DG-BSC mailing list DG-BSC@kantarainitiative.org<mailto:DG-BSC@kantarainitiative.org> http://kantarainitiative.org/mailman/listinfo/dg-bsc -- Adrian Gropper MD PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/
Thomas, HIE of One combines self-sovereign identifiers, verifiable claims, and self-sovereign UMA AS. The self-sovereign components complement each other and avoid introducing federation constraints typical to an IDP. Verifiable claims are the non-self-sovereign component but that doesn't mean federation as I use the term. Verifiable claims make the system triple-blind. I'm not sure why we're choosing to compare Sovrin to anything. uPort, blockstack, and Sovrin can all be used as self-sovereign identifiers under the evolving DID spec https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2016/blob/m... <https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2016/blob/master/draft-documents/DID-Spec-Implementers-Draft-01.pdf> Why not start with the DID spec and verifiable claims as the basis and compare them+UMA to OIDC+UMA? In HIE of One, we use both because I don't see any reason to choose. When you mention "other entities" in your example, I have trouble mapping that into UMA. Can you elaborate? Adrian On Thu, Dec 8, 2016 at 10:32 AM, Thomas Hardjono <hardjono@mit.edu> wrote:
Adrian,
Unilateral user actions: "Does the solution enable unilateral user actions that have unambiguously positive outcomes"
Does an action by a user gets honored across all the entities in the identity ecosystem, including by the IdPs and more importantly by the RPs (which could be a business). Or does it have side-effects that may be negative to the user.
Example: If Alice gives access to a resource and then revokes, do all the other entities make this true. And is there any room for misinterpretation of Alice's intent.
/thomas/
________________________________________ From: dg-bsc-bounces@kantarainitiative.org [dg-bsc-bounces@ kantarainitiative.org] on behalf of Adrian Gropper [agropper@healthurl.com ] Sent: Monday, December 05, 2016 1:14 AM To: Eve Maler Cc: dg-bsc@kantarainitiative.org Subject: Re: [DG-BSC] User-centric identity materials
Eve,
Thanks for the HIE of One pitch.
We've added self-sovereign ID to HIE of One using uPort. This now gives the resource owner 4 options for authentication at the UMA AS
1. Direct Login to the AS 2. Whitelisting OIDC IDPs as an option of UMA resource registration 3. Federated login using OIDC 4. Self-sovereign Blockchain ID with linked verifiable claims
These 4 options are demonstrated in the latest addition to HIE of One in a 2-minute video: https://youtu.be/FNlAkGauIdw
Your recent slides seem somewhat harsh on self-soveriegn ID. Sovrin is just one of the blockchain-based self-sovereign IDs that are currently being standardized<https://github.com/WebOfTrustInfo/rebooting- the-web-of-trust-fall2016/blob/master/draft-documents/ DID-Spec-Implementers-Draft-01.pdf>. Let's review your concluding slide:
[cid:ii_iwboeqmk1_158cd9925fe40b58]
1. The uPort app doesn't require the user to remember either a username or password 2. I'm not sure how to interpret "unilateral user actions" - please elaborate 3. People have rejected federation for anything other than low levels of assurance. A self-sovereign ID can be high assurance while also protecting pseudonimity through separable verifiable claims. 4. Self-sovereign ID respects the needs of RS (strong authentication), AS (open reputation mechanism and verifiable claims, and RqP (triple-blind attribute handling, privacy-preserving claims, on ID app across all domains). 5. I'm not sure how to interpret "consent more meaningful in this context" - please elaborate 6. The limits of federation are now obvious. Standards-based self-sovereign ID seems much more likely to scale.
Adrian
On Fri, Dec 2, 2016 at 5:01 PM, Eve Maler <eve.maler@forgerock.com<mailto: eve.maler@forgerock.com>> wrote: As promised... Here are my slides<https://www.dropbox. com/s/wwxgzpykhq0ja2n/2016Q4-GartnerIAM-UserCentricIdentityStandards- 20161129%28revised%29.pdf?dl=0> from the presentation this week, my 2008 slides<https://www.dropbox.com/s/ahsy3eusmdto3pb/Maler- NZIDConf-Apr2008.pdf?dl=0>, and the accompanying journal paper< https://www.dropbox.com/s/fcl0txic8mtrr8k/Maler-NZIDConf-Apr2008-paper- Jan09rev.pdf?dl=0>.
Eve Maler ForgeRock Office of the CTO | VP Innovation & Emerging Technology Cell +1 425.345.6756<tel:%28425%29%20345-6756> | Skype: xmlgrrl | Twitter: @xmlgrrl
_______________________________________________ DG-BSC mailing list DG-BSC@kantarainitiative.org<mailto:DG-BSC@kantarainitiative.org> http://kantarainitiative.org/mailman/listinfo/dg-bsc
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/
-- Adrian Gropper MD PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/
participants (3)
-
Adrian Gropper
-
Eve Maler
-
Thomas Hardjono