@argesric @samsungnext • Give a small taxonomy of useful labels and categories; • Walk you through what a layered conceptual model for identity could be like; • Talk about the privacy implications for how we go about implementing things; • Hopefully convince you that the closer to the edge we process things, the better it is for the user… • … but that the edge does not guarantee privacy. Goals!
@argesric @samsungnext ●Justine Humenansky ●Ricardo J. Méndez ●Gus Warren ●David Crocker (BBW) ●Wesley Dunnington (Ping Identity) ●Jacoby Thwaites (OnFido) ●PG, DJ, AL (*) Work in progress… Samsung NEXT Internet Identity Workshop XXVIII * Didn’t hear back about naming them. Privacy and GDPR, y’all!
@argesric @samsungnext • Specific details about an individual. • Personally-identifying information, such as: • Your name… • Username/password pairs… • Shipping addresses… • Phone and passport numbers. • Facts are involved in verification and authentication. Facts
@argesric @samsungnext • Characteristics emerge from your daily activities, can be scried from the data exhaust: • Personal interests, tastes, habits; • What you avoid; • How you react to things; • Can change through the years; Characteristics are unstructured
@argesric @samsungnext Layer Name Description Examples 7 Application User- or system-level flows that involve identities and other systems Sign-in account recovery, payment, wallet app on smartphone 6 Workflow Protocol flows between connected identities only (external choreography) DID routing (cf. Sam's talk), REST over TCP/IP, SMS & associated data formats/ encryption 5 Transaction How runtime capabilities of an identity are defined and invoked (internal orchestration) Retrieval of attributes including PII, derived PII and their computation, attestations, plug-in capabilities 4 Connection How identities accept connections from other identities and systems Evernym wallet connection with verifier, REST endpoint, DNS janedoe.me 3 Reference How an identity is referenced externally fo[email protected], did:foo:bar, +1650112332, Evernym connection, QR Code 2 Validation What trust system validates an identity ICANN, Bitcoin, PKI, self-signed certs 1 Storage The de minimis form of an identity that means it exists A blockchain entry, disk connected to a virtual server, a database record on the cloud or a smartphone, a DID record * WIP. Created during two sessions at the MV Internet Identity Workshop, May 2019 7-Layer Conceptual Model of Identity*
@argesric @samsungnext Layer Name Description Examples 7 Application User- or system-level flows that involve identities and other systems Sign-in account recovery, payment, wallet app on smartphone 6 Workflow Protocol flows between connected identities only (external choreography) DID routing (cf. Sam's talk), REST over TCP/IP, SMS & associated data formats/ encryption 5 Transaction How runtime capabilities of an identity are defined and invoked (internal orchestration) Retrieval of attributes including PII, derived PII and their computation, attestations, plug-in capabilities 4 Connection How identities accept connections from other identities and systems Evernym wallet connection with verifier, REST endpoint, DNS janedoe.me 3 Reference How an identity is referenced externally fo[email protected], did:foo:bar, +1650112332, Evernym connection, QR Code 2 Validation What trust system validates an identity ICANN, Bitcoin, PKI, self-signed certs 1 Storage The de minimis form of an identity that means it exists A blockchain entry, disk connected to a virtual server, a database record on the cloud or a smartphone, a DID record 7-Layer Conceptual Model of Identity* * WIP. Created during two sessions at the MV Internet Identity Workshop, May 2019
@argesric @samsungnext Layer Name Description Examples 7 Application User- or system-level flows that involve identities and other systems Sign-in account recovery, payment, wallet app on smartphone 6 Workflow Protocol flows between connected identities only (external choreography) DID routing (cf. Sam's talk), REST over TCP/IP, SMS & associated data formats/ encryption 5 Transaction How runtime capabilities of an identity are defined and invoked (internal orchestration) Retrieval of attributes including PII, derived PII and their computation, attestations, plug-in capabilities 4 Connection How identities accept connections from other identities and systems Evernym wallet connection with verifier, REST endpoint, DNS janedoe.me 3 Reference How an identity is referenced externally fo[email protected], did:foo:bar, +1650112332, Evernym connection, QR Code 2 Validation What trust system validates an identity ICANN, Bitcoin, PKI, self-signed certs 1 Storage The de minimis form of an identity that means it exists A blockchain entry, disk connected to a virtual server, a database record on the cloud or a smartphone, a DID record 7-Layer Conceptual Model of Identity* * WIP. Created during two sessions at the MV Internet Identity Workshop, May 2019
@argesric @samsungnext Layer Name Description Examples 7 Application User- or system-level flows that involve identities and other systems Sign-in account recovery, payment, wallet app on smartphone 6 Workflow Protocol flows between connected identities only (external choreography) DID routing (cf. Sam's talk), REST over TCP/IP, SMS & associated data formats/ encryption 5 Transaction How runtime capabilities of an identity are defined and invoked (internal orchestration) Retrieval of attributes including PII, derived PII and their computation, attestations, plug-in capabilities 4 Connection How identities accept connections from other identities and systems Evernym wallet connection with verifier, REST endpoint, DNS janedoe.me 3 Reference How an identity is referenced externally fo[email protected], did:foo:bar, +1650112332, Evernym connection, QR Code 2 Validation What trust system validates an identity ICANN, Bitcoin, PKI, self-signed certs 1 Storage The de minimis form of an identity that means it exists A blockchain entry, disk connected to a virtual server, a database record on the cloud or a smartphone, a DID record 7-Layer Conceptual Model of Identity* * WIP. Created during two sessions at the MV Internet Identity Workshop, May 2019
@argesric @samsungnext Layer Name Description Examples 7 Application User- or system-level flows that involve identities and other systems Sign-in account recovery, payment, wallet app on smartphone 6 Workflow Protocol flows between connected identities only (external choreography) DID routing (cf. Sam's talk), REST over TCP/IP, SMS & associated data formats/ encryption 5 Transaction How runtime capabilities of an identity are defined and invoked (internal orchestration) Retrieval of attributes including PII, derived PII and their computation, attestations, plug-in capabilities 4 Connection How identities accept connections from other identities and systems Evernym wallet connection with verifier, REST endpoint, DNS janedoe.me 3 Reference How an identity is referenced externally fo[email protected], did:foo:bar, +1650112332, Evernym connection, QR Code 2 Validation What trust system validates an identity ICANN, Bitcoin, PKI, self-signed certs 1 Storage The de minimis form of an identity that means it exists A blockchain entry, disk connected to a virtual server, a database record on the cloud or a smartphone, a DID record 7-Layer Conceptual Model of Identity* * WIP. Created during two sessions at the MV Internet Identity Workshop, May 2019
@argesric @samsungnext https://www.nytimes.com/2019/05/07/opinion/google-sundar-pichai-privacy.html “We'll take all your data and just not sell it directly.” (Paraphrasing)
@argesric @samsungnext https://www.facebook.com/notes/mark-zuckerberg/a-privacy-focused-vision-for-social-networking/10156700570096634/ “We’re going to be private because we’ll be encrypted.” (Paraphrasing)
@argesric @samsungnext • If you trust… • Their pinky-swear promise of not being evil; • They will properly implement controls so that no employees can abuse their power; • They are infallible engineers whose data will never leak; • Not like, say, people who keep passwords in cleartext… • … for over 14 years. * • Then that’s fine, I guess. Pinky-swear privacy involves trust * https://www.businessinsider.com/google-g-suite-passwords-stored-plaintext-2019-5
@argesric @samsungnext • I am online usually in a specific time zone, • Which IP addresses my connections come from, • That I got served ads that skew towards movies and anime, • That I click on ads about cat food every 3-4 weeks, • That I never click on ads about nearby KFCs. Encryption != Privacy Five data points…
@argesric @samsungnext Facebook announced a $3-5Bn fine. Their valuation shot up by $40Bn. https://www.washingtonpost.com/technology/2019/04/24/facebook-sets-aside-billions-dollars-potential-ftc-fine/
@argesric @samsungnext • Regulation and fines aren't going to get us out of this mess; • People won't leave because of scandals or screw-ups (or they'd have done it already); • People won't switch because your solution is more ethical - we already have those, and people don't use them. If you’re working on identity
@argesric @samsungnext “Government must come to be the place where the most basic online identity will be grounded in the long term.” Jaron Lanier, Who Owns the Future?
@argesric @samsungnext Online identity must be self- sovereign. Christopher Allen, The Path to Self-sovereign Identity https://www.lifewithalacrity.com/2016/04/the-path-to-self-soverereign-identity.html