Though we were unable to have a design workshop, some planned participants produced collaborative papers virtually.
by Dr. Carsten Stöcker (Spherity GmbH), Dr. Samuel M. Smith (ProSapien LLC), Co-author (editor): Dr. Juan Caballero (Spherity GmbH)
The cyberworld in which we spend our days — and upon which our lives depend — is built on weak security guarantees at the atomic level of the informational stack, and it is becoming more and more justified to question their longevity as building blocks. From nation-states trying to sway elections with fake news to ransomware that shuts down hospitals, we are living in a "Wild West" in which seemingly any data, or any transaction, may be compromised if interested parties devote enough resources to the attack. And like travellers in a lawless frontier, we are left to scan the horizon constantly for trouble, scrambling to plug the leaks in defences we cannot trust completely.
The objective of this paper is to describe a mechanism for protecting DIDs using existing ciphers for signing during the transition phase to a fully quantum-secure decentralised identity infrastructure. This mechanism is designed to support DIDs but its core mechanisms are identifier-independent and DID:method-independent. Analysis of secure key-management solutions for multiple keys and quantum-resistant ciphers for signing are beyond the scope of this paper and assumed to progress in parallel. This paper describes a quantum-resistant architecture for today's non-quantum-resistant ciphers*, intended to be retrofitted to existing systems.
We also have great Topics & Advance Readings on interesting subjects. Read them over, consider what people are concerned about right now in the field, and think about whether you'd like to advance these topics at RWOT11.
Delegated Authorization - The Alice to Bob Use Case
- by Adrian Gropper
- "Identity, identifiers and credentials are not an end in themselves. They are essential ingredients, among others, for practical transactions involving multiple parties. Decentralization challenges transaction protocols that support self-sovereignty for individuals in highly asymmetric relationships with institutions. The Alice to Bob Use Case merges the SSI and open authorization domains to speed adoption of emerging standards while also promoting decentralization."
- #did #web #outreach #authorization #storage
- by Erica Connell and Joe Andrieu
- A creative brief for a proposed 1 minute animation on decentralized identity
- #creative #communications #outreach
Credential Types for Compliance
- by Rieks Joosten
- Creating what one might call an SSI infrastructure is one thing, actually using it is quite another. A prerequisite for using it is a positive business case, and for may, also (provable) compliance with applicable laws, regulations and policies. This paper aims to come to grips with this compliance aspect.
- While the contents and structure are intentionally left open, an illustration is given of how this might work, using the Mya use-cases of the whitepaper on guardianship of the Sovrin Guardianship Task Force. It also gives a basis for discussing/developing credential types for compliance-related purposes, such as for guardianship, mandates and delegation.
- #compliance #jurisdiction #guardianship #mandates #delegation
- by Tarek El-Gillani ([email protected])
- "Using VCs and Trusted Execution Environment, Applications developers/providers can demonstrate to end-users that they indeed restrict access to their private data for the agreed-upon purpose and time duration."
- #tee #vc #privacy
- by Ivan Herman
- "The DID (and VC) Use Cases documents have a number of interesting use cases, from health care application to university credentials, or from corporate tax issues to travel documents. There is, however, comparatively little about what the use cases and requirements are on the relationship of DIDs (and VC's) and the Web."
- #did #web #semanticweb #outreach
- by Markus Sabadello
- "Matrix parameters are a syntax component of DID URLs that make it possible to include parameters for the DID resolution process in a DID URL. This topic paper discussed why the community introduced matrix parameters in DID URL syntax, and how their use is different from the more familiar query parameters."
- #did #url #matrixparameters
Interplanetary Linked Data (IPLD) using CBOR and COSE-signed payloads
- by jonnycrunch
- "In this paper, I aim to discuss Concise Binary Object Representation (CBOR), which is the native data format used when storing IPLD objects and why it is a superior document syntax for representing DID documents. In making my case, I will also explain how content addressing through hash-based linking is a better approach as compared to JSON-LD and how to cryptographically sign a CBOR data in IPLD using COSE."
- #did #ipld #cbor #cose
- by Carsten Stöcer
- "To address the risk of the advent of quantum computers for decentralized identity solutions, we propose to introduce a simple method using one-time signing keys and key rotation to protect our digital identity while using existing cryptographic ciphers for signing and hashing. Sam Smith's KERI is a potential candidate for implementing the proposed method. This approach shall allow us already today to prepare for the age of quantum attacks on our identity infrastructure."
- #did #KERI #KERL #Quantum #Computing #KeyRotation
- by Eric Welton
- "How does verifying a pre-existing credential differ from primary issuance. How can the act of bearing witness to a credential become part of the digital ecology - or does it have no place at all?"
- #ssi-lite
Building a Self-Issued OpenID Connect Provider
- by Peter Saxton
- What is the smallest step towards adopting a system of decentralized credentials? Can we build a compelling Self-Issued OpenID Connect Provider today.
- #authentication #web #oidc
Digital Wallets: Interoperability support for multiple data hubs, data services and portability
- by Ron Kreutzer
- Multiple data hubs/vaults/lockers will likely exist in a user's identity ecosystem, and digital wallets must be able to interact with a variety of storage providers as well as data services that act upon this data. A set of standards or operating principles need to exist to allow interoperability as well as portability that allow a user to swap digital wallet providers.
- #digitalwallet #datavault
- by Juan Caballero
- A set of heuristics that could help documentation of best-practices and not-best-practices be widely understood by technical and non-technical readers with a wide range of levels of experience and agendas.
- #documentation #compliance #ssi-lite #bestpractices
An Encrypted Data Vault Sprint
- by Manu Sporny
- "A list of suggestions on work that could be completed at RWOT10 to move the Encrypted Data Vault specification forward."
- #ssi #storage #edv
Using Registries to Facilitate Interoperability
- by Michael B. Jones
- This topic paper will explore how and why registries are used in practice to facilitate interoperability among software systems implementing a standard.
- #registries #interoperability #extensibility #experiences #lessons
Sharing Personal Health Data to Improve Treatment of Chronic Conditions
- by Benay Dara-Abrams
- "Believing that no single app or device provides all the information for an individual's health story, Open mHealth is focused on making patient-generated data from disparate sources accessible, developing the IEEE P1752 Standard for Mobile Health Data to harmonize and help make sense of digital health data. I would like to work with others to develop scenarios demonstrating how decentralized digital identity can help in protecting Personally Identifiable Information (PII), Personal Information (PI), and Protected Health Information (PHI) while facilitating sharing of personal health data to improve monitoring and treatment of chronic conditions."
- #use-case #open-mhealth #did #ieee-p1752
- by Moses MA
- We propose to facilitate the collaborative drafting of a technical paper that describes the principles and key design considerations for verifiable “physical address” claims. The global postal network now seeks to understand the “decentralization revolution” and help to develop game-changing, blockchain-powered new business models for the world. We believe that, in turn, the active endorsement, support and participation of the global postal industry could provide a tipping point for adoption of DIDs and VCs. This is a first step toward that desired future.
- #did #vc #physical-address
- An Encrypted Data Vault Sprint
- An RWOT Animation Project
- Bearing Witness
- Building a Self-Issued OpenID Connect Provider
- Credential Types for Compliance
- Delegated Authorization - The Alice to Bob Use Case
- Digital Wallets: Interoperability support for multiple data hubs, data services and portability
- DID and the Web
- Interplanetary Linked Data (IPLD) using CBOR and COSE-signed payloads
- Mapping Adequacies
- Quantum Secure DIDs
- An RWOT Animation Project
- Sharing Personal Health Data to Improve Treatment of Chronic Conditions
- TEE & VC As Privacy Proofs
- Using Registries to Facilitate Interoperability
- Verifiable Claims for Postal Addresses: A Use Case for Decentralized Postal Services using DIDs, VCs and Blockchains
- Why Matrix Parameters?
A different repository is available for each of the Rebooting the Web of Trust design workshops:
- Rebooting the Web of Trust XI: Netherlands (September 2022)
- Rebooting the Web of Trust X: Buenos Aires (March 2020)
- Rebooting the Web of Trust IX: Prague (September 2019)
- Rebooting the Web of Trust VIII: Barcelona (March 2019)
- Rebooting the Web of Trust VII: Toronto (September 2018)
- Rebooting the Web of Trust VI: Santa Barbara (March 2018)
- Rebooting the Web of Trust V: Boston (October 2017)
- Rebooting the Web of Trust IV: Paris (April 2017)
- Rebooting the Web of Trust III: San Francisco (October 2016)
- Rebooting the Web of Trust II: ID2020 (May 2016)
- Rebooting the Web of Trust I: San Francisco (November 2015)
All of the contents of this directory are licensed Creative Commons CC-BY their contributors.