[DG-BSC] User-centric identity materials

Adrian Gropper agropper at healthurl.com
Mon Dec 5 00:14:01 CST 2016


Eve,

Thanks for the HIE of One pitch.

We've added self-sovereign ID to HIE of One using uPort. This now gives the
resource owner 4 options for authentication at the UMA AS

   1. Direct Login to the AS
   2. Whitelisting OIDC IDPs as an option of UMA resource registration
   3. Federated login using OIDC
   4. Self-sovereign Blockchain ID with linked verifiable claims

These 4 options are demonstrated in the latest addition to HIE of One in a
2-minute video: https://youtu.be/FNlAkGauIdw

Your recent slides seem somewhat harsh on self-soveriegn ID. Sovrin is just
one of the blockchain-based self-sovereign IDs that are currently being
standardized
<https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2016/blob/master/draft-documents/DID-Spec-Implementers-Draft-01.pdf>.
Let's review your concluding slide:


​

   1. The uPort app doesn't require the user to remember either a username
   or password
   2. I'm not sure how to interpret "unilateral user actions" - please
   elaborate
   3. People have rejected federation for anything other than low levels of
   assurance. A self-sovereign ID can be high assurance while also protecting
   pseudonimity through separable verifiable claims.
   4. Self-sovereign ID respects the needs of RS (strong authentication),
   AS (open reputation mechanism and verifiable claims, and RqP (triple-blind
   attribute handling, privacy-preserving claims, on ID app across all
   domains).
   5. I'm not sure how to interpret "consent more meaningful in this
   context" - please elaborate
   6. The limits of federation are now obvious. Standards-based
   self-sovereign ID seems much more likely to scale.

Adrian



On Fri, Dec 2, 2016 at 5:01 PM, Eve Maler <eve.maler at forgerock.com> wrote:

> As promised... Here are my slides
> <https://www.dropbox.com/s/wwxgzpykhq0ja2n/2016Q4-GartnerIAM-UserCentricIdentityStandards-20161129%28revised%29.pdf?dl=0> from
> the presentation this week, my 2008 slides
> <https://www.dropbox.com/s/ahsy3eusmdto3pb/Maler-NZIDConf-Apr2008.pdf?dl=0>,
> and the accompanying journal paper
> <https://www.dropbox.com/s/fcl0txic8mtrr8k/Maler-NZIDConf-Apr2008-paper-Jan09rev.pdf?dl=0>
> .
>
>
> *Eve Maler*ForgeRock Office of the CTO | VP Innovation & Emerging
> Technology
> Cell +1 425.345.6756 <%28425%29%20345-6756> | Skype: xmlgrrl | Twitter:
> @xmlgrrl
>
> _______________________________________________
> DG-BSC mailing list
> DG-BSC at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/dg-bsc
>
>


-- 

Adrian Gropper MD

PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/dg-bsc/attachments/20161205/10f76867/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2016-12-05 at 12.57.07 AM.png
Type: image/png
Size: 163915 bytes
Desc: not available
URL: <http://kantarainitiative.org/pipermail/dg-bsc/attachments/20161205/10f76867/attachment-0001.png>


More information about the DG-BSC mailing list