[DG-BSC] User-centric identity materials

Thomas Hardjono hardjono at mit.edu
Thu Dec 8 09:32:36 CST 2016


Unilateral user actions: "Does the solution enable unilateral user actions that have unambiguously positive outcomes"

Does an action by a user gets honored across all the entities in the identity ecosystem, including by the IdPs and more importantly by the RPs (which could be a business). Or does it have side-effects that may be negative to the user.

Example: If Alice gives access to a resource and then revokes, do all the other entities make this true. And is there any room for misinterpretation of Alice's intent.


From: dg-bsc-bounces at kantarainitiative.org [dg-bsc-bounces at kantarainitiative.org] on behalf of Adrian Gropper [agropper at healthurl.com]
Sent: Monday, December 05, 2016 1:14 AM
To: Eve Maler
Cc: dg-bsc at kantarainitiative.org
Subject: Re: [DG-BSC] User-centric identity materials


Thanks for the HIE of One pitch.

We've added self-sovereign ID to HIE of One using uPort. This now gives the resource owner 4 options for authentication at the UMA AS

  1.  Direct Login to the AS
  2.  Whitelisting OIDC IDPs as an option of UMA resource registration
  3.  Federated login using OIDC
  4.  Self-sovereign Blockchain ID with linked verifiable claims

These 4 options are demonstrated in the latest addition to HIE of One in a 2-minute video: https://youtu.be/FNlAkGauIdw

Your recent slides seem somewhat harsh on self-soveriegn ID. Sovrin is just one of the blockchain-based self-sovereign IDs that are currently being standardized<https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2016/blob/master/draft-documents/DID-Spec-Implementers-Draft-01.pdf>. Let's review your concluding slide:


  1.  The uPort app doesn't require the user to remember either a username or password
  2.  I'm not sure how to interpret "unilateral user actions" - please elaborate
  3.  People have rejected federation for anything other than low levels of assurance. A self-sovereign ID can be high assurance while also protecting pseudonimity through separable verifiable claims.
  4.  Self-sovereign ID respects the needs of RS (strong authentication), AS (open reputation mechanism and verifiable claims, and RqP (triple-blind attribute handling, privacy-preserving claims, on ID app across all domains).
  5.  I'm not sure how to interpret "consent more meaningful in this context" - please elaborate
  6.  The limits of federation are now obvious. Standards-based self-sovereign ID seems much more likely to scale.


On Fri, Dec 2, 2016 at 5:01 PM, Eve Maler <eve.maler at forgerock.com<mailto:eve.maler at forgerock.com>> wrote:
As promised... Here are my slides<https://www.dropbox.com/s/wwxgzpykhq0ja2n/2016Q4-GartnerIAM-UserCentricIdentityStandards-20161129%28revised%29.pdf?dl=0> from the presentation this week, my 2008 slides<https://www.dropbox.com/s/ahsy3eusmdto3pb/Maler-NZIDConf-Apr2008.pdf?dl=0>, and the accompanying journal paper<https://www.dropbox.com/s/fcl0txic8mtrr8k/Maler-NZIDConf-Apr2008-paper-Jan09rev.pdf?dl=0>.

Eve Maler
ForgeRock Office of the CTO | VP Innovation & Emerging Technology
Cell +1 425.345.6756<tel:%28425%29%20345-6756> | Skype: xmlgrrl | Twitter: @xmlgrrl

DG-BSC mailing list
DG-BSC at kantarainitiative.org<mailto:DG-BSC at kantarainitiative.org>


Adrian Gropper MD

HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2016-12-05 at 12.57.07 AM.png
Type: image/png
Size: 163915 bytes
Desc: Screen Shot 2016-12-05 at 12.57.07 AM.png
URL: <http://kantarainitiative.org/pipermail/dg-bsc/attachments/20161208/f1c48900/attachment-0001.png>

More information about the DG-BSC mailing list