[DG-BSC] User-centric identity materials

Adrian Gropper agropper at healthurl.com
Thu Dec 8 11:20:01 CST 2016


Thomas,

HIE of One combines self-sovereign identifiers, verifiable claims, and
self-sovereign UMA AS. The self-sovereign components complement each other
and avoid introducing federation constraints typical to an IDP. Verifiable
claims are the non-self-sovereign component but that doesn't mean
federation as I use the term. Verifiable claims make the system
triple-blind.

I'm not sure why we're choosing to compare Sovrin to anything. uPort,
blockstack, and Sovrin can all be used as self-sovereign identifiers under
the evolving DID spec
https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2016/blob/master/draft-documents/DID-Spec-Implementers-Draft-01.pdf
<https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2016/blob/master/draft-documents/DID-Spec-Implementers-Draft-01.pdf>

Why not start with the DID spec and verifiable claims as the basis and
compare them+UMA to OIDC+UMA? In HIE of One, we use both because I don't
see any reason to choose.

When you mention "other entities" in your example, I have trouble mapping
that into UMA. Can you elaborate?

Adrian



On Thu, Dec 8, 2016 at 10:32 AM, Thomas Hardjono <hardjono at mit.edu> wrote:

>
> Adrian,
>
> Unilateral user actions: "Does the solution enable unilateral user actions
> that have unambiguously positive outcomes"
>
> Does an action by a user gets honored across all the entities in the
> identity ecosystem, including by the IdPs and more importantly by the RPs
> (which could be a business). Or does it have side-effects that may be
> negative to the user.
>
> Example: If Alice gives access to a resource and then revokes, do all the
> other entities make this true. And is there any room for misinterpretation
> of Alice's intent.
>
>
> /thomas/
>
>
>
>
>
>
> ________________________________________
> From: dg-bsc-bounces at kantarainitiative.org [dg-bsc-bounces@
> kantarainitiative.org] on behalf of Adrian Gropper [agropper at healthurl.com
> ]
> Sent: Monday, December 05, 2016 1:14 AM
> To: Eve Maler
> Cc: dg-bsc at kantarainitiative.org
> Subject: Re: [DG-BSC] User-centric identity materials
>
> Eve,
>
> Thanks for the HIE of One pitch.
>
> We've added self-sovereign ID to HIE of One using uPort. This now gives
> the resource owner 4 options for authentication at the UMA AS
>
>   1.  Direct Login to the AS
>   2.  Whitelisting OIDC IDPs as an option of UMA resource registration
>   3.  Federated login using OIDC
>   4.  Self-sovereign Blockchain ID with linked verifiable claims
>
> These 4 options are demonstrated in the latest addition to HIE of One in a
> 2-minute video: https://youtu.be/FNlAkGauIdw
>
> Your recent slides seem somewhat harsh on self-soveriegn ID. Sovrin is
> just one of the blockchain-based self-sovereign IDs that are currently
> being standardized<https://github.com/WebOfTrustInfo/rebooting-
> the-web-of-trust-fall2016/blob/master/draft-documents/
> DID-Spec-Implementers-Draft-01.pdf>. Let's review your concluding slide:
>
> [cid:ii_iwboeqmk1_158cd9925fe40b58]
>>
>   1.  The uPort app doesn't require the user to remember either a username
> or password
>   2.  I'm not sure how to interpret "unilateral user actions" - please
> elaborate
>   3.  People have rejected federation for anything other than low levels
> of assurance. A self-sovereign ID can be high assurance while also
> protecting pseudonimity through separable verifiable claims.
>   4.  Self-sovereign ID respects the needs of RS (strong authentication),
> AS (open reputation mechanism and verifiable claims, and RqP (triple-blind
> attribute handling, privacy-preserving claims, on ID app across all
> domains).
>   5.  I'm not sure how to interpret "consent more meaningful in this
> context" - please elaborate
>   6.  The limits of federation are now obvious. Standards-based
> self-sovereign ID seems much more likely to scale.
>
> Adrian
>
>
> On Fri, Dec 2, 2016 at 5:01 PM, Eve Maler <eve.maler at forgerock.com<mailto:
> eve.maler at forgerock.com>> wrote:
> As promised... Here are my slides<https://www.dropbox.
> com/s/wwxgzpykhq0ja2n/2016Q4-GartnerIAM-UserCentricIdentityStandards-
> 20161129%28revised%29.pdf?dl=0> from the presentation this week, my 2008
> slides<https://www.dropbox.com/s/ahsy3eusmdto3pb/Maler-
> NZIDConf-Apr2008.pdf?dl=0>, and the accompanying journal paper<
> https://www.dropbox.com/s/fcl0txic8mtrr8k/Maler-NZIDConf-Apr2008-paper-
> Jan09rev.pdf?dl=0>.
>
> Eve Maler
> ForgeRock Office of the CTO | VP Innovation & Emerging Technology
> Cell +1 425.345.6756<tel:%28425%29%20345-6756> | Skype: xmlgrrl |
> Twitter: @xmlgrrl
>
> _______________________________________________
> DG-BSC mailing list
> DG-BSC at kantarainitiative.org<mailto:DG-BSC at kantarainitiative.org>
> http://kantarainitiative.org/mailman/listinfo/dg-bsc
>
>
>
>
> --
>
> Adrian Gropper MD
>
> PROTECT YOUR FUTURE - RESTORE Health Privacy!
> HELP us fight for the right to control personal health data.
> DONATE: http://patientprivacyrights.org/donate-2/
>



-- 

Adrian Gropper MD

PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/dg-bsc/attachments/20161208/171f78e5/attachment.html>


More information about the DG-BSC mailing list