Website | Mailing list | Meeting recordings
Table of contents
- Foundation News 2. Group Updates; 3. Member Updates; 4. Funding; 5. Members; 6. DIF Media; 7.Events & Community; 8. Jobs; 9. Metrics; 10. Join DIF
π Foundation News
- DIF is hiring a PM!
- DIF is looking for a motivated and engaged Program Manager (full-time, remote) to oversee and facilitate important ongoing work across the open-source pre-standards community at DIF.
- Help organize, represent and care for DIF members, both prospective and existing, and grow along with the booming digital identity sector and the foundation itself.
- Is this you, or do you know of someone excited to work on open standards? More details including a full job description over on GitHub and apply by sending an email to jobs@identity.foundation.
- DIF has launched version 1 of the Chairs' Handbook as reference material and an onboarding tool.
- Please feel free to comment and suggest useful changes!
- DIF is also now on Discord!
- Join the Discord and get involved with the open groups here
- At present, only DIDComm User Group is fully active but we are rolling out other groups
- Please use full name as your server name when joining the DIF Discord. The DIF Code of Conduct still applies.
- DIF Comms
- We have reached 5k Twitter followers and 5k subscribers to our monthly Newsletter! π Read more about reaching these end-of-year milestones on our DIF Blog here
- Open Comms calls will still take place 15th Dec, then meeting in 2022 on the 4th (see DIF Calendar), now looking at 2021 year in review and 2022 community agenda-setting. See you there!```
- β«οΈ DIF and the wider identity community mark the passing of Kim Cameron. A pioneer and visionary who laid the foundations of ethical digital identity thinking with his 7 Laws of Identity, and a true champion of Decentralized Identity, both during his tenure at Microsoft and beyond. A tribute to Kim by Joerg Resch at Kuppinger Cole is here.
π οΈ Group Updates
βοΈ InterOp WG (cross-community)
- 8 Dec
- Dmitri Zagidulin presented on QR-code initiation.
- 24 Nov
- Do we want to define an interop profile for the community?
- Need for a clearer roadmap:
- Drafted a shorter cleaner version
- This is based on an older version here
- Call for feedback & comments from membership
- 10 Nov
- Presentation (recording link) from Hakan (Technical University Berlin), Andreas Freitag (Jolocom) and Eugeniu Rusu (Jolocom) to hear from the German community about how they have approached interop. This builds on a conversation started during IIW33.
- Main topics covered include:
- What is the core connector for interoperability?
- One profile that works across the consortias
- How does this work with EU initiatives? Should all countries deliver a wallet that is interoperable?
- The interoperability matrix they are working on: here
- Approaches to testing
- Taking inspiration from the Aries test harness
- Unfortunately, the October-November Updates for Interop were missing from our last newsletter, #23. We apologize and include them here:
- Library polooza followup meeting
- IIW recap session
- maturity of the ecosystem
- discussion on KERI vs DIDcomm
- Govt direction is not completely aligned with tech direction
- Interop group is not IP protected and the current status of the charter is here.
π‘ Identifiers & Discovery
- Continued discussion of did:keri and relation to other DID methods
- Work items:
- Type of identifiers this method supports and their intended use-cases (e.g., did:key)
- How to incept KERI-based DIDs and DID Documents with multiple keys associated with them
- KERI and did:peer - efforts to align
- How does the method prove uniqeuness?
- KERI is described in a whitepaper: Need to summarise the core concepts and processing rules
- How are witnesses defined? (public keys)
- Implementation maturity?
- Implementation by Jolocom (in Rust) - implements the core
- Other implementations - GO, Javascript
- did:oyd method introduction
- Content-based addressing, does not rely on a blockchain, using event log for updates
- Content-based addressing (verifiable mapping between DID and DID Document)
- Present 3 artefacts of did:oyd: DID, DID Document, Log (events)
- Presentation of the Create/Update/Deactivate methods
- Presentation of the cloning method
π‘οΈ Claims & Credentials
- 10th Dec - ESSIF-LAB Consent Record Demo - YouTube recording
- Data Agreement demos from NGI ESSIF-LAB sub-grantees iGrant.io, Gataca and the Human Colossus Foundation. These three demo'd implementations demonstrate how a consent notice (or "data agreement" as it was called in the ESSIF-LAB context) gets signed as a shared record between issuers/verifiers (data controllers) and holders (data subjects). The data agreement sets a clear purpose of usage, what personal data is collected, how long data can be retained and on what lawful basis it can be processed; both parties keep a record, allowing precise GDPR enforcement and transparency on all sides.
- The data agreement was originally based on the Kantara Initiative's Consent Notice, which is now being standardized as a new ISO standard 27560.
- Data Agreement demos from NGI ESSIF-LAB sub-grantees iGrant.io, Gataca and the Human Colossus Foundation. These three demo'd implementations demonstrate how a consent notice (or "data agreement" as it was called in the ESSIF-LAB context) gets signed as a shared record between issuers/verifiers (data controllers) and holders (data subjects). The data agreement sets a clear purpose of usage, what personal data is collected, how long data can be retained and on what lawful basis it can be processed; both parties keep a record, allowing precise GDPR enforcement and transparency on all sides.
- Juan Caballero stepping up as C&C chair
- JWS Test Suite (notes): test-by-test consequences of "instead of or in addition to" ambiguity in JWT expression of credentials as defined by the JWT section of the VC data model v1.1
- WACI-PEX
- swift progress on Issuance extension
- BBS+ blocking both presentation and issuance now
- PE (2.0) + Credential Manifest
- PE v2 moving forward
- At last CM meeting, PE mostly pre-empted (works around OIDF usage)
- Verifier Universal Interface (VUI) tracking
- Waiting for sign-off on IPR from all donors still?
π DID Auth
- SIOP v2 and OIDC4VP specifications are starting the First Implementer's Draft Call, which would give the implementers the IPR protection (A LOT of improvements. please send the last minute review comments if any)
- https://openid.bitbucket.io/connect/openid-connect-self-issued-v2-1_0.html
- https://openid.bitbucket.io/connect/openid-connect-4-verifiable-presentations-1_0.html
- OpenID Connect for Verifiable Credentials Issuance has been adopted by the OpenID Foundation Connect WG (you can start filing issues in the Connect WG Bitbucket)
- https://openid.net/specs/openid-connect-4-verifiable-credential-issuance-1_0.html
- Some noteworthy changes
- OIDC4VP removed the option to embed VP inside the ID Token, the only option is to send a separate VP Token alongside ID Token
- Current OIDC4VP draft mandates the use of PEv2, but there are discussions to allow arbitrary "policy languages"
- For SIOP
sub
claims, JWK Thumbprint URI draft has been submitted to the IETF (https://www.ietf.org/archive/id/draft-jones-oauth-jwk-thumbprint-uri-00.html)
π» DIDcomm
- The DIDComm Group would like to thank outgoing chairs, Tobias & Oliver for all of their past dedication and support, and take the opportunity to welcome incoming chair, Steve McCown.
- Meetings canceled: Dec 20, 27, and Jan 3
- Next meeting 10th Jan 2022
- DIDComm-js Repo Archive
- DIDComm & Hub Discussion: Scope and Organization
- Discover Features v2 PR313
- From in OOB PR314
- typ in wrong places? (Sam)
- PR Needed Issues
- Call to Participate - DIDComm User Group
- Now that the DIDComm v2 spec is nearing completion, and there are robust libraries in multiple programming languages, we are starting a user group to share learnings as we put DIDComm into production. We will organize community resources, produce a handbook, foster application-level protocol creation, maintain the didcomm.org website and repo, and recommend best practices. We invite anyone who's interested to register in the user group's email list here or Discord channel here.
- The first regular meeting will be held on January 10th-14th, with meeting selection to happen prior on the above communication methods.
- Although this UG is sponsored by DIF, this is not an IP-protected context. We won't be developing specs or working on standards. Thus, you don't have to be a member of any particular org to join, and there are no legal terms to review or paperwork to sign. Please join us!
π§ KERI
- Status update for
did:keri
, and plans to add it as a work item to the ID WG.- Information and contextual documents
- Current did:keri method specification
- Current status of did:keri
- The goal is to continue and further expand the work on the DID method specification, to figure out how all the KERI building blocks can be utilized together in a method spec.
- Does did:keri by itself make sense, or only "KERI in the context of an existing DID method" (e.g. did:indy:keri)?
- The work in the KERI WG is in a special state. The goal is to "wrap up" that current status of KERI so that the KERI spec work goes into a "sleep" state. There are two communities, one working in the Trust-over-IP Foundation (ToIP), one working at DIF.
- The proposal is to contribute the KERI work itself to the Applied Cryptography Working Group, and the did:keri work to the Identifiers & Discovery Working Group.
π± Wallet Security WG
- Work item proposal: differential credential security
- Work item proposal: device binding
- Wallet implementers consultation, questionnaire and spreadsheet
- Discussion big picture/vision and direction for the group in 2022
- Meeting on 28th Dec cancelled
- Next meeting will be 11th of January 2022
π± Applied Crypto WG
- Proposal Review
- Work Item Reports
- BBS+ Issue 10: awareness about order of messages
- 3 design options:
- 1. No awareness - most flexible for higher layers
- 2. Current approach - prefix with bit array to match order to underlying order (doesn't allow for canonicalization algos or higher-level users which need to reorder, i.e. LDP URDNA)
- 3. Append a more elaborate structure - byte array of indices referring to the message order in underlying dataset
- 3 design options:
- bof secure software supply chain - no update
- CBB Data Encoding & CBB Crypto Service Protocol
- cbb_delegatable_anonymous_credentials
- cbb_policy_as_code
- JSON Web Proof
- Housekeeping and cleaning up documents
- There are now 3 schemas for further assessment
- Created a presentation and started graphical description
- Need to expand the details and decide on design options for each schema.
- BBS+ Issue 10: awareness about order of messages
βοΈ Hospitality & Travel
- Discussion continues around customer journeys, and developing working models based on the existing use-cases identified by the group
π¦ Finance & Banking
Presentations:
- December 2nd
- Franklin Noll - Noll Historical Consulting
- November 18th
- Jeff Jokisch - Privacy Plan presented on anti-money laundering legislation, scope of the problem and punitive fines globally
π APAC/ASEAN Open Call
- Discussion with ToIP continue about cohosting APAC calls in 2022
- Identity Week Asia Highlights
π Africa Open Call
- Nairobi Decentralized Identity project Gravity presentation postponed until early 2022.
π° Funding
eSSIF-Lab
- eSSIF-Lab has just launched its final Open Call! Calling SMEs, not-for-profit entities or research organizations developing SSI working solutions or open-source components
- Apply if you are:
- Developing a new SSI solution for the real-world
- Developing business-oriented extensions to the eSSIF-Lab basic infrastructure
- There is β¬53K available for each proposal selected!
- Apply here.
NGI Open CallsΒ (EU)
- Funding is allocated to projects using short research cycles targeting the most promising ideas. Each of the selected projects pursues its own objectives, while the NGI RIAs provide the program logic and vision, technical support, coaching and mentoring, to ensure that projects contribute towards a significant advancement of research and innovation in the NGI initiative.
- The focus is on advanced concepts and technologies that link to relevant use cases, and that can have an impact on the market and society overall. Applications and services that innovate without a research component are not covered by this model.
- Varying amounts of funding. Learn more here.
ποΈ DIF Media
- To mark the annoucement of the 34th Internet Identity Workshop, our recap of the Internet Identity Workshop 33 went live on the DIF Blog..
- IIW34 will take place Apr 26th - 28th 2022 as an in-person event at the Computer History Museum.
π Events & Community
- DIF Face2Face
- 24th February 2022, Virtual Event
- Save the date!
- More details about program and schedule to follow!
- European Identity and Cloud Conference 2022
May 10th β 13th 2022, Hybrid Event- Call for Speakers
- 20 minutes to present your thoughts and findings in front of the identity community. After the event, your presentation will be published on the KuppingerCole website
- Deadline for speaker applications 28th Feb 2022, apply here.
- Call for Speakers
- Canada and the European Union Joint Workshop Series for Enabling Interoperability and Mutual Support for Digital Credentials
- Report on the technical and policy workshops held by Canada and the European Commission (EC). Innovation, Science and Economic Development Canada (ISED) and Directorate-General | CONNECT (DG CONNECT) from the EC, jointly led this series of workshops held from spring to summer 2021.
Hyperledger Aries
- To anyone in the Aries Community that either builds Frameworks or deploys Aries solutions:
- Many of in the Aries community want to transition from using the "early days" RFC 0160 Connections protocol (part of AIP 1.0) to the newer RFC 0023 DID Exchange and RFC 0434 Out of Band protocols. A "community upgrade" has been proposed that will accomplish that in a way that we can avoid periods of instability between Aries agents (Issuers, Verifiers, Wallets, etc.) if we coordinate a series of changes in our deployments.
- A PR has been proposed to RFC 0496 (Transition to OOB and DID Exchange) and is expected to be accepted that will move us to Stage 1 of the transition, where all implementations are to be updated to accept requests using both the older Connections and newer DID Exchange protocols. During that period, all deployments will continue ONLY to send requests using the older Connections protocol. Please see RFC 0496 for the details of the entire transition.
- The Aries Working Group is requesting that all deployments of Aries:
- Support this transition
- Update their code bases and deployments to achieve Step 1 of the transition.
- Document their completion of that Step in the RFC (per instructions).
- Monitor the conversation around RFC 0496 to be ready to go to Step 2 of the transition.
- Please direct any questions to the Aries channel in Hyperledger RocketChat.
πΌ Jobs
Members of the Decentralized Identity Foundation are looking for:
- Program Manager- DIF
- Location: remote
- Software Engineer- IO Global
- Decentralized Identity Foundation (DIF) Project Lead
- Location: remote
- Decentralized Identity Foundation (DIF) Project Lead
- Software Engineer - Transmute
- Decentralized Identity Foundation (DIF) Project Lead
- Location: remote/flexible
- Decentralized Identity Foundation (DIF) Project Lead
- Community Manager - Jolocom
- Location: Berlin, German-speaking
- Consultant (junior/senior) - Jolocom
- Location: Berlin, German-speaking
- SDK Developer (midlevel/senior) - Jolocom
- Javascript, Typescript, NodeJS
- Location: Berlin
- Javascript, Typescript, NodeJS
- Senior Backend Engineer - Diwala
- Location: Remote
- Senior Frontend Lead - Diwala
- Location: Remote
Check out the latest available positions on the DIF Jobs Board here.
π’ Metrics
Newsletter: 5,109 subscribers | 29% open rate
Twitter: 5,043 followers | 5,888 impressions | 6,244 profile visits
Website: 22.34k unique visitors
Youtube: 201 unique visitors
(In the last 30 days)
π Join DIF!
If you would like to get involved with DIF's work, please join us and start contributing.
Can't get enough of DIF?
follow us on Twitter
join us on GitHub
subscribe on YouTube
read us on our blog
or read the archives
Got any feedback regarding the newsletter?
Please let us know - we are eager to improve