dif

Where to begin?

A DIF Overview of Introductory Resources (August 2020)

· 8 min read

[Note: this article is also available as a downloadable PDF. It was co-written with Kaliya-IdentityWoman.]

There is no one single (or even central) place where decentralized identity technologies are being created. It is decentralized in its processes as well as its topography. Learning the “lay of the land” entails bouncing around a network more than surveying a city from a high vantage point. But that’s ok! We recommend starting from the least familiar of these links and bouncing around, rather than reading start to finish.

Photo by Benjamin Elliot

—Video Introductions to SSI

  • An Introduction to Self-Sovereign Identity 9min
    This presentation by the “SSI Ambassador” (Adrian Doerk of the LISSI project, headquartered in Frankfurt, Germany) touches on the psychology and sociology of identity definitions. It highlights why digital identity offers many different ways to present ourselves and walks through the basics of how ID today is dominated by mega-IdPs (identity providers). It gets to the conceptual heart of what SSI is about. It also shows a real live demonstration of a scooter-authorization project spearheaded by T-Mobile Germany.
  • Self-Sovereign Identity (SSI) Foam Figure Explainer v2 9min
    John Phillips from 460 Degrees, a consulting firm from Sydney, AU, updated his earlier video in January of 2020. This level-setting and first-introduction was designed to help Phillips’ clients understand what SSI looks like from a business-process perspective, which is the key perspective from which large enterprises are mostly likely to decide how much to invest in researching and considering SSI solutions. For more guidance on B2B sales and education, see his longer February presentation at SSI Meetup about how to explain SSI to C-Level executives.
  • The True Meaning of Identity 38 min
    In September 2019, Kaliya Young presented to SIBOS (the conference of the SWIFT settlement network central to global banking) in their Innovation Track. The video introduces the concept of identity and how it has evolved over time, before sharing at a high level how Self-Sovereign Identity works and why it solves widespread business problems.
  • Domains of Identity — 33 min
    In July of 2018, Kaliya Young presented to the MyData Conference and tied together her research work developing the Domains of Identity and how the various domains connects to the usage of decentralized identity technology — decentralized identifier and verifiable credentials.

The SSIMeetup series run out of Madrid, Spain by the indefatigable Alex Preukchat has been assembling a video archive of their live webinar series for years. For these, they invite leaders of influential SSI projects from around the world. These events have a loyal following of regular attendees, making for a spirited Q&A session at the end of each video. While most of the videos tend towards deep dives in specific technical, governance, business, or regional topics, some of them can be useful, accessible, and inspiring for novices. Here are a few we recommend in particular as “novice-friendlier deep dives”:

— Organizational Centers of Gravity in SSI

Decentralized Identity Foundation (you are here)

This organization was formed as a Joint Development Foundation project in 2017 and has grown to be a major venue for IPR-protected co-development among large and small industry players. It has historically focused on the development of both working open-source code and pre-standard specifications for decentralized identity, but it is starting to branch out into non-technical forms of cooperation for the purposes of market-building and to promote all open decentralized identity technology, whether created in DIF or elsewhere.

The W3C Credentials Community Group

This public discussion group is affiliated with the Worldwide Web Consortium (W3C), a standards organization for web technologies supported by membership dues and responsible for the management of core protocols like HTML and TLS. The Credential Community Group (CCG) is not an official working group of the W3C, but is still protected under a version of W3C’s IPR regime. Work items can be proposed by W3C non-members, and these often include specifications that go on to be standardized. CCG meets every week and is a hub for coordinating activity. Their meetings are recorded and minuted, often including presentations. They also have coordinate other discussion groups open to non-members, such as the Education Credentials Task Force (“vc-ed”).

The Internet Identity Workshop

This biannual event has been the convening at the heart of the decentralized identity community for 15 years, held at the Computer History Museum in the heart of Silicon Valley. It is uniquely co-created by its participants in a mostly-organic and community-driven way, with no pre-picked speakers, keynotes, or commercial presentations aside from a demo hour. True to its name, workshopping, whiteboarding, and open (but detailed and concrete!) discussion on a massive scale are the core of the event. The books of proceedings organize and refine all of the notes taken live during all the sessions convened at each event.

MyData Global

This influential and egalitarian global organization grew out of a series of conferences first held in 2016. They advocate for a human-centric and rights-driven vision where individuals can get digital services that support them to collect their data, not just safeguarding and well serving but even empowering the data subject. Organizational members and individual members come together to create an ongoing dialogue between “consumers” and ethical businesses to shape new types of markets for digital services. Rooted in the values of the MyData Declaration, they focus primarily on elaborating refined, nuance, and bottoms-up models for data governance; only from a solid governance foundation do they begin to make policy, business, and technology decisions. They recently published the MyData Operators paper, bringing their policy, business, and technological goals more squarely into the realm of decentralized identity.

The Sovrin Foundation

Since the early days of decentralized identity, Sovrin has been one of the major hubs of innovation and entrepreneurship, serving as a kind of all-in-one community, codebase, blockchain, and better business bureau. They have also published many canonical educational and marketing texts that have been foundational to the development of “self-sovereign identity” as a sector of the software industry. The Aries project (housed in the Hyperledger Foundation) and the Trust-over-IP foundation are, in a sense, spin-outs of the Sovrin foundation, and both remain loosely based (sometimes by design, sometimes by momentum) on the Sovrin community’s codebase, ledger, and design principles. The fastest way to familiarize yourself with these is the whitepaper library on the Foundation’s website.

Standards organizations

These centers of gravity are where ideas and business models evolve in broad conversation. Inevitably, structuring ground rules and governance models for these eventually have to be negotiated between technical experts and standards adopted before major investments (of capital, but also of legislation and public good will) can be approved. See Nader Helmy’s great tour of standards organizations relevant to these centers of gravity.

— Government Initiatives:

United States Federal Government

Anil John, head of the Silicon Valley Innovation Program run under the auspices of the Department of Homeland Security’s Science and Technology directorate has been funding the development of standards and business models in the nascent field for years. Their website hosts an overview of related projects articles by them, as well as guidance documents such as the Taxonomic Approach to Understanding Emerging Blockchain Identity Management Systems. Anil’s blog hosted by CyberForge includes many thoughtful pieces, such as Anil’s recent thoughts on interoperability or his article on the role of government in free-market technology, Can LESS be more?

The British Columbia Provincial Government

“BCGov” has invested significantly in the SSI IT management model and has pioneered an approach to verifiable public data represented by the Verifiable Organizations Network (“VON”). This network provides public-record credentials about registered business in a publicly accessible repository of Verifiable Credentials, bringing the traditional “orgBook” into the decentralized era. By directing much of their IT budgets towards open-source development and participating heavily in the emerging open-source community around this project, they have provided invaluable leadership, particularly within the Aries community, including such major contributions as the core of the Aca-Py Codebase.

The European Union

ESSIF (European SSI Framework) is an ongoing open-source initiative to seed and accelerate the role of SSI in the EU digital “single market” strategy. It is housed jointly between the directorate-generals responsible for IT planning and policy in Brussels and the independent European Blockchain Services Infrastructure (EBSI), a 30-country collaboration of EU and EU-affiliated countries working together to build a shared infrastructure for government blockchain projects. SSI Meetups are the best way to learn more about ESSIF and its role in the EU’s broader digital initiatives:

  • An overview by ESSIF Convenors Daniel du Seuil and Carlos Pastor (July 2019)
  • ESSIF Chief Legal Counsel Nacho Alamillo gave an introduction to ESSIF’s approach to eIDAS in February 2020 and a more detailed overview of the official report of the legal review based on that approach in May of 2020
  • ESSIF-LAB program coordinators Oskar van Deventer and Rieks Joosten (TNO, the Hague) gave an overview of how their program incentivizes interoperability and European contributions to the broader SSI landscape (March 2020)
  • Interested parties are encouraged to check the ec.europa.eu website for current public consultations and calls for comment.

Other Notable International Consortia:

The Known Traveler Digital Identity project is led by the World Economic Forum and brings together the governments of Canada and the Netherlands, two Airlines and three airports to create a proof of concept that schedule to start real-world trials in the ill-fated Spring of 2020. Interrupted roadmaps aside, it has produced a significant corpus of documentation, policy recommendations, debate, and interest among governments and technical industries.

— Whitepapers and Publications:

  • The Concept of Self-Sovereign Identity including its Potential by eGovernment Innovationszentrum, Gratz University of Technology
  • Self-sovereign Identity: A position paper on blockchain enabled identity and the road ahead, by the Identity Working Group of the German Blockchain Association
  • Decentralized Identity: Own and control your identity by Microsoft
  • Decentralized-ID.com is a sprawling and truly bottomless collection of resources culled from conference annals, github, and technical publications. It is almost exclusively gathered and curated by anonymous independent researcher “Infominer,” who has been working in the virtual salt mines of decentralized identity, cryptocurrency, and the #indieweb movement for almost a decade.

Rebooting the Web of Trust hosts a “github journal” of whitepapers, most of them not just peer-reviewed but collaboratively written in person at 3-day “working conferences”; these range from highly technical and even cryptographic topics to business and UX-oriented contributions to the knowledge base of the broader decentralized-identity community. Some recent and still-topical highlights include:

— Monographs:

— Podcasts:

  • Definitely Identity by Tim Bouma who leads trust framework and identity projects for the IT authority of the federal government of Canada. On the show, he interviews leaders in the field.
  • State of Identity. The One World Identity conference and network has a podcast that covers the identity technology sector broadly, including cybersecurity, federated and centralized identity vendors, and even identity-related machine learning projects.
  • PSAToday by Kaliya Young and Seth Goldstien. PSA stands for Privacy Surveillance and Anonymity, and covers a wide range of data rights topics.

There is, of course, much more to be recommended for deeper dives into specific technologies, business problem spaces, policy histories, and governance thinking. But we have to draw the line somewhere, and by the time you get to those advanced topics, are you really reading “introductory” texts anymore? Stay tuned for more curation, more knowledge bases, and more network exploration.