O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Verifiable Credentials, Self Sovereign Identity and DLTs

402 visualizações

Publicada em

My talk from Crypto Valley Conference 2018 on emerging standards in Self-Sovereign Identity, Technology behind it, Overview of implementations and how to use it with blockchain and DLT systems.

Publicada em: Tecnologia
  • Seja o primeiro a comentar

Verifiable Credentials, Self Sovereign Identity and DLTs

  1. 1. www.luxoft.com Verifiable Credentials, Self Sovereign Identity and DLTs – Overview and Applications V. Suvorov, CTO Luxoft June 22, 2018 Crypto Valley Conference 2018
  2. 2. www.luxoft.com NOTION OF IDENTITY IS PERVASIVE! 2 • The fact of being who or what a person or thing is • as modifier (of an object) serving to establish who the holder, owner, or wearer is • A close similarity or affinity • A transformation that leaves an object unchanged (Math!). who a person is, or the qualities of a person or group that make them different from others 1a : sameness of essential or generic character in different instances b : sameness in all that constitutes the objective reality of a thing : ONENESS 2a : the distinguishing character or personality of an individual : INDIVIDUALITY b : the relation established by psychological identification 3: the condition of being the same with something described or asserted (establish the identity of stolen goods) 4: an equation that is satisfied for all values of the symbols
  3. 3. www.luxoft.com IDENTITY IS A KEY CONCEPT FOR DLT/BLOCKCHAIN 3 {SK,PK} TRANSACTION VERIFICATON HISTORY SIGNATURE (or ZKP) ADDRESS (or ZKP) IDENTITY!
  4. 4. www.luxoft.com 4 Decentralized Ecosystems Require Robust Decentralized Identity Layer
  5. 5. www.luxoft.com ENTER STANDARDS 5 DECENTRALIZED IDENTITY FOUNDATION DECENTRALIZED IDENTITIES Anchored by BLOCKCHAIN IDs Linked to ZERO-TRUST DATASTORES That are UNIVERSALLY DISCOVERABLE people, organizations, apps, and devices. Credentials Community Group Verifiable Claims Working Group
  6. 6. www.luxoft.com DECENTRALIZED IDENTIFIERS (DIDs) 6 Key enabler for decentralized self-sovereign identity Decentralized Self-Sovereignty Privacy Security Proof-based Discoverability Interoperability Portability Simplicity Extensibility DESIGN GOALS DID DID Document
  7. 7. www.luxoft.com VERIFIABLE CLAIMS/CREDENTIALS – ROLES & TRUST 7 ISSUED BY CORRECT, REVOCABLE INCORRUPTIBLE, CORRECT OWNERSHIP By decoupling the trust between the identity provider and the relying party, a more flexible and dynamic trust model is created such that market competition and customer choice is increased. REPOSITORY ISSUER + HOLDER = IDENTITY PROVIDER ISSUER DOESN’T NEED TO TRUST VERIFIER
  8. 8. www.luxoft.com VERIFIABLE CREDENTIALS 8 How DIDs become (use-case specific) Identities DMV – issuer Traveler – Holder/Subject DID:EXAMPLE:EBFEB… Bar - inspector/verifier W3C Example
  9. 9. www.luxoft.com DECENTRALIZED IDENTIFIERS (DIDs) 9 Interoperability DID:BTCR: DID:SOV: DID:UPORT: DID:IPID: DID:V1: DID:STACK: DID:ERC725:
  10. 10. www.luxoft.com QUICK LOOK AT IMPLEMENTATIONS - ETHEREUM 10 Focus is On-Chain verification (Contract to Contract) Universal Identity Layer (Off chain and on-chain) ERC 725 ERC 725 Compliant Contract (On-Chain Claims, Identity and Access Control) Ethereum uPort Selective Disclosure Request Flow Off-Chain Claims uPort-Compliant JWT’s uPort Public Key Infrastructure uPort DID Resolver DID Document Storage (IPFS) On-Chain Claims Registry (ERC 780) Ethereum Accont Abstraction (Optional) uPort Proxy (Identity) (Optonal) Access Control Layer Ethereum
  11. 11. www.luxoft.com QUICK LOOK AT IMPLEMENTATIONS - SOVRIN 11 • Dedicated, public but permissioned ledger • Pair-wise DIDs • Agents based claims/proofs exchanges • ZKPs for selective disclosure & revocation • Part of Hyperledger (Project Indy)
  12. 12. www.luxoft.com FROM VERIFIABLE CLAIMS TO SELF-SOVEREIGN IDENTITIES 12 Sharing Attestations Selectively HOTEL – VERIFIER/TRUST ANCHOR DID:SOV:12345689ABCDEFGAB COMPANY – TRUST ANCHOR DID:SOV:V4SGRU86Z58D6TV7PBUE6F TRAVELER - PROVER DID:SOV:91286348ABCDEFGA D DID:SOV:26472862BACFDRHK D DID:SOV:69283462DFJSLDHFJ S CAR RENTAL – VERIFIER/TRUST ANCHOR DID:SOV:12345689SDJGLJF
  13. 13. www.luxoft.com IDENTITY AND PRIVACY – AVOIDING THE LEAKS 13 HOLDER/SUBJECT DID:EXAMPLE:EBFEB… ISSUER VERIFIERVERIFIER Claim COLLUSION CORRELATION • Avoid sharing PIIs • Favor single-use or tokenized identifiers • Re-generate signatures and other meta-data • Disable Device-fingerprinting • Favor Abstract Claims (predicates) • Favor Minimum Disclosure
  14. 14. www.luxoft.com ANONYMOUS CREDENTIALS – THE FOUNDATION 14 HOLDER/ SUBJECT ISSUER VERIFIER 1 VERIFIER 2 PROVERDID1 ATTRs (A1, A2,A3,A4) CL Sig DID2 ZK1: { Credential(Issuer PK, Ms, A1, A2, A3, A4, CL Sig) ⋀ (A3 != S) } Privacy Preserving Attribute Based Credentials (ABCs) Privacy ABCs • Composable • Selective attributes disclosure • Predicates (AND,NOT,OR) • Unlink-able, Untraceable • Enable ZKP Revocation Lists DID1 (Ms) DID3 ZK2: { Credential(Issuer PK, Ms, A1, A2, A3, A4, CL Sig) ⋀ (A4 > N) }
  15. 15. www.luxoft.com EMERGING IDENTITY (ATTRIBUTES) USAGE PATTERNS “IDENTITY” AS A KEY 15 “IDENTITY” AS CONTENT Buying & Selling Property Buying & Selling Cars Logistics Loyalty & Rewards Healthcare Access Control Travel & Mobility Financial Services Maintenance Training & EducationContent Consumption
  16. 16. www.luxoft.com IDENTITY AS A CONTENT EXAMPLE (NO DLT) 16 Anti Counterfeiting as Identity Application – Chain of Custody Step 1 – Build Chain of Trust MANUFACTURER Step 2 – Track and Trace Authorized participants MANUFACTURER Package DID Hand-off claims Verify Delivery Chain Auth Handler claims
  17. 17. www.luxoft.com IDENTITY AS A CONTENT APPs (WITH DLT) 17 DECENTRALIZED IDENTITY LEDGER DEFs / SCHEMAS DIDs “Orchestration” Use-Cases • Multi-Party Business Process • Order of activities is well defined • Strong pre-conditions & dependencies • Relationships and Attestations serve as “Checkboxes” • Strong Privacy requirements / preferences Rules State DLT• Buying & Selling: Property, Cars, … • Healthcare • Supplier Management
  18. 18. www.luxoft.com SUMMARY Decentralized Ecosystems Require Robust Decentralized Identity Layer 18 SELF SOVEREIGN IDENTITY – A KEY TO SCALABLE DLT USE-CASES • Reliable Identity is required for any use-case • Conventional methods are not privacy protecting and don’t scale well • GDPR and other PII related legislations make life difficult IDENTITY IS MORE THAN NAME AND ADDRESS • Personal/Entity Attributes are Use-Case Specific • Rewards, Loyalty, Credit, etc • Don’t share more than necessary • Great way to turn “KYC” expense into revenue Blockchain is a team’s sport - Use standards and contribute back!
  19. 19. www.luxoft.com Questions?
  20. 20. www.luxoft.com 20 SOURCES AND REFERENCES: 1. DIF - http://identity.foundation/ 2. Universal Resolver - https://github.com/decentralized-identity/universal-resolver 3. W3C: 1. Verifiable Claims - https://www.w3.org/2017/vc/WG/ 2. DID Spec - https://w3c-ccg.github.io/did-spec/ 4. Sovrin - https://sovrin.org/ 5. Trusted IoT Alliance - https://www.trusted-iot.org/

×