Post on 21-Jan-2018
Self-Sovereign Identities &
Relying on Third Party Data
BLOCKCHAIN
IN EDUCATIONseptember 5th, 2017, Groningen.
Who I am?
1
15+ years of experience in InfoSec, focusing on
Governance, Risk Management, Compliance (GRC),
designing (automated support for) information processes,
designing information architectures (ontologies, terminologies)
Member of the Supervisory Board of
Expert for ISO JTC1/SC27 WG1 (ISO 2700x series of standards)
kaartje
Rieks Joosten
Senior Researcher+31 622 901 317
rieks.joosten@tno.nl
What I expect of you (for now):
You know the basics of
block chains
identity
semantics
2
Preface – Education and Identity
“Identity” is often used to refer to the mission of the educator,
or to what makes its method or school unique.
Our focus is on electronic identity, referring (e.g.) to
userIDs for pupils/students, teachers, parents
but also: locations, courses, schools, organizations,
organizational units, domains/sectors, etc.
attributes associated with such identifiers.
Applications that use this stuff include:
enrolment, transfer of student, “stagecontracten”, ‘passend onderwijs’,
online learning, digital exams, studying at different institutions,
access control (logical AND physical) (also for parents)
LAS, LVS, scheduling systems, presence registrations
back office process support (interfacing e.g with Studielink, DUO,
leerplicht ambtenaar, SVB, tax office, etc.)
3
Identity landscape (Jan 2017)
4
Block Chains / DLs
is (like any other)
that has
and
5
Technology
potential for solving problems
to create
problems Technologyis neither good, nor
bad,nor is it neutral.
Melvin Kranzberg
BC’s and Identity – 5 min. on Google
2WAY.IO
Air
Atencoin
Authenteq
Banqu
BlockAuth
Blockstack
BitID
Bitnation
Blockverify
Cambride BC LCC
Case
CertCoin
ChainAnchor
CheapID
6
Namecoin
NameID
Netki
OneName
OIX
OIXNet
Pillar Project
Redd-ID
SecureKey
Schluss
ShoCard
Spidchain
Trybinu
UniquID
uPort
Cicada
Civic
Credits
CredyCo
Cryptid
EtherID
ENS
Evernym (Sovrin)
ExistenceID
Guardtime’s BLT
HYPR
Identifi
IDKeys
KYC-Chain
Mooti
Topics
Preface- Education, Identity and Block Chain?
Self-Sovereign Identity Framework (SSIF)i.e. an infrastructure
that supports acquisition and dissemination
of verified and validated data
to enable parties to engage in ‘EBT’s.
Electronic Business Transactions (EBTs)- What information is needed?
- What can computers (not) do?
- What can block chains (DLs) do (and what not)?
Where we are now,
where do we want to go next, and
do you want to join us in this journey?
Self-Sovereign Identity Framework
SSIF is an initiative of a consortium within Techruption*, involving:
8*) Techruption Blockchain Project (2017-2019) is a Dutch national public-private partnership
project that is part of the Techruption Program of the Brightlands Smart Campus.
What is ‘Self-Sovereign Identity’?
Christopher Allen (April 2016): “There is no consensus”:
(http://www.coindesk.com/path-self-sovereign-identity/)
We take it to mean something like this:
From the user perspective:
I can construct/collect my own digital identity;
My privacy is ensured (unless I break it);
...
From the service provider perspective:
I decide what (kinds of) data I need;
I decide whom I trust to issue such data;
...
9
SSIF supports Electronic Business Transactions from these perspectives.
SSIF – Fundaments
Design & Engineering Methodology for Organizations
DEMO (Dietz, J., TU-Delft);
TNO’s Terminology specification method
for constructing and maintaining ‘definitions’ (terminology)
that demonstrably mean the same thing
for all parties that are involved
in a particular context, so that
the can precisely define
their semantics.
semantic web technology
e.g. RDF(S), JSON-LD, etc.
10
initiator executor
Electronic Business TRANSACTIONS
11Source: Dietz, J. “DEMOSL-3 DEMO Specification Language, v3.6, February 2017”
requ
est
quit
de
cline
pro
mise
re
ject
acc
ept
state
stop
Phase 1 – proposition phase:
Initiator and executor negotiate
the transaction agreement, and
decide to either quit, or commit.
Phase 2 – execution phase:
parties fulfil their obligations
Phase 3 – result phase:
Executor and initiator negotiate
acceptance of the results, and
decide to either accept, or escalate.
DEMO: Design & Engineering Methodology for Organizations
In Education, ‘businesses’ are schools, institutions,
governmental bodies (e.g. DUO, MinOCW), etc.
Electronic BUSINESS Transactions
A business will generally commit to a transaction when
the value of what it gets outweighs the value of what it invests;
the risk of engaging in the transaction is acceptable;
the position you have in case of a dispute, is sufficiently good.
Committing to a transaction is a business decision that requires
data (statements, e.g. about the customer);
business logic (that processes this
data to reach a conclusion);
data and business logic to be valid.
12
Invalid business decisions
increase business risk
ELECTRONIC Business Transactions
are transactions in which
business decisions are taken by computers/software,
i.e. decisions about whether or not to
commit to a transaction proposal (agreement, contract);
accept the results of the execution phase;
escalate (to some conflict resolution mechanism).
13
Validity (of Statements)
The meaning of a statement is
subjective, thus requiring the
business to decide this:
if not, there is incoherence;
generally accepted meanings
can be used;
ontologies may need to be
specified.
The truth of a statement is also
subjective, thus requiring the
business to decide this, e.g.:
after (proper) investigation;
by relying on what others say
(that are trusted to state this).
14
Caroll, L.: Alice’s Adventures in Wonderland, 1865
Electronic and Non-electronic Actors
User: Non-electronic Actor that operates a Client and optionally a Mobile Agent.
Service Supplier: Non-electronic Actor that is capable of supplying a (digital) service or (digital)
product by means of a Relying Party.
Mobile Agent (MA): Electronic Actor that is capable of (a) obtaining attestations from
Attestation Providers, (b) storing attestations in a Wallet, (c) issuing attestations and (d)
providing attestations to Relying Parties, on behalf of a specific User.
Relying Party (RP): Electronic Actor that acts as a proxy for a Business Party, in the role of the
Transaction executor, for the provisioning of some (digital) service or (digital) product.
Client: Electronic Actor that acts as a proxy for a User, in the role of Transaction Initiator, for the
purpose of obtaining some (digital) service or (digital) product.
Electronic Actor: Agent, acting as a proxy for a Non-electronic Actor.
Non-electronic Actor: Actor, not being an Electronic Actor. 15
User (actor)
MA (actor) RP (actor)
RP
Policy
DL (actor)
MA
Policy
Service Supplier (actor)
Client (actor)
Actor: Entity
that can do/make
things, e.g. people,
organizations, and
machines.
Agent: Actor,
embodied as a SW
component running
on a computing
device.
Electronic Actor Policies
MA Policy:
a machine readable set of data
that guides a Mobile Agent
with respect to what it can and cannot do
without explicitly asking the User.
16
User (actor)
MA (actor) RP (actor)
RP
Policy
DL (actor)
MA
Policy
Service Supplier (actor)
Client (actor)
RP Policy:
a machine readable set of data
that guides a Relying Party
to construct Business Arguments
for taking Commitment Decisions
in Electronic Business Transactions.
Electronic Actors take their instructions not only from their program code, but also from
Non-electronic Actors – through (graphic or other) user interfaces
Policies – machine readable data that guide them for a particular (set of) purpose(s)
obtain missing statements and/or attestations
Putting SSIF to work in online Transaction
17
check for revocations (and other things, tbd)
Client / MARelying Party
(of Svc Supplier)
transaction request
list of statement types
and attestation specs
co
llect sta
tem
en
ts
(an
d a
tte
sta
tio
ns)
list of statements
and attestations
ok (or not ok)
Attestation
Provider (RP)
co
nstr
uct va
lid
arg
um
en
t, th
en
co
mm
it
(or
de
clin
e).
DL
(Blockchain)
store revocation
18
We d
o h
ave
more
de
tail.
..
Other* SSIF Functions
Function Description
AP (Att.
Provider)
Relying Party, that acts as a proxy for an Attestation Issuer, for the
provisioning/issuance of Attestations to Mobile Agents.
AA (Adv.
Agent)
Relying Party, that acts as a proxy for an Attestation Issuer (AI) for the
advertisement of kinds of Attestations that the AI is willing and capable of
providing through (one of its) APs.
AA Reg Relying Party, that acts as a proxy for some Business Party, for the
registration of Attestation Advertisers.
Wallet Agent, whose function is to store Statements (e.g. Attestations) that are
controlled by the Non-electronic Actor that is accountable (i.e.: can be
sued) for all use that is made of it.
DL Agent Agent, that, together with other Agents that have the same functionality,
and geographically spread across multiple sites, countries or institutions,
collectively maintain a consensus of replicated, shared, and synchronized
digital data (i.e. a Distributed Ledger), the important characteristic of
which is that digital data that is committed to, cannot be denied.
19
*) The SSIF functions ‘Client’, ‘RP’ and ‘MA’ have already been defined.
Status of SSIF Infrastructure
Basic terminology is in place (and in use)
Functional components have been identified
(and we have an idea about their functionalities).
High-level flows for creating, using, and revoking SSIs and
attestations have been established.
Implementation experiments are underway – we expect to see
some kind of PoC in a couple of weeks.
The ideas in the Sovrin framework really match with our ideas;
we will be seeking some kind of collaboration between us.
20
Where to go next
Technically – build stuff
Businesswise – conduct experiments in different domains/sectors
that show added (business) value, and/or how to create new value.
21
Infrastructure
that is not used
has no use.
Do you want to journey along?
Writing valid RP-policies (business logic/arguments)
may not be that easy, perhaps because
it requires good (knowledge of) semantics
it requires high precision (RP’s are electronic agents)
22
How about a playground where we can experiment:
- creating and operating such policies;
- find out what works and what does not;
- devise RP-policy specification methods that work;
- find new ways to conduct business.
23
24
Caroll, L.: Alice’s Adventures in Wonderland, 1865
25
Het is erg makkelijk om
dingen moeilijkte makenmaar erg
moeilijk om dingen
makkelijk te maken.
While it is very easy to make
things difficult, it is very
difficult to make things easy.
While it is very easy to make things difficult,
it is very difficult to make things easy.
MBO Informatie Encyclopedie (http://www.informatie-encyclopedie.nl)
This Is What Neat Stuff Looks Like
26
‘Educational’ Transactions include:
enrolments of various kinds, e.g.
as a student/teacher, course-taker, exam-taker, “stage”
obtaining services of different sorts, e.g.
online learning (at various institutions), digital exams,
access control (logical AND physical), e.g.
buildings/rooms/labs, (parental) access to school-websites
administrative transactions, e.g.
in a LAS, LVS, scheduling systems, presence registrations
backoffice transactions, e.g.
with Studielink, DUO, leerplicht ambtenaar, SVB, tax office
27
Electronic BUSINESS* Transactions
businesses* need to decide whether or not to
commit to a transaction proposal (agreement, contract);
accept the results of the execution phase;
escalate (to some conflict resolution mechanism).
a decision is based on an argument that uses ‘business logic’
(which is some way of reasoning that is not necessarily formal).
an argument uses statements that the ‘business logic’
combines and uses to reach a conclusion (decision).
statements consist of data that refer to entities (identifiers)
and/or state some properties thereof (attributes).
28
Invalid business decisions seriously increase business risk
*) In Education, ‘businesses’ include schools, institutions, governmental
bodies (e.g. DUO, MinOCW), etc.
Validity of Business Decisions
A business decision is valid if the underlying argument is valid.
An argument is valid if
(1) the business logic is valid and
(2) the statements are valid.
A business logic is valid if
the business has decided this.
(how to decide this is not trivial,
but out of scope for now)
A statement is valid if
(1) its meaning is known and
(2) the statement is true.
29
Validity of Statements
The meaning of a statement is
subjective, thus requiring the
business to decide this:
if not, there is incoherence;
generally accepted meanings
can be used;
ontologies may need to be
specified.
The truth of a statement is also
subjective, thus requiring the
business to decide this, e.g.:
after (proper) investigation;
by relying on what others say
(that are trusted to state this).
30
Caroll, L.: Alice’s Adventures in Wonderland, 1865
Transaction Proposal Commitment
A participant will commit to a transaction (agreement) when
this agreement (implicitly or explicitly):
contains all of the participants obligations/duties*;
contains all of the participants expectations/rights*;
the participant has decided that:
the value of his expectations outweigh the value of the obligations;
the risk when having committed is at an acceptable level.
Depending on the risks that the participant has identified,
he may decide to specifically add items to the agreement, e.g.
criteria for (non)acceptance of the transaction
data that allows him to (successfully) escalate*.
31
The information need of a participant =
all information that (s)he needs in order to commit to the transaction.
*) Here is a link with common ways of conflict resolution.
The SSIF infrastructure aims to:
enable individuals
to create and control digital identities (‘self-sovereign’)
for themselves, for ‘things’ and other entities
to use such SSI’s in electronic business transactions
in various domains, including education, work, etc.
enable business parties (including governments)
to specify and implement IT solutions (e.g. apps)
for conducting electronic business transactions:
and to create, control and use digital identities
in a way similar to that of individuals
Current work focused on Electronic Business Transactions (EBT)
32
What is ‘Self-Sovereign Identity’?
... With all that said, what is self-sovereign identity exactly?
The truth is that there’s no consensus.
(Christopher Allen, http://www.coindesk.com/path-self-sovereign-identity/, April 2016)
Here are some statements of what people seem to want:
Users can construct/collect their own digital identity;
Users can use such digital identities in different digital contexts;
Users control which attributes/attestations they share with whom;
Attestations (to parts of a digital identity) are cryptographically secured;
Users are entitled to store, move, correct, obfuscate, and delete
(parts of) their digital identities
...
We shall use the term ‘Self-Sovereign Identity’ or SSI
to refer to digital identities that have properties such as these.
33
Towards a SSI-Framework (SSIF)
In order to make SSIs work (in different contexts), we probably need e.g.
a technical infrastructure that
supports the creation, use, modification and deletion of SSI’s;
supports the association and revocation of attestations to SSI’s;
interoperates with well-known identity products, frameworks, protocols;
...
a governance framework that
defines and maintains the SSIF’s purpose
ways and directions in which it may be developed further
...
a conceptual model that can be used for reasoning about SSIs
and their use
...
We shall use the term ‘Self-Sovereign Identity Framework’ or SSIF
to refer to a framework that specifies how these needs can be fulfilled.
34
The SSIF infrastructure aims to:
enable individuals
to create and control digital identities (‘self-sovereign’)
for themselves, for ‘things’ and other entities
to use such SSI’s in electronic business transactions
in various domains, including education, work, etc.
enable business parties (including governments)
to specify and implement IT solutions (e.g. apps)
for conducting electronic business transactions:
and to create, control and use digital identities
in a way similar to that of individuals
Current work focused on Electronic Business Transactions (EBT)
35
Requirements to achieve these aims:
The requirement to support electronic business transactions
in the end, 100% precision is required.
The requirement to support electronic business transactions
business transactions appear at the information level;
technical/electronic/blockchain transactions are data.
The requirement to support electronic business transactions
we need clear terminology concerning
what a transaction is;
what it takes to commit;
the differences for the various levels at which they exist
(e.g. business, process, technical).
36
SSIF – Fundaments
Transaction model cf DEMO (Dietz, J., TU-Delft)
(DEMO: Design & Engineering Methodology for Organizations)
Context is multi-party, multi-semantic.
Semantic interoperability is a prerequisite:
Semantics = a formal mapping between ‘meaning’ (information)
and its representation (data).
At the technology level we’ll be using
semantic web technology.
At the human level, this is an issue
(e.g. between developers, business)
37
SSIF Semantics – Terminology needed?
SSIF Semantics – Terminology need?
What do you mean by ‘Car’?
40
Establishing a common terminology
If a term does not present any problems, use it!
If a term presents problems, then
discard all proposed definitions,
and iterate towards:
“common criteria”, i.e.
criteria that distinguishinstances
of a term from non-instances,
such that most people
evaluate it in the same way;
a demonstration of relevance
e.g. by applying it to use cases
and showing how it contributes to the resolution of issues;
after proper criteria have been established and relevance is shown,
a name/term can be selected to refer
to instances that satisfy the criteria.
41
Examples of results:
Term Description c.q. Criteria
Entity something that exists (physically or conceptually).
Actor Entity that is capable of acting, i.e. doing/making things.
Examples include people, organizations and machines.
Jurisdiction the scope of an operational mechanism that has the
power, right or authority to declare, interpret, apply, and
enforce compliance with rules/laws.
(this implies that accountability is catered for)
Legal Subject
(within a
jurisdiction)
an Actor that has rights, duties, etc. under the laws/rules
of that Jurisdiction, in particular the capacity to sue and
be sued.
42
Establishing terminology has consequences,
E.g.: being an Actor or a Legal Subject is
- a (non-persistent) property of Entities
rather than individual classes.
- these properties are independent of each other.
Helps to reconcile
different views that may
exist in a single use-case