Do we sacrifice privacy in self-sovereign identity implementations?

For me, Self-Sovereign Identity (SSI) is about privacy for the user. We need the same privacy level in the digital world as in the physical world. At the moment, privacy is under siege, also in the SSI community.
On the one hand, the community is taking shortcuts and sacrifice privacy to solve tricky technical challenges, like revocation or minimal disclosure. On the other hand, compromises are made to please existing systems.
We are on an inflexion point of SSI. A lot of projects are underway, and the topic attracts more and more startups and companies. If architecture- and standardization decisions made “wrong”, we end up with just another federated identity. It can end even worse. We need to raise more awareness in the SSI community regarding privacy.
A simple privacy test.
The most straightforward test compares a digital identity system’s privacy with physical documents’ privacy level. If it provides less privacy, it did not fit the purpose.
A simple example. If you show your physical driving licence at some entrance, the issuing authority doesn’t know about it. And the person at the checkpoint doesn’t know if your driving licence was ever revoked or can check revocation in the future.

SURVEY RESULTS: Requirements for a revocation method in an SSI system

I was running a survey to collect the requirements for a revocation method in an Self-Sovereign Identity (SSI) system. The survey was sent to people in the SSI practice.

If you interested in the questions, here is the link

The survey had two sections. The first was about privacy aspects, and the second on physical requirements like storage or computational effort.

Here are the results without many comments.

Continue reading “SURVEY RESULTS: Requirements for a revocation method in an SSI system”

Am I a Self-Sovereign Identity system?

It can be challenging to decide if a Digital Identity system is a Self-Sovereign Identity (SSI) system or a central Digital Identity system. The question “Am I a SSI system?” can be tricky to answer.

Providers claiming their solution is SSI based, and of course use Blockchain – never let go a buzzword. The claim cannot be proofed, there is no assessment framework and no standard definition for a SSI system.

Even if a solution is based on “SSI” open source frameworks like Hyperledger Indy, it is not said that it is a SSI system. A single “short cut” in the implementation and all self-sovereignty is gone. SSI principles can be weakened because of technology limitations or process requirements. And sometimes claimed SSI solutions are not even close to SSI or even Identity.

A simple, yes it is SSI, is not enough. There are blurry lines and differences in implementations. The answer, NO it is not a SSI solution, is easier because there are certain KO criteria’s.

So how you can make an assessment? The question is bothering me for some month.

Continue reading “Am I a Self-Sovereign Identity system?”

Self-Sovereign Identity – Ich gehe wieder studieren

Seit meinem letzten Post ist einige Zeit vergangen.

Im Frühjahr habe ich ein Research Proposal im Bereich Self-Soverreign Identity (SSI) eingereicht. Ich werde mich in diesem Bereich weiter vertiefen und im Speziellen die Reife von kryptografische Akkumulatoren für die Verwendung beim Widerruf von Dokumenten in SSI Systemen zu untersuchen.

Alles verstanden? Keine Angst Ich auch noch nicht 😉

Das Proposal angenommen und seit September bin ich Doktorant an der Universität Wien in der Forschungsgruppe “Security and Privacy” https://sec.cs.univie.ac.at/.

Continue reading “Self-Sovereign Identity – Ich gehe wieder studieren”

Gray Rhinos, Corona and Blockchain

“A gray rhino is a highly probable, high impact yet neglected threat” – Michele Wecker

Currently, we are facing a grey rhino situation, the outbreak of the Corona-COVID19 disease. It is highly probable, we have outbreaks about every 4 years, it has a potentially high impact and we neglected the threat.

The article highlight how Blockchain technology can help to design a more resilient IT architecture to ensure availability of critical digital infrastructures like banking services or public sector services. I consider streaming services and e-commerce not as crucial.

Continue reading “Gray Rhinos, Corona and Blockchain”

Blockchain – Der Nebel lichtet sich

Ist die Blockchain Technologie / DLT (Distributed Ledger Technologie) die Lösung für alles? Oder doch nur ein Hype der vorüber geht? Die Wahrheit liegt irgendwo in der Mitte.

In den letzten Jahren hat sich die Technologie vom Hype zu einem “soliden” Technologiebaustein entwickelt. Es haben sich Anwendungen herauskristallisiert in denen die Technologie ganz neue Geschäftsmodelle und Architekturen ermöglicht.

Continue reading “Blockchain – Der Nebel lichtet sich”

Why Bitcoin will not replace our current “money-system” but can help to fix it

garage-943249_1280

The “money system” in the western world is a good thing. It enabled the wealth we have. Without these system the growth in the last century would not been possible. The problem is that single institutions, politicians and individuals abuse the system for their advantage.

Replacing our money system with Bitcoin is in my opinion not possible. But with Bitcoin came a beautiful technology, the Blockchain. The Blockchain can help to set up our money system more transparent, leaner and more resistant against fraud.

Let’s have a closer look why I don’t believe that Bitcoin replace our money system.

Continue reading “Why Bitcoin will not replace our current “money-system” but can help to fix it”

Ethereum and the hard fork discussion, what we can learn from

Lots of discussion in forums and in the press are going on about the hard fork decsission from Ethereum because of the DAO issue.
I read a lot and thought a lot about the decision but I did not come to an opinion if it is good or bad for the project.

The conclusion I have is another one. The Blockchain is great, because nobody can make a rollback, correction, whatever hidden from the outside world! If they make changes they need to make it fully transparent AND if most of the nodes did not agree, it will not happen.

Other learnings:

  • We are at the beginning of using the technology and mistakes can happen
  • With Blockchain technology changes cannot be hidden from public
  • Human middleman or controlling instances will not be replaced fully from technology