Self-sovereign identity : decentralized digital identity and verifiable credentials / Alex Preukschat, Drummond Reed ; foreword by Doc Searls.

Format:

Book

Author/Creator:

Preukschat, Alex, author.

Reed, Drummond, author.

Contributor:

Searls, Doc, writer of foreword.

Language:

English

Subjects (All):

Blockchains (Databases).

Database security.

Online identities.

Physical Description:

1 online resource (552 pages)

Place of Publication:

Shelter Island, NY : Manning, [2021]

Summary:

In Self-Sovereign Identity: Decentralized digital identity and verifiable credentials, you'll learn how SSI empowers us to receive digitally-signed credentials, store them in private wallets, and securely prove our online identities. Summary In a world of changing privacy regulations, identity theft, and online anonymity, identity is a precious and complex concept. Self-Sovereign Identity (SSI) is a set of technologies that move control of digital identity from third party "identity providers" directly to individuals, and it promises to be one of the most important trends for the coming decades. Personal data experts Drummond Reed and Alex Preukschat lay out a roadmap for a future of personal sovereignty powered by the Blockchain and cryptography. Cutting through technical jargon with dozens of practical cases, it presents a clear and compelling argument for why SSI is a paradigm shift, and how you can be ready to be prepared for it. About the technology Trust on the internet is at an all-time low. Large corporations and institutions control our personal data because we've never had a simple, safe, strong way to prove who we are online. Self-sovereign identity (SSI) changes all that. About the book In Self-Sovereign Identity: Decentralized digital identity and verifiable credentials, you'll learn how SSI empowers us to receive digitally-signed credentials, store them in private wallets, and securely prove our online identities. It combines a clear, jargon-free introduction to this blockchain-inspired paradigm shift with interesting essays written by its leading practitioners. Whether for property transfer, ebanking, frictionless travel, or personalized services, the SSI model for digital trust will reshape our collective future. What's inside The architecture of SSI software and services The technical, legal, and governance concepts behind SSI How SSI affects global business industry-by-industry Emerging standards for SSI About the reader For technology and business readers. No prior SSI, cryptography, or blockchain experience required. About the authors Drummond Reed is the Chief Trust Officer at Evernym, a technology leader in SSI. Alex Preukschat is the co-founder of SSIMeetup.org and AlianzaBlockchain.org. Table of Contents PART 1: AN INTRODUCTION TO SSI 1 Why the internet is missing an identity layer-and why SSI can finally provide one 2 The basic building blocks of SSI 3 Example scenarios showing how SSI works 4 SSI Scorecard: Major features and benefits of SSI PART 2: SSI TECHNOLOGY 5 SSI architecture: The big picture 6 Basic cryptography techniques for SSI 7 Verifiable credentials 8 Decentralized identifiers 9 Digital wallets and digital agents 10 Decentralized key management 11 SSI governance frameworks PART 3: DECENTRALIZATION AS A MODEL FOR LIFE 12 How open source software helps you control your self-sovereign identity 13 Cypherpunks: The origin of decentralization 14 Decentralized identity for a peaceful society 15 Belief systems as drivers for technology choices in decentralization 16 The origins of the SSI community 17 Identity is money PART 4: HOW SSI WILL CHANGE YOUR BUSINESS 18 Explaining the value of SSI to business 19 The Internet of Things opportunity 20 Animal care and guardianship just became crystal clear 21 Open democracy, voting, and SSI 22 Healthcare supply chain powered by SSI 23 Canada: Enabling self-sovereign identity 24 From eIDAS to SSI in the European Union

Contents:

Intro

Self-Sovereign Identity

Copyright

dedication

contents

front matter

preface

acknowledgments

about this book

Who should read this book

About the code

liveBook discussion forum

Other online resources

about the authors

about the cover illustration

Part 1 An introduction to SSI

1 Why the internet is missing an identity layer-and why SSI can finally provide one

1.1 How bad has the problem become?

1.2 Enter blockchain technology and decentralization

1.3 The three models of digital identity

1.3.1 The centralized identity model

1.3.2 The federated identity model

1.3.3 The decentralized identity model

1.4 Why "self-sovereign"?

1.5 Why is SSI so important?

1.6 Market drivers for SSI

1.6.1 E-commerce

1.6.2 Banking and finance

1.6.3 Healthcare

1.6.4 Travel

1.7 Major challenges to SSI adoption

1.7.1 Building out the new SSI ecosystem

1.7.2 Decentralized key management

1.7.3 Offline access

References

2 The basic building blocks of SSI

2.1 Verifiable credentials

2.2 Issuers, holders, and verifiers

2.3 Digital wallets

2.4 Digital agents

2.5 Decentralized identifiers (DIDs)

2.6 Blockchains and other verifiable data registries

2.7 Governance frameworks

2.8 Summarizing the building blocks

3 Example scenarios showing how SSI works

3.1 A simple notation for SSI scenario diagrams

3.2 Scenario 1: Bob meets Alice at a conference

3.3 Scenario 2: Bob meets Alice through her online blog

3.4 Scenario 3: Bob logs in to Alice's blog to leave a comment

3.5 Scenario 4: Bob meets Alice through an online dating site

3.6 Scenario 5: Alice applies for a new bank account

3.7 Scenario 6: Alice buys a car

3.8 Scenario 7: Alice sells the car to Bob

3.9 Scenario summary

Reference.

4 SSI Scorecard: Major features and benefits of SSI

4.1 Feature/benefit category 1: Bottom line

4.1.1 Fraud reduction

4.1.2 Reduced customer onboarding costs

4.1.3 Improved e-commerce sales

4.1.4 Reduced customer service costs

4.1.5 New credential issuer revenue

4.2 Feature/benefit category 2: Business efficiencies

4.2.1 Auto-authentication

4.2.2 Auto-authorization

4.2.3 Workflow automation

4.2.4 Delegation and guardianship

4.2.5 Payment and value exchange

4.3 Feature/benefit category 3: User experience and convenience

4.3.1 Auto-authentication

4.3.2 Auto-authorization

4.3.3 Workflow automation

4.3.4 Delegation and guardianship

4.3.5 Payment and value exchange

4.4 Feature/benefit category 4: Relationship management

4.4.1 Mutual authentication

4.4.2 Permanent connections

4.4.3 Premium private channels

4.4.4 Reputation management

4.4.5 Loyalty and rewards programs

4.5 Feature/benefit category 5: Regulatory compliance

4.5.1 Data security

4.5.2 Data privacy

4.5.3 Data protection

4.5.4 Data portability

4.5.5 RegTech (Regulation Technology)

Part 2 SSI technology

5 SSI architecture: The big picture

5.1 The SSI stack

5.2 Layer 1: Identifiers and public keys

5.2.1 Blockchains as DID registries

5.2.2 Adapting general-purpose public blockchains for SSI

5.2.3 Special-purpose blockchains designed for SSI

5.2.4 Conventional databases as DID registries

5.2.5 Peer-to-peer protocols as DID registries

5.3 Layer 2: Secure communication and interfaces

5.3.1 Protocol design options

5.3.2 Web-based protocol design using TLS

5.3.3 Message-based protocol design using DIDComm

5.3.4 Interface design options

5.3.5 API-oriented interface design using wallet Dapps.

5.3.6 Data-oriented interface design using identity hubs (encrypted data vaults)

5.3.7 Message-oriented interface design using agents

5.4 Layer 3: Credentials

5.4.1 JSON Web Token (JWT) format

5.4.2 Blockcerts format

5.4.3 W3C verifiable credential formats

5.4.4 Credential exchange protocols

5.5 Layer 4: Governance frameworks

5.6 Potential for convergence

6 Basic cryptography techniques for SSI

6.1 Hash functions

6.1.1 Types of hash functions

6.1.2 Using hash functions in SSI

6.2 Encryption

6.2.1 Symmetric-key cryptography

6.2.2 Asymmetric-key cryptography

6.3 Digital signatures

6.4 Verifiable data structures

6.4.1 Cryptographic accumulators

6.4.2 Merkle trees

6.4.3 Patricia tries

6.4.4 Merkle-Patricia trie: A hybrid approach

6.5 Proofs

6.5.1 Zero-knowledge proofs

6.5.2 ZKP applications for SSI

6.5.3 A final note about proofs and veracity

7 Verifiable credentials

7.1 Example uses of VCs

7.1.1 Opening a bank account

7.1.2 Receiving a free local access pass

7.1.3 Using an electronic prescription

7.2 The VC ecosystem

7.3 The VC trust model

7.3.1 Federated identity management vs. VCs

7.3.2 Specific trust relationships in the VC trust model

7.3.3 Bottom-up trust

7.4 W3C and the VC standardization process

7.5 Syntactic representations

7.5.1 JSON

7.5.2 Beyond JSON: Adding standardized properties

7.5.3 JSON-LD

7.5.4 JWT

7.6 Basic VC properties

7.7 Verifiable presentations

7.8 More advanced VC properties

7.8.1 Refresh service

7.8.2 Disputes

7.8.3 Terms of use

7.8.4 Evidence

7.8.5 When the holder is not the subject

7.9 Extensibility and schemas

7.10 Zero-knowledge proofs

7.11 Protocols and deployments

7.12 Security and privacy evaluation

7.13 Hurdles to adoption.

References

8 Decentralized identifiers

8.1 The conceptual level: What is a DID?

8.1.1 URIs

8.1.2 URLs

8.1.3 URNs

8.1.4 DIDs

8.2 The functional level: How DIDs work

8.2.1 DID documents

8.2.2 DID methods

8.2.3 DID resolution

8.2.4 DID URLs

8.2.5 Comparison with the Domain Name System (DNS)

8.2.6 Comparison with URNs and other persistent Identifiers

8.2.7 Types of DIDs

8.3 The architectural level: Why DIDs work

8.3.1 The core problem of Public Key Infrastructure (PKI)

8.3.2 Solution 1: The conventional PKI model

8.3.3 Solution 2: The web-of-trust model

8.3.4 Solution 3: Public key-based identifiers

8.3.5 Solution 4: DIDs and DID documents

8.4 Four benefits of DIDs that go beyond PKI

8.4.1 Beyond PKI benefit 1: Guardianship and controllership

8.4.2 Beyond PKI benefit 2: Service endpoint discovery

8.4.3 Beyond PKI benefit 3: DID-to-DID connections

8.4.4 Beyond PKI benefit 4: Privacy by design at scale

8.5 The semantic level: What DIDs mean

8.5.1 The meaning of an address

8.5.2 DID networks and digital trust ecosystems

8.5.3 Why isn't a DID human-meaningful?

8.5.4 What does a DID identify?

9 Digital wallets and digital agents

9.1 What is a digital wallet, and what does it typically contain?

9.2 What is a digital agent, and how does it typically work with a digital wallet?

9.3 An example scenario

9.4 Design principles for SSI digital wallets and agents

9.4.1 Portable and Open-By-Default

9.4.2 Consent-driven

9.4.3 Privacy by design

9.4.4 Security by design

9.5 Basic anatomy of an SSI digital wallet and agent

9.6 Standard features of end-user digital wallets and agents

9.6.1 Notifications and user experience

9.6.2 Connecting: Establishing new digital trust relationships.

9.6.3 Receiving, offering, and presenting digital credentials

9.6.4 Revoking and expiring digital credentials

9.6.5 Authenticating: Logging you in

9.6.6 Applying digital signatures

9.7 Backup and recovery

9.7.1 Automatic encrypted backup

9.7.2 Offline recovery

9.7.3 Social recovery

9.7.4 Multi-device recovery

9.8 Advanced features of wallets and agents

9.8.1 Multiple-device support and wallet synchronization

9.8.2 Offline operations

9.8.3 Verifying the verifier

9.8.4 Compliance and monitoring

9.8.5 Secure data storage (vault) support

9.8.6 Schemas and overlays

9.8.7 Emergencies

9.8.8 Insurance

9.9 Enterprise wallets

9.9.1 Delegation (rights, roles, permissions)

9.9.2 Scale

9.9.3 Specialized wallets and agents

9.9.4 Credential revocation

9.9.5 Special security considerations

9.10 Guardianship and delegation

9.10.1 Guardian wallets

9.10.2 Guardian delegates and guardian credentials

9.11 Certification and accreditation

9.12 The Wallet Wars: The evolving digital wallet/agent marketplace

9.12.1 Who

9.12.2 What

9.12.3 How

Reference

10 Decentralized key management

10.1 Why any form of digital key management is hard

10.2 Standards and best practices for conventional key management

10.3 The starting point for key management architecture: Roots of trust

10.4 The special challenges of decentralized key management

10.5 The new tools that VCs, DIDs, and SSI bring to decentralized key management

10.5.1 Separating identity verification from public key verification

10.5.2 Using VCs for proof of identity

10.5.3 Automatic key rotation

10.5.4 Automatic encrypted backup with both offline and social recovery methods

10.5.5 Digital guardianship

10.6 Key management with ledger-based DID methods (algorithmic roots of trust).

10.7 Key management with peer-based DID methods (self-certifying roots of trust).

Notes:

Description based on print version record.

Includes index.

ISBN:

9781638351023

1638351023

OCLC:

1259593342