Technology

Web based DID methods belong to the family of federated identity methods, not Self Sovereign Identity

they also enable and encourage platform strategies, which has dramatic implications for personal usage, as well as Small and Medium Enterprises (SMEs). The result has been the Surveillance Industry, and a dependency of 95% of our economy on a few, large platform companies.

Today, nations and corporations conflate driver’s licenses, social security cards, and other state-issued credentials with identity; this is problematic because it suggests a person can lose his very identity if a state revokes his credentials or even if he just crosses state borders.

suffers from the same problem of centralized control, but it’s simultaneously very balkanized

suffers from the same problem of centralized control, but it’s simultaneously very balkanized: identities are piecemeal, differing from one Internet domain to another.

digital world becomes increasingly important to the physical world, it also presents a new opportunity; it offers the possibility of redefining modern concepts of identity.

might allow us to place identity back under our control

four broad stages since the advent of the Internet: centralized identity, federated identity, user-centric identity, and self-sovereign identity.

Unfortunately, granting control of digital identity to centralized authorities of the online world suffers from the same problems caused by the state authorities of the physical world: users are locked in to a single authority who can deny their identity or even confirm a false identity. Centralization innately gives power to the centralized entities, not to the users.

As the Internet grew, as power accumulated across hierarchies, a further problem was revealed: identities were increasingly balkanized. They multiplied as web sites did, forcing users to juggle dozens of identities on dozens of different sites — while having control over none of them.

Digital identities are owned by CAs, domain registrars, and individual sites, and then rented to users or revoked at any time.

PGP (1991) offered one of the first hints toward what could become self-sovereign identity. It introduced the ‘Web of Trust’1, which established trust for a digital identity by allowing peers to act as introducers and validators of public keys2. Anyone could be validator in the PGP model.

“Establishing Identity without Certification Authority” (1996), a paper by Carl Ellison that examined how digital identity was created3. He considered both authorities such as Certificate Authorities and peer-to-peer systems like PGP as options for defining digital identity. He then settled on a method for verifying online identity by exchanging shared secrets over a secure channel. This allowed users to control their own identity without depending on a managing authority

Microsoft’s Passport (1999) initiative was one of the first. It imagined federated identity, which allowed users to utilize the same identity on multiple sites. However, it put Microsoft at the center of the federation, which made it almost as centralized as traditional authorities.

turn of the century when a variety of commercial organizations moved beyond hierarchy to debalkanize online identity in a new manner.

Federation improved on the problem of balkanization: users could wander from site to site under the system. However, each individual site remained an authority

“the assumption that every individual ought to have the right to control his or her own online identity”. The ASN group felt that Passport and the Liberty Alliance could not meet these goals because the “business-based initiatives” put too much emphasis on the privatization of information and the modeling of users as consumers.

a new term that countered the server-centric model of centralized authorities: user-centric identity. The term suggests that users are placed in the middle of the identity process

It’s central authorities all over again. Worse, it’s like state-controlled authentication of identity, except with a self-elected “rogue” state. In other words: being user-centric isn’t enough.

self-sovereign identity has also entered the sphere of international policy17. This has largely been driven by the refugee crisis that has beset Europe, which has resulted in many people lacking a recognized identity due to their flight from the state that issued their credentials. However, it’s a long-standing international problem, as foreign workers have often been abused by the countries they work in due to the lack of state-issued credentials.

Self-sovereign identity is the next step beyond user-centric identity and that means it begins at the same place: the user must be central to the administration of identity.

To accomplish this, a self-sovereign identity must be transportable; it can’t be locked down to one site or locale

must also allow ordinary users to make claims, which could include personally identifying information or facts about personal capability or group membership

can even contain information about the user that was asserted by other persons or groups.

A self-sovereign identity must defend against financial and other losses, prevent human rights abuses by the powerful, and support the rights of the individual to be oneself and to freely associate

Ten Principles of Self-Sovereign Identity Permalink

Users must have an independent existence. Any self-sovereign identity is ultimately based on the ineffable “I” that’s at the heart of identity. It can never exist wholly in digital form

A self-sovereign identity simply makes public and accessible some limited aspects of the “I” that already exists.

Existence

Control

Access

Transparency

Persistence

Portability

Interoperability

Consent

Minimalization

Protection

Users must control their identities

They should always be able to refer to it, update it, or even hide it. They must be able to choose celebrity or privacy as they prefer.

other users may make claims about a user, but they should not be central to the identity itself.

Users must have access to their own data.

lways be able to easily retrieve all the claims and other data within his identity. There must be no hidden data and no gatekeepers

Systems and algorithms must be transparent

Identities must be long-lived.

Information and services about identity must be transportable

Identities should be as widely usable as possible

Users must agree to the use of their identity.

Disclosure of claims must be minimized

The rights of users must be protected

must be open, both in how they function and in how they are managed and updated.

algorithms should be free, open-source, well-known, and as independent as possible of any particular architecture; anyone should be able to examine how they work

This must not contradict a “right to be forgotten”; a user should be able to dispose of an identity if he wishes and claims should be modified or removed as appropriate over time.

Identities must not be held by a singular third-party entity, even if it’s a trusted entity that is expected to work in the best interest of the user. The problem is that entities can disappear — and on the Internet, most eventually do. Regimes may change, users may move to different jurisdictions. Transportable identities ensure that the user remains in control of his identity no matter what, and can also improve an identity’s persistence over time.

The goal of a 21st-century digital identity system is to make identity information widely available, crossing international boundaries to create global identities, without losing user control

sharing of data must only occur with the consent of the user.

disclosure should involve the minimum amount of data necessary to accomplish the task at hand. For example, if only a minimum age is called for, then the exact age should not be disclosed, and if only an age is requested, then the more precise date of birth should not be disclosed

there simply hasn’t been a way for us to be easily recognized by those with whom we already have a relationship. SSI promises exactly that,

Traditional, “siloed” identity is the simplest of the three models: an organization issues to you (or allows you to create) a digital credential that you can use to access its service.

typically established through the use of shared secrets, usually in the form of a username and a password, but sometimes extending to other “secrets” such as your birthday, mother’s maiden name, PINs, and so on. Sometimes shared secrets are augmented with additional factors such as physical tokens or biometrics.

typically stored within the organization’s data “silo,” a scenario that repeats for every organization, app, or website you log into. As a result, this model requires you to create and manage separate credentials for each relationship.

oldest digital identity relationship model and by far the most commonly used today.

helps the organization manage compliance, liability, and other risks by “keeping subjects close,” keeping data in-house, and directly controlling all the actors and workflows, which reduces risk when compared to relying on a third-party identity provider

breach of an organization using siloed identity can be catastrophic, exposing the personal data of millions.

siloed identity model has the worst customer experience of the three identity models

requires organizations to treat customers like strangers at the beginning of each interaction

With siloed identity, each organization must become somewhat of an identity and security expert, which can be a challenge for churches, local governments, schools, credit bureaus, and, frankly, most organizations. The result: over $4 trillion in annual fraud-related costs worldwide

Model #1: Siloed / Traditional

Model #2: Third-Party IDP

The IDP relationship model adds a third-party company or consortium to act as an “identity provider” (IDP)¹ between you and the organization or service you’re trying to access. The IDP issues the digital credential, providing a single sign-on experience with the IDP which can then be seamlessly used elsewhere, reducing the number of separate credentials you need to maintain.

you log in to the IDP, which then “federates” your login to the service you’re trying to access using protocols such as OAuth, SAML, or OpenID Connect. Trust between you and the IDP is maintained in the same manner as in siloed identity — typically through shared secrets — and may be fortified with additional factors to provide a higher level of assurance to the organization. Identity data is centralized in the IDP.

With social login, one of these tech giants serves as your IDP, but this option is acceptable only in lower-trust environments such as e-commerce, and not in high-trust environments such as banking.

simplifying authentication, reducing usernames and passwords, and improving customers’ experiences. In high-trust environments the IDP model has the potential to do the same — if it can garner more widespread adoption.

primary downside of the IDP model concerns high-trust applications, because a third party is inserted into the middle of every interaction, saying “Trust me.”

ceding of control and transfer of liability required in this three-way trust model is quite thorny. This is why, despite years of ongoing government efforts in the U.S. (NSTIC) and the U.K. (Gov.UK Verify), this model has not achieved significant adoption for high-trust, cross-context applications, such as using a bank credential at more than one bank

forces users to create a new relationship with a potentially unfamiliar IDP, separate from and in addition to the organization with which they’re trying to interact

IDP becomes a large trove of personal information, storing credentials and other data for all its clients’ employees and customers. The IDP also determines the limitations of data structures and schema and must maintain direct connections with all network participants, inhibiting flexibility and scalability. And as we’ve seen in the recent Facebook scandal over Cambridge Analytica, it is the IDP that sets the policies and goes about enforcing them (or not).

SSI begins with a digital “wallet” that contains digital credentials. This wallet is similar to a physical wallet in which you carry credentials issued to you by others, such as a passport, bank account authorization, or graduation certificate

SSI begins with a digital “wallet” that contains digital credentials. This wallet is similar to a physical wallet in which you carry credentials issued to you by others, such as a passport, bank account authorization, or graduation certificate, except these are digitally signed verifiable credentials that can cryptographically prove four things to any verifier: Who (or what) is the issuer; To whom (or what) it was issued; Whether it has been altered since it was issued; Whether it has been revoked by the issuer.

SSI begins with a digital “wallet” that contains digital credentials. This wallet is similar to a physical wallet in which you carry credentials issued to you by others, such as a passport, bank account authorization, or graduation certificate, except these are digitally signed verifiable credentials that can cryptographically prove four things to any verifier: Who (or what) is the issuer; To whom (or what) it was issued; Whether it has been altered since it was issued; Whether it has been revoked by the issuer.³ You can also carry self-signed credentials in your wallet, such as your preferences, opinions, legally binding consent, or other attestations you’ve made about anything.

You can also carry self-signed credentials in your wallet, such as your preferences, opinions, legally binding consent, or other attestations you’ve made about anything.

can be issued and digitally signed by any person, organization, or thing and used anywhere they are trusted

Organizations can choose to trust only credentials they have issued, credentials issued by others, or some combination, according to their security and compliance needs

To exchange digital credentials securely and privately, one peer — any person, organization, or thing — can establish a direct, encrypted connection with another peer. This connection can remain persistent (as opposed to session-based) at the option of each peer.

You control what you share with others, whether an entire credential, part of a credential (called “claims”), or zero-knowledge proofs (ZKP) derived from a credential (explained below).

As in the real world, issuers can revoke credentials they’ve issued, but you’ll still possess them and they can continue to be useful, just as an expired driver’s license can be used to prove your age. With verifiable credentials, however, a new recipient will know when you present it whether or not it has been revoked, without needing to contact the issuer.

Stronger authentication

Great user experience:

benefits of SSI

shared secrets can be replaced with cryptographically secure, digitally signed credentials, you can exchange far stronger credentials, and more of them

authentication can occur out of band, you can open an app and already be signed in, or call your bank’s customer service without answering silly questions about your birthday, mother’s maiden name, SSN, and other personal info.

Phishing prevention

Private communication channel

Better relationships

Same liability model

authentication is mutual, when you get a suspicious call or message from someone, you can know for sure who it is, because you can authenticate your bank as strongly as they can authenticate you

out-of-band connection between SSI peers is private and secure — no intermediaries, encrypted end to end — it can be used for communication of any kind: text, voice, video, data sharing, and more

can occur out of band,

secrets can be replaced with cryptographically secure, digitally signed credentials

authentication is mutual

out-of-band connection between SSI peers

authentication happens passively behind the scenes, customers can be recognized and no longer treated as strangers at the beginning of each interaction, enabling a rich customization of each and every touchpoint

Because a bank, for example, can choose to accept only digitally signed credentials it has issued, SSI is no different than siloed identity from a liability perspective, meaning financial institutions and companies in other high-trust industries can utilize SSI without legal or compliance concerns.

can choose to accept only digitally signed credentials it has issued

ny person, organization, or thing can issue any kind of credential to any other person, organization or thing (“multi-source”)

shared with any other person, organization, or thing, and the authenticity of which can be immediately and easily verified (“multi-verifier”)

even spam becomes much more difficult

no tech giants needed as intermediaries

SSI has the important ability to strongly prove legal identity when desired, or enable trustworthy pseudonymity or anonymity when preferred

slowly replacing email as a means of communication; and educating and training staff, customers, and others

With bitcoin, for example, if you lose your private keys you lose your money, period. There is no “forgot password” option. SSI solutions will need a crutch analogous to password recovery if they are to become widely adopted

key management

“On the internet, nobody knows you’re a dog,” the famous New Yorker cartoon says

SSI is not a single breakthrough but many

only in science-fiction movies have we seen the types of user experiences that SSI will make possible

ritical for organizations to explore quantum communication technologies, such as quantum key distribution and quantum networks, to defend against threats and level the playing field by integrating quantum computing defense strategies into defense frameworks

the same power that accelerates progress also breaks existing data-protection techniques, putting global digital security at risk. It’s a double-edged future: Quantum is miraculous for analyzing data, but it’s also dangerous for protecting data—unless we prepare now

January 2025, Huang sent shockwaves through the tech sector when he said he believed quantum computing was likely at least 15 years away from having practical applications

This week, Huang addressed this area of technology again, offering a new take that starkly contrasts with his earlier one.

Huang predicted that “quantum computing is reaching an inflection point,”

“It is clear now we’re within reach of being able to apply quantum-classical computing in areas that can solve some interesting problems in the coming years.”

Quantum computing leverages the principles of quantum mechanics to perform computation tasks at a much higher rate than classical machines. This includes utilizing quantum bits of information, known as qubits, to solve complex problems.

Nvidia Quantum Day

a new generation of supercomputers is coming and that he expects every one to include a quantum processing unit (QPU) assigned, as well as a QPU connected to graphics processing units (GPUs), the hardware Nvidia is famous for building.

10 times more logical qubits every five years, 100 times more logical qubits every 10 years,” he added, comparing it to an observation from the co-founder of Intel, who predicted exponential growth for classical computing technology.

The computer, called IBM Quantum Starling, will be housed in its Poughkeepsie, N.Y.

have 20,000 times the computational power of today’s quantum computers

a fault-tolerant quantum computer will exist before the end of this decade

putting error-correction in detail on our roadmap because we believe now we’ve solved all the scientific challenges

Quantum computers are susceptible to instability, requiring quantum error correction—a technique that identifies and addresses errors in computations—and more broadly, quantum fault-tolerance, the ability to operate even with errors present.

companies racing to build a practical quantum computer, from tech giants like Microsoft and Google to quantum companies like D-Wave, Quantinuum and IonQ, IBM isn’t the only one that has promised a fault-tolerant computer by 2029

Amazon, with its Ocelot quantum computing chip, which it said can reduce quantum errors by up to 90%. Google is also focused on error correction with its Willow chip.

Quantum computers store information as quantum bits—otherwise known as qubits—which can exist as a zero and a one at the same time and so are much richer objects than the binary digits that ordinary computers use. That makes them capable of much more powerful types of computations than ordinary computers, and could mean they can help engineer materials at the molecular level, or even crack the defenses used to secure the internet.

major problems is that qubits generate errors as they tackle problems. They’re fragile, and susceptible to “noise,” essentially small environmental disturbances that can force them out of their quantum state.

2029 timeline stems from two recent developments: further advances in a new approach to reducing errors called “quantum low-density parity check” or qLDPC codes, plus a technique for identifying and correcting errors in real-time using conventional computing.

SEEQC is expected to announce a collaboration with IBM this week as part of the U.S. Defense Advanced Research Projects Agency’s Quantum Benchmarking Initiative, which is aimed at evaluating quantum companies’ ability to achieve utility-scale operation. As part of the partnership, the two companies will work to shrink and consolidate IBM’s racks of control hardware by transferring some control and readout elements directly onto a chip

SEEQC manufactures its own quantum chips, known as integrated QPUs, in a factory in Elmsford, N.Y.

IBM is releasing more detailed plans for its large-scale quantum computer at this point because it hopes to spur developers’ interest in creating quantum algorithms—a key part of the software that will run on quantum computers. That’s critical to achieving a return on investment for quantum computers, a metric that matters to businesses, Gambetta said.

at this point, it’s not clear how IBM’s breakthroughs “translate into tangible business value,” and the transformative potential of fault-tolerant quantum computers is still speculative

Dekate said. “The reality in quantum is that we are not yet at the ChatGPT-like moment where the technology, algorithms and impact become visceral and undeniable.”