Self-Sovereign Identities &

Relying on Third Party Data

BLOCKCHAIN

IN EDUCATIONseptember 5th, 2017, Groningen.

Who I am?

1

15+ years of experience in InfoSec, focusing on

Governance, Risk Management, Compliance (GRC),

designing (automated support for) information processes,

designing information architectures (ontologies, terminologies)

Member of the Supervisory Board of

Expert for ISO JTC1/SC27 WG1 (ISO 2700x series of standards)

kaartje

Rieks Joosten

Senior Researcher+31 622 901 317

rieks.joosten@tno.nl

What I expect of you (for now):

You know the basics of

block chains

identity

semantics

2

Preface – Education and Identity

“Identity” is often used to refer to the mission of the educator,

or to what makes its method or school unique.

Our focus is on electronic identity, referring (e.g.) to

userIDs for pupils/students, teachers, parents

but also: locations, courses, schools, organizations,

organizational units, domains/sectors, etc.

attributes associated with such identifiers.

Applications that use this stuff include:

enrolment, transfer of student, “stagecontracten”, ‘passend onderwijs’,

online learning, digital exams, studying at different institutions,

access control (logical AND physical) (also for parents)

LAS, LVS, scheduling systems, presence registrations

back office process support (interfacing e.g with Studielink, DUO,

leerplicht ambtenaar, SVB, tax office, etc.)

3

Identity landscape (Jan 2017)

4

Block Chains / DLs

is (like any other)

that has

and

5

Technology

potential for solving problems

to create

problems Technologyis neither good, nor

bad,nor is it neutral.

Melvin Kranzberg

BC’s and Identity – 5 min. on Google

2WAY.IO

Air

Atencoin

Authenteq

Banqu

BlockAuth

Blockstack

BitID

Bitnation

Blockverify

Cambride BC LCC

Case

CertCoin

ChainAnchor

CheapID

6

Namecoin

NameID

Netki

OneName

OIX

OIXNet

Pillar Project

Redd-ID

SecureKey

Schluss

ShoCard

Spidchain

Trybinu

UniquID

uPort

Cicada

Civic

Credits

CredyCo

Cryptid

EtherID

ENS

Evernym (Sovrin)

ExistenceID

Guardtime’s BLT

HYPR

Identifi

IDKeys

KYC-Chain

Mooti

Topics

Preface- Education, Identity and Block Chain?

Self-Sovereign Identity Framework (SSIF)i.e. an infrastructure

that supports acquisition and dissemination

of verified and validated data

to enable parties to engage in ‘EBT’s.

Electronic Business Transactions (EBTs)- What information is needed?

- What can computers (not) do?

- What can block chains (DLs) do (and what not)?

Where we are now,

where do we want to go next, and

do you want to join us in this journey?

Self-Sovereign Identity Framework

SSIF is an initiative of a consortium within Techruption*, involving:

8*) Techruption Blockchain Project (2017-2019) is a Dutch national public-private partnership

project that is part of the Techruption Program of the Brightlands Smart Campus.

What is ‘Self-Sovereign Identity’?

Christopher Allen (April 2016): “There is no consensus”:

(http://www.coindesk.com/path-self-sovereign-identity/)

We take it to mean something like this:

From the user perspective:

I can construct/collect my own digital identity;

My privacy is ensured (unless I break it);

...

From the service provider perspective:

I decide what (kinds of) data I need;

I decide whom I trust to issue such data;

...

9

SSIF supports Electronic Business Transactions from these perspectives.

SSIF – Fundaments

Design & Engineering Methodology for Organizations

DEMO (Dietz, J., TU-Delft);

TNO’s Terminology specification method

for constructing and maintaining ‘definitions’ (terminology)

that demonstrably mean the same thing

for all parties that are involved

in a particular context, so that

the can precisely define

their semantics.

semantic web technology

e.g. RDF(S), JSON-LD, etc.

10

initiator executor

Electronic Business TRANSACTIONS

11Source: Dietz, J. “DEMOSL-3 DEMO Specification Language, v3.6, February 2017”

requ

est

quit

de

cline

pro

mise

re

ject

acc

ept

state

stop

Phase 1 – proposition phase:

Initiator and executor negotiate

the transaction agreement, and

decide to either quit, or commit.

Phase 2 – execution phase:

parties fulfil their obligations

Phase 3 – result phase:

Executor and initiator negotiate

acceptance of the results, and

decide to either accept, or escalate.

DEMO: Design & Engineering Methodology for Organizations

In Education, ‘businesses’ are schools, institutions,

governmental bodies (e.g. DUO, MinOCW), etc.

Electronic BUSINESS Transactions

A business will generally commit to a transaction when

the value of what it gets outweighs the value of what it invests;

the risk of engaging in the transaction is acceptable;

the position you have in case of a dispute, is sufficiently good.

Committing to a transaction is a business decision that requires

data (statements, e.g. about the customer);

business logic (that processes this

data to reach a conclusion);

data and business logic to be valid.

12

Invalid business decisions

increase business risk

ELECTRONIC Business Transactions

are transactions in which

business decisions are taken by computers/software,

i.e. decisions about whether or not to

commit to a transaction proposal (agreement, contract);

accept the results of the execution phase;

escalate (to some conflict resolution mechanism).

13

Validity (of Statements)

The meaning of a statement is

subjective, thus requiring the

business to decide this:

if not, there is incoherence;

generally accepted meanings

can be used;

ontologies may need to be

specified.

The truth of a statement is also

subjective, thus requiring the

business to decide this, e.g.:

after (proper) investigation;

by relying on what others say

(that are trusted to state this).

14

Caroll, L.: Alice’s Adventures in Wonderland, 1865

Electronic and Non-electronic Actors

User: Non-electronic Actor that operates a Client and optionally a Mobile Agent.

Service Supplier: Non-electronic Actor that is capable of supplying a (digital) service or (digital)

product by means of a Relying Party.

Mobile Agent (MA): Electronic Actor that is capable of (a) obtaining attestations from

Attestation Providers, (b) storing attestations in a Wallet, (c) issuing attestations and (d)

providing attestations to Relying Parties, on behalf of a specific User.

Relying Party (RP): Electronic Actor that acts as a proxy for a Business Party, in the role of the

Transaction executor, for the provisioning of some (digital) service or (digital) product.

Client: Electronic Actor that acts as a proxy for a User, in the role of Transaction Initiator, for the

purpose of obtaining some (digital) service or (digital) product.

Electronic Actor: Agent, acting as a proxy for a Non-electronic Actor.

Non-electronic Actor: Actor, not being an Electronic Actor. 15

User (actor)

MA (actor) RP (actor)

RP

Policy

DL (actor)

MA

Policy

Service Supplier (actor)

Client (actor)

Actor: Entity

that can do/make

things, e.g. people,

organizations, and

machines.

Agent: Actor,

embodied as a SW

component running

on a computing

device.

Electronic Actor Policies

MA Policy:

a machine readable set of data

that guides a Mobile Agent

with respect to what it can and cannot do

without explicitly asking the User.

16

User (actor)

MA (actor) RP (actor)

RP

Policy

DL (actor)

MA

Policy

Service Supplier (actor)

Client (actor)

RP Policy:

a machine readable set of data

that guides a Relying Party

to construct Business Arguments

for taking Commitment Decisions

in Electronic Business Transactions.

Electronic Actors take their instructions not only from their program code, but also from

Non-electronic Actors – through (graphic or other) user interfaces

Policies – machine readable data that guide them for a particular (set of) purpose(s)

obtain missing statements and/or attestations

Putting SSIF to work in online Transaction

17

check for revocations (and other things, tbd)

Client / MARelying Party

(of Svc Supplier)

transaction request

list of statement types

and attestation specs

co

llect sta

tem

en

ts

(an

d a

tte

sta

tio

ns)

list of statements

and attestations

ok (or not ok)

Attestation

Provider (RP)

co

nstr

uct va

lid

arg

um

en

t, th

en

co

mm

it

(or

de

clin

e).

DL

(Blockchain)

store revocation

18

We d

o h

ave

more

de

tail.

..

Other* SSIF Functions

Function Description

AP (Att.

Provider)

Relying Party, that acts as a proxy for an Attestation Issuer, for the

provisioning/issuance of Attestations to Mobile Agents.

AA (Adv.

Agent)

Relying Party, that acts as a proxy for an Attestation Issuer (AI) for the

advertisement of kinds of Attestations that the AI is willing and capable of

providing through (one of its) APs.

AA Reg Relying Party, that acts as a proxy for some Business Party, for the

registration of Attestation Advertisers.

Wallet Agent, whose function is to store Statements (e.g. Attestations) that are

controlled by the Non-electronic Actor that is accountable (i.e.: can be

sued) for all use that is made of it.

DL Agent Agent, that, together with other Agents that have the same functionality,

and geographically spread across multiple sites, countries or institutions,

collectively maintain a consensus of replicated, shared, and synchronized

digital data (i.e. a Distributed Ledger), the important characteristic of

which is that digital data that is committed to, cannot be denied.

19

*) The SSIF functions ‘Client’, ‘RP’ and ‘MA’ have already been defined.

Status of SSIF Infrastructure

Basic terminology is in place (and in use)

Functional components have been identified

(and we have an idea about their functionalities).

High-level flows for creating, using, and revoking SSIs and

attestations have been established.

Implementation experiments are underway – we expect to see

some kind of PoC in a couple of weeks.

The ideas in the Sovrin framework really match with our ideas;

we will be seeking some kind of collaboration between us.

20

Where to go next

Technically – build stuff

Businesswise – conduct experiments in different domains/sectors

that show added (business) value, and/or how to create new value.

21

Infrastructure

that is not used

has no use.

Do you want to journey along?

Writing valid RP-policies (business logic/arguments)

may not be that easy, perhaps because

it requires good (knowledge of) semantics

it requires high precision (RP’s are electronic agents)

22

How about a playground where we can experiment:

- creating and operating such policies;

- find out what works and what does not;

- devise RP-policy specification methods that work;

- find new ways to conduct business.

23

24

Caroll, L.: Alice’s Adventures in Wonderland, 1865

25

Het is erg makkelijk om

dingen moeilijkte makenmaar erg

moeilijk om dingen

makkelijk te maken.

While it is very easy to make

things difficult, it is very

difficult to make things easy.

While it is very easy to make things difficult,

it is very difficult to make things easy.

MBO Informatie Encyclopedie (http://www.informatie-encyclopedie.nl)

This Is What Neat Stuff Looks Like

26

‘Educational’ Transactions include:

enrolments of various kinds, e.g.

as a student/teacher, course-taker, exam-taker, “stage”

obtaining services of different sorts, e.g.

online learning (at various institutions), digital exams,

access control (logical AND physical), e.g.

buildings/rooms/labs, (parental) access to school-websites

administrative transactions, e.g.

in a LAS, LVS, scheduling systems, presence registrations

backoffice transactions, e.g.

with Studielink, DUO, leerplicht ambtenaar, SVB, tax office

27

Electronic BUSINESS* Transactions

businesses* need to decide whether or not to

commit to a transaction proposal (agreement, contract);

accept the results of the execution phase;

escalate (to some conflict resolution mechanism).

a decision is based on an argument that uses ‘business logic’

(which is some way of reasoning that is not necessarily formal).

an argument uses statements that the ‘business logic’

combines and uses to reach a conclusion (decision).

statements consist of data that refer to entities (identifiers)

and/or state some properties thereof (attributes).

28

Invalid business decisions seriously increase business risk

*) In Education, ‘businesses’ include schools, institutions, governmental

bodies (e.g. DUO, MinOCW), etc.

Validity of Business Decisions

A business decision is valid if the underlying argument is valid.

An argument is valid if

(1) the business logic is valid and

(2) the statements are valid.

A business logic is valid if

the business has decided this.

(how to decide this is not trivial,

but out of scope for now)

A statement is valid if

(1) its meaning is known and

(2) the statement is true.

29

Validity of Statements

The meaning of a statement is

subjective, thus requiring the

business to decide this:

if not, there is incoherence;

generally accepted meanings

can be used;

ontologies may need to be

specified.

The truth of a statement is also

subjective, thus requiring the

business to decide this, e.g.:

after (proper) investigation;

by relying on what others say

(that are trusted to state this).

30

Caroll, L.: Alice’s Adventures in Wonderland, 1865

Transaction Proposal Commitment

A participant will commit to a transaction (agreement) when

this agreement (implicitly or explicitly):

contains all of the participants obligations/duties*;

contains all of the participants expectations/rights*;

the participant has decided that:

the value of his expectations outweigh the value of the obligations;

the risk when having committed is at an acceptable level.

Depending on the risks that the participant has identified,

he may decide to specifically add items to the agreement, e.g.

criteria for (non)acceptance of the transaction

data that allows him to (successfully) escalate*.

31

The information need of a participant =

all information that (s)he needs in order to commit to the transaction.

*) Here is a link with common ways of conflict resolution.

The SSIF infrastructure aims to:

enable individuals

to create and control digital identities (‘self-sovereign’)

for themselves, for ‘things’ and other entities

to use such SSI’s in electronic business transactions

in various domains, including education, work, etc.

enable business parties (including governments)

to specify and implement IT solutions (e.g. apps)

for conducting electronic business transactions:

and to create, control and use digital identities

in a way similar to that of individuals

Current work focused on Electronic Business Transactions (EBT)

32

What is ‘Self-Sovereign Identity’?

... With all that said, what is self-sovereign identity exactly?

The truth is that there’s no consensus.

(Christopher Allen, http://www.coindesk.com/path-self-sovereign-identity/, April 2016)

Here are some statements of what people seem to want:

Users can construct/collect their own digital identity;

Users can use such digital identities in different digital contexts;

Users control which attributes/attestations they share with whom;

Attestations (to parts of a digital identity) are cryptographically secured;

Users are entitled to store, move, correct, obfuscate, and delete

(parts of) their digital identities

...

We shall use the term ‘Self-Sovereign Identity’ or SSI

to refer to digital identities that have properties such as these.

33

Towards a SSI-Framework (SSIF)

In order to make SSIs work (in different contexts), we probably need e.g.

a technical infrastructure that

supports the creation, use, modification and deletion of SSI’s;

supports the association and revocation of attestations to SSI’s;

interoperates with well-known identity products, frameworks, protocols;

...

a governance framework that

defines and maintains the SSIF’s purpose

ways and directions in which it may be developed further

...

a conceptual model that can be used for reasoning about SSIs

and their use

...

We shall use the term ‘Self-Sovereign Identity Framework’ or SSIF

to refer to a framework that specifies how these needs can be fulfilled.

34

The SSIF infrastructure aims to:

enable individuals

to create and control digital identities (‘self-sovereign’)

for themselves, for ‘things’ and other entities

to use such SSI’s in electronic business transactions

in various domains, including education, work, etc.

enable business parties (including governments)

to specify and implement IT solutions (e.g. apps)

for conducting electronic business transactions:

and to create, control and use digital identities

in a way similar to that of individuals

Current work focused on Electronic Business Transactions (EBT)

35

Requirements to achieve these aims:

The requirement to support electronic business transactions

in the end, 100% precision is required.

The requirement to support electronic business transactions

business transactions appear at the information level;

technical/electronic/blockchain transactions are data.

The requirement to support electronic business transactions

we need clear terminology concerning

what a transaction is;

what it takes to commit;

the differences for the various levels at which they exist

(e.g. business, process, technical).

36

SSIF – Fundaments

Transaction model cf DEMO (Dietz, J., TU-Delft)

(DEMO: Design & Engineering Methodology for Organizations)

Context is multi-party, multi-semantic.

Semantic interoperability is a prerequisite:

Semantics = a formal mapping between ‘meaning’ (information)

and its representation (data).

At the technology level we’ll be using

semantic web technology.

At the human level, this is an issue

(e.g. between developers, business)

37

SSIF Semantics – Terminology needed?

SSIF Semantics – Terminology need?

What do you mean by ‘Car’?

40

Establishing a common terminology

If a term does not present any problems, use it!

If a term presents problems, then

discard all proposed definitions,

and iterate towards:

“common criteria”, i.e.

criteria that distinguishinstances

of a term from non-instances,

such that most people

evaluate it in the same way;

a demonstration of relevance

e.g. by applying it to use cases

and showing how it contributes to the resolution of issues;

after proper criteria have been established and relevance is shown,

a name/term can be selected to refer

to instances that satisfy the criteria.

41

Examples of results:

Term Description c.q. Criteria

Entity something that exists (physically or conceptually).

Actor Entity that is capable of acting, i.e. doing/making things.

Examples include people, organizations and machines.

Jurisdiction the scope of an operational mechanism that has the

power, right or authority to declare, interpret, apply, and

enforce compliance with rules/laws.

(this implies that accountability is catered for)

Legal Subject

(within a

jurisdiction)

an Actor that has rights, duties, etc. under the laws/rules

of that Jurisdiction, in particular the capacity to sue and

be sued.

42

Establishing terminology has consequences,

E.g.: being an Actor or a Legal Subject is

- a (non-persistent) property of Entities

rather than individual classes.

- these properties are independent of each other.

Helps to reconcile

different views that may

exist in a single use-case