12C/ SSI and IoT

From IIW

SSI & IoT (moved from this morning)


Wednesday 12C

Convener: Michael Shea

Notes-taker(s)

Tags for the session - technology discussed/ideas considered:

IoT, SSI,


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps


Sovrin SSI & IoT: https://sovrin.org/library-iot/

Contact: info@sovrin.org or michael.shea@thedinglegroup.com

Whitepaper announcement

https://sovrin.org/the-sovrin-community-releases-new-ssi-iot-whitepaper/

Whitepaper (44pp) https://sovrin.org/wp-content/uploads/SSI-in-IoT-whitepaper_Sovrin-design.pdf

From Nicky Hickman to Everyone:

  • +1 I heard of a hack that came via aircon

  • it killed the enterprise security

From Brent Shambaugh to Everyone:

  • Silly side question. Ed25519 and secp256k1, used frequently with ledgers, are only available on some cryptographic co-processors. I have a co-prcessor with a p256 curve. Can I embed its public key in a DID document on the sovrin ledger?

  • sure

From Nicky Hickman to Everyone:

  • + 1 security and especially identity are iot hot topics, especially as is part of physical security , national infrastructure security and bio security

From Brent Shambaugh to Everyone:

  • It was informative. I had trouble getting crypto software on my microcontroller. arm chip, esp32.. I used a p256 atecc508a to experiment with because sparkfun made a breakout oard. I am just getting started.

  • I hadn't thought about the processor deeply. It was an issue with having enough memory to holding the libraries.

  • *for

From Me to Everyone: to lookup: IETF ACE WG.

From Thomas (Evidence) to Everyone: Thanks !

From George Fletcher to Everyone: https://datatracker.ietf.org/wg/ace/documents/

From Nicky Hickman to Everyone: definitely need to focus on specific challenges that IoT can solve

sorry \ssi can solve +1 - be careful of those dishwashers :-) Dave +1 paul there are things in every ecosystem

From Me to Everyone: How do IoT people think about digital identity differently than most of us?

From Brent Shambaugh to Everyone: iot is heterogeneous. ockam seems to be helping making things more streamlined across crypto chips and protocols with secure channels. lots of heterogeneous platforms too. the raise hand feature seems to be buggy.. ...look forward to more...thanks...gtg

From Nicky Hickman to Everyone: @ Phil, a lot of them don't think about it at all

they think about identifiers

From Me to Everyone: SSI for IoT hobbyists? running on Arduino and pi?

From George Fletcher to Everyone: I think there are a number of levels of security in IoT devices. Attestation could be key but may not require SSI.

From Nicky Hickman to Everyone: there has been serious thought, analysis and discussion with many from leading IoT Security folks +1 Paul plus the cryptography doesn't need to be device side, especially ALL devices Welcome to westworld

From Bruce Conrad to Everyone: @Phil, as an IoT person, I’m constantly seeing things around me and wondering, “What interesting things could happen if that thing was identified and had some kind of presence/surrogate/digital twin on the Internet?”

From Geovane Fedrecheski to Everyone: @Bruce +1

From Nicky Hickman to Everyone: I have a dishwasher that has a sticker on the back that says 'Marie 1203' it was probably made by a 90% automated industrial process. If that machine blows up, am I going to blame Marie 1203 or am I going to blame the brand - my point - every machine has human relationships and consequences. If some problem is found in the future with one of my washing machine's components, who will tell Marie 1203 that her health is at risk?.....

From Bruce Conrad to Everyone: @Nicky yes, once a thing is identified one can begin to imagine a whole complicated life cycle for that thing. In the end, what does Marie 1203 (or whoever replaced her on retirement) do when your machine ends up in a landfill or junkyard

From Brent Shambaugh to Everyone: there be dragons. :)

From pknowles to Everyone: I agree, Nicky. Even with an organisation, I would suggest that the company would be identified by a controlled passive identifier. The company has a vLEI identifier (GLEIF), a passive identifier. That identifier would be controlled by an active identifier (human being, e.g. CEO). The provenance chain for “Marie 1203” should lead right back to the CEO of the company that produced the machine. You can sue the organisation but the buck stops with an active governing entity - the CEO.

From Nicky Hickman to Everyone: yup - new SOX or IoT for IoT

From Me to Everyone: IoT folks seem to have much more interest in 4th parties. lots of data middlemen as a service that aggregate your fleet data, manufacturers that preprocess your devices' data, and fleet/asset management tools.

From Nicky Hickman to Everyone: are you talking about relationships between things, people and organisations? I think we might have something that could help with that sir. I think you made the key point Michael - it looks good on paper - we need a WG to demonstrate / prove it

From pknowles to Everyone: Inputs Domain WG @ Trust over IP … but that group doesn’t exist yet!

From Brent Shambaugh to Everyone: fwiw my IoT hobby project was over at demo table #15.

Retrieved from "https://iiw.idcommons.net/index.php?title=12C/_SSI_and_IoT&oldid=23540"