Centralized + Decentralized Identity Standards OAuth + DID w/Code!

From IIW
Jump to: navigation, search

Centralized & Decentralized Identity Standards OAuth + DID w/Code!


Day/Session:Tuesday 1A

Convener:Orie Steele

Notes-taker(s): Orie Steele


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


Two links to presentation slides:

https://twitter.com/OR13b/status/1054813581735149568


https://docs.google.com/presentation/d/1xsiQ6ndb33kzhF8kl1cF_EpWxWmNFwhd0o3KExe6eSw/edit


We talked about OpenID Connect / OAuth Centralized Identity Providers, User Directories and How to go from a Decentralized Identity to a JWT issued by a centralized OAuth provider.


We also talked about blockchains, and how they relate to decentralized identity and GDPR and the right to be forgotten.


We talked about PGP and tradeoffs between reputation and privacy, and the tension between the two.


Key insights included that we (community) seem to believe that deleting an encryption key is equivalent to deleting data. OAuth can be decentralized, but it requires users to run their own servers...