Machine Identity

From IIW

Machine Identity: IOT – Security, Trust, Interop


Tuesday 5H

Convener: Mrinal Wadhwa Notes-taker(s): Thomas Berry & Mrinal Wadhwa


Tags for the session - technology discussed/ideas considered:


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


1. Notes received from Thomas Berry:


  1. Relationships
  2. Chore Automation
  3. Responsibility/Liability (Relationship)
  4. Linkability/revocation (Relationship)


Identify the “person”

identify the “location”

Device “trustworthiness”



  • The same data gets “housed” in many different systems


DID provides an opportunity to break away from identity silos

  • Scalability
  • Security
  • Privacy
  • Trust
  • Reliability


Building blocks

  • AuthN
  • Linked Data Proofs
  • AuthZ/Object capabilities
  • DID documents
  • Linked Data Signatures
  • Verifiable claims/credentials
  • ...


Decentralized IDentities

  • schema, method, method specific unique string


Registering Device (DID flows)

  • generated by the device and optionally registered
  • The device can have 100% control of the identification “forever”


Globally resolvable

  • Device identity (did:ockam:...)
  • People identity (did:sov:...)


If you have a DID string, you can resolve it to it’s DID Document via its method. We did not have this property of global uniqueness/resolvability across systems with older ID schemes. This breaks silos.


DID Documents

  • DID documents are linked data documents that describe the DID, they contain the public keys of the DID, authentication methods, services, etc



DID identities better for key management for machines/devices


Introducing a new device to the home—both device and home can utilize discovery endpoints to register its identity within the home


Semantic & linked data

The progress made by the open web community around Linked Data can be applied to IoT; This brings semantic meaning and relationships to IoT data...

  • instead of describing temperature as a key of my choosing “temperature”, “temp”, or “T”, let’s describe it with well defined semantics {...“http://IoT schema.org/“, “iot:temperature”: “30”} which is self describing data that defers the description of the data format to a authoritative source (verifiable claims)


DID and blockchain can provide a reliable framework for reliable and secure device management and integration.


managed custody (parents-to-children) is an interesting solution to machine/device ownership.  DID can reference an owner document including properties that propagate to the child DID

  • ERights has attempted to define the notion of object capabilities (roles/ownership)


************** ************************* ********************* ***************


2. Notes received from Mrinal Wadhwa:


Here are the links to the slides and a video recording of the slides that were discussed in the session

Video: https://www.youtube.com/watch?v=TJQ8Pt4lfuA

Slides: https://www.slideshare.net/SSIMeetup/machine-identity-dids-and-verifiable-credentials-for-a-secure-trustworthy-and-interoperable-iot-mrinal-wadhwa