Machine Identity
Machine Identity: IOT – Security, Trust, Interop
Tuesday 5H
Convener: Mrinal Wadhwa Notes-taker(s): Thomas Berry & Mrinal Wadhwa
Tags for the session - technology discussed/ideas considered:
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
1. Notes received from Thomas Berry:
- Relationships
- Chore Automation
- Responsibility/Liability (Relationship)
- Linkability/revocation (Relationship)
Identify the “person”
identify the “location”
Device “trustworthiness”
- The same data gets “housed” in many different systems
DID provides an opportunity to break away from identity silos
- Scalability
- Security
- Privacy
- Trust
- Reliability
Building blocks
- AuthN
- Linked Data Proofs
- AuthZ/Object capabilities
- DID documents
- Linked Data Signatures
- Verifiable claims/credentials
- ...
Decentralized IDentities
- schema, method, method specific unique string
Registering Device (DID flows)
- generated by the device and optionally registered
- The device can have 100% control of the identification “forever”
Globally resolvable
- Device identity (did:ockam:...)
- People identity (did:sov:...)
If you have a DID string, you can resolve it to it’s DID Document via its method. We did not have this property of global uniqueness/resolvability across systems with older ID schemes. This breaks silos.
DID Documents
- DID documents are linked data documents that describe the DID, they contain the public keys of the DID, authentication methods, services, etc
DID identities better for key management for machines/devices
Introducing a new device to the home—both device and home can utilize discovery endpoints to register its identity within the home
Semantic & linked data
The progress made by the open web community around Linked Data can be applied to IoT; This brings semantic meaning and relationships to IoT data...
- instead of describing temperature as a key of my choosing “temperature”, “temp”, or “T”, let’s describe it with well defined semantics {...“http://IoT schema.org/“, “iot:temperature”: “30”} which is self describing data that defers the description of the data format to a authoritative source (verifiable claims)
DID and blockchain can provide a reliable framework for reliable and secure device management and integration.
managed custody (parents-to-children) is an interesting solution to machine/device ownership. DID can reference an owner document including properties that propagate to the child DID
- ERights has attempted to define the notion of object capabilities (roles/ownership)
************** ************************* ********************* ***************
2. Notes received from Mrinal Wadhwa:
Here are the links to the slides and a video recording of the slides that were discussed in the session