On No You DIDn’t! Your identity is not self-sovereign.
Oh No You DIDn’t! Your Identity Is Not Self-Sovereign
Thursday 12A
Convener: Justin Richer
Notes-taker(s): Thomas Berry, Sam Curren & Ben Gregori
Tags for the session - technology discussed/ideas considered:
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
1. Notes received from Thomas Berry:
Commentary (C)
JR: The term “self-sovereign” identity is misleading
- Identity should be viewed as a conversation; self-sovereign suggests that it gives the power to the speaker, not the listener
- As technologists, we run into a trap of conflation of aspects to identity
- Instead of Identity as expressed and as received
- The model and discussion is much more nuanced; what does it really mean?
C: Identity doesn’t matter
- identifiers and attributes are what is important
- reputation is then a following factor
- I can then assert the important attributes about myself
C: The two views are less in opposition than you might think
JR: The acceptance of the identifier and attributes, etc, are good, but there in lies the central crux of the argument
When the subject is sovereign; the distinction made is self is an individual, a distinctive human being. The other aspects are mechanics. Self-Sovereign is what we feel in the world.
JR: this dicodemy is what I’m trying to raise; ... naming things is hard, no better name for the constructs
C: sovereign refers to some entity that controls a political sphere, but it is not absolute. You don’t have to take this to the Nth degree to make it meaningful.
JR: the key pivot is yes, you can be sovereign in expression; you’ll never be sovereign in the acceptance
C: sovereign [means] I am in control of the ability to choose the [attributes] that I present
- another really useful ... administrative identifiers are loaned to us; using DLTs you had an opportunity to control those identifiers, you could claim and prove the identifiers [were mine] as a eternally persistent record (blockchain); you aren’t relying on an ever present ledger...that exists in the world that people that use it
C: SSI: you have control over your [identity] borders; but, you can’t control who accepts your identity
C: sovereignty exists within a domain; outside the domain is not considered a peer. Sovereignty requires others to recognize it or it does not exist. Identity manifest in the observers cognitive capacity. Your can not control the identity that everyone places on you.
JR: my identity is not self-sovereign; I have a different identity that exists out there ... I am not sovereign over that
C: if I have an administrative identifier that is used to talk about me behind my back. [Self-sovereign allows me to provide identity without handing it over]
JR: property boundaries; [your neighbor can look into your property boundary and say that’s weird]
C: if it weren’t for the internet we wouldn’t have this discussion; internet was built without security as an underlying layer. [Self-sovereign identifier establishes the root of trust for the interactions being performed]. Without the root of trust you can not build credible relationship, [it fails]. SSI establishes a root of trust; everything else is noise.
JR: it’s only trust if I trust it.
C: [SSI trust secures my identity; my identity is secured and cannot be erased, unlike a DL and other forms of identity. SSI is recoverable]
JR: your existence can be ignored
C: we need to be aware we’re talking about more than people
C: SSI means something more than root of trust; you control where your information goes [consent]. Privacy is not secrecy; [its about control]; it’s overstating that SSI does those things [privacy, security, security]. Technology is not in everyone’s hands for SSI to serve all.
C: [SS relies on it to be built into the right software; trust in the software cannot be controled]
JR: how can you trust that copies of your SS aren’t being made unless you wrote the software
C: [there are trends in the population that is focused on identity; SSI should be introduced]
JR: self determination of pronoun reference; your an introduce yourself with whatever name that you want; no one checks on this. Problem of expressivity; human language is squishy; my favorite pronouns are ...; expressing this in a digital space is difficult [to factor into areas of consent].
C: A term becomes useful when there is a strong convergence on its use; we don’t have that [with SSI and Identity]; labels are very ambitious and not useful. Let’s get back to operational use of things; identifiers and attributes. [There is a core that we can use to describe ourselves]; there is a commonality of attributes to [discuss this]. SSI is not useful outside the tight cliques.
JR: [Gargon is important within the community discussing SSI]
C: [SS was intentionally provocative; this discussion is an indication that it was successful]; the terminology gets conflated all the time.
JR: there is ongoing debate about the decentralization of the terminology
JR: [the trusted credential is the issue at hand; SSI doesn’t matter if there is no one to accept it]
JR/C: [is it super scary of convenient when things work together; does this concern the government? the government wants silos of identifiers; data can not be shared.]
JR: nobody cares about what you think about yourself; they care about what they want to know about you
- Dead-naming: common term in trans community; after choosing a new name the “old” family refuses to use it deferring to the previous person’s name.
C: where’s the tension?
JR: [SSI has an identity as a concept; from the outside world it has the identity—but it doesn’t live up to the term]
C: [you always have more sovereignty over a DL instead of a digital wallet; I know how DL works, I don’t know how that app/math is working]
*********************** ************************* *************************
2. Notes received from Sam Curren:
SSI is a misleading name.
A better way to look at identity is as a conversation.
SSI is often posited as giving all control to the speaker and none to the listener.
Your Identity is not necessarily tied to the expression of your identity.
Identity as expressed vs Identity as received.
Validity of SSI work is a separate argument.
Nuance of the discussion.
What does the nature of Soverinty of an Identity even mean.
Identity is more simply described as identifiers and attributes.
Reputation is on top of that and is what people think about me.
These labels help the conversation.
Is this a semantic dance?
That description is good, but avoids some of the deeper edge issues.
when Soverign was first given a name, the distinction was between what you felt you were as a human being, as oppposed to the administrative pieces. (This was pre 'self' prefix)
We mostly talk about administrative identities.
in the political sense, soverign refers to the control of some sphere.
A king can be soverign within his borders, but not without.
A soverign identity doesn't have to be perfectly soverign to still qualify for the title.
You can be soverign over the expression of your identity, but not the acceptance of that identity.
Choosing which identifiers and credentials you present is part of the soverrinty.
identifiers that cannot be removed
we can prove our ownership of a self-soverign identity without permission
within your self soverign domain, you don't ask permission, outside of it, you desire to be
soverignty requires that other people recognize it.
an identity is made soverign by the recognition of it.
identity worked consistantly before the internet.
the internet creates new problems to solve.
cryptography is the tool that we are trying to apply.
trust was not added to the internet in the beginning, but that isn't to say that they knew how but just didn't do it. - Dave Crocker
control is often associated with the concept of secrecy.
privicy is context, control, choice, and respect.
ssi techniques.
use of crypto tools requires trust of the developers.
some communities express identity through pronoun exercises.
Names given in person are usually just accepted.
It changes the internet because of the dynamics in play.
A term fails when we don't have widely accepted meanings attached.
Narrowing down on simpler things will help focus conversation.
Jargon exists to be efficient within small groups.
Self-soverign identity is leaking.
The SSI term _has_ promoted conversation about the ideas. Success as a term?
convenience often trumps judgement
'self' as opposed to what others think of us.
there is no platform today for an individual to define their platform.
dead naming is important. There are times
dead naming is used when somebody chooses a new name. Their old name becomes their 'dead name' and may be used by those that refuse to acknowledge their new name.
fancy math feels like no replacement for holding a physical card.
we speak English because we are pretending that we are communicating.
********************** *************************** **************************
3. Notes Received from Ben Gregori:
Self-sovereign frameworks ignore how people accept you to be. Technologists conflate related but separate aspects of identity:
- Who I internally see myself as (existential)
- Identity that is expressed
- Identity that is received
The model/discussion is more nuanced. What does the nature of sovereignty in identity mean from a tech perspective, personal, or philosophical perspective.
Maybe “identity” doesn’t matter – maybe its identifiers an attributes to escape the morass of “what is identity”
- - Reputation is layered on top of that (what people think of me)
Those two views may not be in opposition. This second view begins with straightforward constructs we recognize (how to use, create, make new ones – we know properties). But we don’t think about issues around that that arise from the first perspective.
- - You can’t own all identifiers. Some identifiers require an extended conversation and partiers are more equal than in others.
- - In some, a party can also mandate identifiers that you can either accept or reject.
So issues the second perspective raises are easier to operationalize.
Note: acceptance of an identifier is a central crux of the argument of the session.
Distinction: self-sovereign (what you think) and administrative identifiers (what people think of you).
- - People cannot and should not assign their own administrative identity. You can’t fully own your own identity…its partly assigned.
What makes it sovereign is not the declaration, but the acceptance of that identity. Therefore,
SSI is a technique, not a technology. We need much more than just tech to embody the principles of SSI in the world. Institutions, politics, hardware, etc.
(Dave Crocker)- The squishy nature of identity, on which no one can agree, even with the 28th IIW and the existence of SSI for a long time, is proof that we should use operational terminology that is actually useful because we can agree on it and we can act on it. – Humans create jargon to in a tight community, and we STILL cannot agree.
- - Joe’s Andrieu’s hot take: as a catalytic, provocative term , SSI is successful because we’re till debating. As an engineer, its incredibly difficult. SSI has ideological/political roles and technical components to achieve that.
SSI is limited, misleading, mismarketed, but its not the perception of the SSI world from the outside. SSI has an identity as a concept, from the outside world, it has an ID that carries certain meanings.
While we may viscerally trust a physical drivers license more, it may be more about reputation. We build reputation for trusting DLs, we could build trust for new tech like DIDs and cryptography.
- - There is a degree of trust in a DMV issuing a DL
- - This is a difference in logic vs. belief, which are both important and valid. It is certainly exploitable, but we accept there is limited access to doing this, fakes are difficult, and the system that uses DLs hasn’t broken down.
- - Fancy math is new, less proven (or less widely understood to be proven)