Revising Principle "Portability. Information and services about identity must be transportable."

[ChristopherA]

Let's collaborate on revising principle #6 "Portability. Information and services about identity must be transportable."

From the original 2015 self-sovereign identity principles : https://github.com/WebOfTrustInfo/self-sovereign-identity/blob/master/ThePathToSelf-SovereignIdentity.md :

6. Portability. Information and services about identity must be transportable. Identities must not be held by a singular third-party entity, even if it's a trusted entity that is expected to work in the best interest of the user. The problem is that entities can disappear — and on the Internet, most eventually do. Regimes may change, users may move to different jurisdictions. Transportable identities ensure that the user remains in control of his identity no matter what, and can also improve an identity’s persistence over time.

A variant from the Self-Sovereign Identity Bill of Rights https://github.com/WebOfTrustInfo/self-sovereign-identity/blob/master/self-sovereign-identity-bill-of-rights.md by (@cboscolo) is:

6. Identities must be portable. Identity attributes and verified claims must be controlled personally and be transportable and interoperable as desired. Government entities, companies and other individuals can come and go. So it is essential that identity holders can move their identity data to other blockchains or platforms to ensure that they alone control their identity.

From Future Property Rights Principles of Identity https://www.newamerica.org/future-property-rights/blog/fpr-principles-identity/ (by timothy robustelli):

6: Portability - Information and services concerning information must be transportable A digital identity cannot be restricted to a single solution. Users must be able to transport their identities --as well as credentials and attestations-- from one platform to another. The transfer of data should be uncomplicated. All vendors should strive for simple and consistent user experiences.

Matthew Shutte's (@matthewjosef) writes about"(on Portability and Interoperability) in https://github.com/WebOfTrustInfo/self-sovereign-identity/blob/master/Schutte-on-SSI.md :

The way that those of us at the metacurrency project might frame this is: our ability to communicate and interoperate should not be encloseable by any third-party.

Along these lines, interoperability is certainly a goal, for it is a requirement of communication that social preferences rather than technological limitations constrain who we interact with. That is not to say that interoperability will come without cost — or without loss of meaning. Any claim is always made in a context. Parts of its meaning are dependent on that context. When a claim is carved off from its context and shared with others (who by necessity do not completely share that same context) there is meaning lost or altered in the process. This is natural, but it is also worth noting and designing for. At the MetaCurrency Project we think about the ways in which context shapes meaning as analogous to Phenotypes (raw code) and Genotypes (code in a particular context). One code is in a particular context it will behave in ways that get shaped by that context. DNA provides a great example of this. More detail is available in the as yet unfinished Ceptr Revelation Document.

Most recently Emily Fry (@EmilyFry) and Elizabeth M. Renieris (@hackylawyer) https://womeninidentity.org/2020/03/31/data-portability/ write:

One example of an emerging legal solution to solve for the non-technical dimensions of full data portability is the notion of a trust framework. A trust framework necessarily lifts cryptographic and other technical trust mechanisms into a coherent set of legal, business, technical (and we argue, ethical) rules. Its purpose can be boiled down quite simply—to ensure that technical tools are developed and deployed in a manner that does in fact support the coherent individual end-user experience and legal protections we all want.

Please add some of your own sources/commentary as links, and suggest any early "wins". For instance, I now agree with others that the word "user" should be avoided.

Ultimately a PR to this repo should be suggested to make a final proposal which we will build consensus on approving.

Thanks for collaborating on this update to principle 6!

-- Christopher Allen

[bumblefudge]

One thing that springs to mind is the portability requirement in GDPR, that has so far led to lots of people being emailed CSV spreadsheets when they close accounts and lawyers grumbling about how useless such a requirement without accompanying specifications or standards. The grumbling must have gotten very loud in Brussels because the EC set aside 5million € specifically for a 9-month program seeking academics, startups, and experts to set up some kind of rails or systematic guidelines for what data portability could look like in practice. The winning applications haven't been announced yet, but maybe some of those participants would have useful thoughts and/or bibliography to share. The grant program's website includes interviews with some of its planners and blurbs from people in the DG-CNECT, which is also architecting the EBSI/ESSIF program (and indirectly related to multiple other relevant funding vehicles supporting prototypes of portability). https://dapsi.ngi.eu/

Another source that comes to mind is MyData (which administered another NGI program, no less), and other groups working on Data Trusts and Data Unions. I'm far from an expert but I am definitely a big fan of all of the above.

[mehdim]

This contribution is from the team building gdpr.dev and Progressive Identity project :

Portability : Identities, including respective aliases and data, must be transportable from one entity to another entity, without possible lockin, flitering or data loss, and without the need of adaptive work either form the identity holder, or the receiving entity. Portability must be desgined towards attaining zero cost for change, on user experience side, the legal side or the technical side. For Portability in a SSI network, entities which store the identity related data and the entities which manage permissions, contracts, claims, and authorisations to access this data must have a stateless relationship. It is to ensure that if one of these 2 jobs (storage or permission management) is handled by a third party, it can be revoked at any time by the identity holder and replaced by another 3rd party that fills the same job without possible technical limitation. When a regulation is applicable (like GDPR or CCPA), the SSI framework must include regulations enforcement by design in the SSI protocols to enforce it at the protocol level, and avoid any manual or legal task when portability is implemented and requested by an identity holder. Legal claims must be verifiable at any time by any independant other entity over the network.

[jandrieu]

For a recent client, I made a pass at a few of the principles, including this one, with an eye to minimally updating the prose to match the more nuanced notion of identity that we have developed, specifically avoiding the framing of "identity" and "identities" as concrete things that can be stored and shared.

Here's what principle 6 looked like:

Portability. Information about, and services used by, individuals must be transportable. Information must not be held by singular third-party entity, even if it is a trusted entity expected to work in the best interest of the individual. The problem is that entities can disappear -- and on the Internet, most eventually do. Regimes may change, people move. Portable assertions and data records ensure that the individual remains in control of his informational presentation no matter what, likely improving the reliability of that presentation over time.

I think it would be useful to first focus on a minimal change of the principles to bring them in alignment with current language. As many of you know, the particular use of "identity" is a passion of mine. The goal of what I did for my client was to update the principles while keeping as much of the original language and intent as possible, but making it clearer to understand and apply to their particular situation. In that case, "identity" was definitely not about particular data fields.

There were similar explanations and clarifications needed for issues of "control". Identity as a noun suggests the possibility for DRM-like controls, but that's not how identity works.

Anyway, once we process a minimal update to smooth rough edges for readers, it might make sense to THEN do a deeper dive and really question the intent and the language that would best get that intention across. That feels much more tractable that opening the full set to complete rewrite. (Which, actually, was my initial response to Chris's original article: https://github.com/jandrieu/rebooting-the-web-of-trust-fall2016/raw/master/topics-and-advance-readings/a-technology-free-definition-of-self-sovereign-identity.pdf). As much as I like my own take on SSI, it didn't get much traction, in part, I'm sure, because it was too much of a delta from the original. I believe similar adaptations had the same problem.

[evanwolf]

Some language from The DataPortability Project c.2007 contributed by myself, Elias Bizannes, and Drummond Reed.

Vision Data portability enables a borderless experience, where people can move easily between network services, reusing data they provide while controlling their privacy and respecting the privacy of others.

For the user With data portability, you can bring your identity, friends, conversations, files and histories with you, without having to manually add them to each new service. Each of the services you use can draw on this information relevant to the context. As your experiences accumulate and you add or change data, this information will update on other sites and services if you permit it, without having to revisit others to re-enter it.

For the Service Provider With cross-system data access, interoperability, and portability, people can bring their identities, friends, conversations, files, and histories with them to your service, cutting down on the need for form-filling which can drive people away. With minimal effort on the part of new customers, you can tailor services to suit them. When your customers browse networked services and accumulate experiences, this information can update on your service, if people permit it. Your relationship remains up-to-date and you can adapt your services in response, even when they don't visit. With mutual control and mutual benefit, your relationships remain relevant, encouraging continued usage.

Data portability is a new approach, where it is easier to use and deliver services. This frictionless movement through the network of services fosters stronger relationships between people and services providers and helps build a healthy networked ecosystem.

Mission To help people to use and protect the data they create on networked services, and to advocate for compliance with the values of DataPortability

A few notes:

• "Identity" was expansive: all of yourself-in-cyberspace. Today's technical identity stack (and whatever comes after) might need portability but portability isn't done until it includes whatever humans claim for themselves as part of their connected lives.
• Meaningful portability. This was early, so we were happy when big internet companies started offering data export in 2008, '09, '10. But "meaningful" portability was another layer. Here's your medical file generated by our equipment but it needs a proprietary app to read it. Here's your sound file but you don't own a working Victrola. Here's your data, but it took us a year to get it to you. Here's your data, but it's intermingled with material owned by others. Access is part of meaningful.
• Power. We pretty much ignored fiat government's roles in portability. We were just starting to talk about .gov as a party that needed to offer portability, and #civtech took up the torch for that. But we left blank who could compel portability. If you're holding resources that are part of me, you might be subject to ways people project power. Buying power as consumers, electoral power as citizens, enforcement power as regulators, etc. So transportability is meaningless unless data subjects (and their proxies) have the signals and tools to exercise their rights and the ability to passively signal and actively invoke enforcement of those rights. It's looking like some governments (like the EU) are writing fiduciary roles into law.
• Healthy ecosystem. We're still not sure what that means.
• Externalities. The cost of identity portability is small, for now. We didn't account for any economic transactions in our demand for the right to portability. Who should pay. Justice and fairness for those unable to pay. Burdens that might require data subjects (or their proxies) to pay.
• Identity of Things. Not addressed at all in either early "data portability" or today's identity portability. But with the spew and churn of device and virtual-thing identities, portability of identities should have similar treatment and billing. Especially as more of those devices are in/with/on human bodies.