Open ChristopherA opened 6 years ago
Chris,
My challenge has always been that the opening statement is superfluous and lacks guidance. OF COURSE, users have independent existence. I am. You are. People exist. Indepedent existence of the individuals using a system isn't in question.
I have attempted to capture what I think you're getting at with the statement: "Our Identity is much bigger than the digital exhaust we leave in the systems we interact with online and off."
I believe @cbscolo's position is to focus the attention on digital identity only, without reference to real-world identity. I think this is one of the biggest problems in this space.
Digital identity is merely a tool to help people and organizations manage identity. Unless the principles of self-sovereign identity are anchored in this fundamental understanding that digital identity != identity, then we are playing in too small of sandbox.
Actually,@jandrieu, our position was opposite of what you said. We wanted to highlight that the things we use to represent (or prove) our identities should work both online and in the real world. I'll submit a PR to add this link to the README.md later, but for now here's the Bill of Rights we wrote, so you can read the rest of the right.
https://medium.com/@lifeID_io/lifeid-self-sovereign-identity-bill-of-rights-d2acafa1de8b
Our challenge with the original "Existence" prinicple was similar to @jandrieu's. We just felt it was stating more of a universal truth than a new principle, so we wanted to make it more tangible.
This is a statement of principles. As such, it must begin with the first principles that inform it. These cannot be assumed. The US Declaration of Independence begins its second paragraph with, “We hold these truths to be self-evident:” and then enumerates them.
What seems self-evident can never be assumed in a policy document. It must be stated outright. Different human collectives have profoundly different views about what is and is not self-evident. The 10 Principles of Self-Sovereign Identity is making a normative case for a particular set of “self-evident” (i.e. first) principles. State what those are, and expect pushback from institutions who wish to define identity—and humanity—differently.
My suggestion for the text:
We take this truth to be self-evident: that every human being is endowed with an inalienable and essential identity that they alone possess, and which exceeds any particular behaviors they engage in or roles they play in any particular context, digital or otherwise. To secure this identity, digital architectures are instituted which confer upon individuals primary ownership of a persistent and unique digital identity.
Natalie
On Mon, Apr 16, 2018 at 12:25 AM Chris Boscolo notifications@github.com wrote:
Actually,@jandrieu https://github.com/jandrieu, our position was opposite of what you said. We wanted to highlight that the things we use to represent (or prove) our identities should work both online and in the real world. I'll submit a PR to add this link to the README.md later, but for now here's the Bill of Rights we wrote, so you can read the rest of the right.
https://medium.com/@lifeID_io/lifeid-self-sovereign-identity-bill-of-rights-d2acafa1de8b
Our challenge with the original "Existence" prinicple was similar to @jandrieu https://github.com/jandrieu's. We just felt it was stating more of a universal truth than a new principle, so we wanted to make it more tangible.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/WebOfTrustInfo/self-sovereign-identity/issues/6#issuecomment-381504445, or mute the thread https://github.com/notifications/unsubscribe-auth/AUFwT-Vm3TjyosKRt4y7BUsq4bnyAM2Bks5tpEd4gaJpZM4TUmua .
-- Natalie Smolenski VP Business Development Learning Machine +1 (972)-365-2750 Skype: nataliesmolenski
@cboscolo Of course. I should have re-read rather than run with my first impressions. It was literally in the next sentence that my mistaken observation was corrected.
@nsmolenski That's excellent. Not only is the language powerful, but your argument for an explicit statement of the self evident is spot on.
My remaining difference with the language of both Natalie's proposal and Chris's, is the notion of a singular identity.
I ground my work in the observation that identity is subjective. It doesn't exist without identification and as such, exists, necessarily, in the minds of the observer. Notions of my identity exist at Google, Facebook, Amazon, the CA DMV, the US State Department, and even in the minds of everyone reading this post. These several identities will certainly have some overlap--I tend to use the same name in different contexts not only when legally required, but also because its just simpler for me. However, at their basic functionality, these identities independently enable each observer to recognize, remember, and respond to me as a specific individual. These separate identities are an inevitable fact of the observation that identities depend on identification, which depends on an observing system.
As such, I've always framed privacy issues in terms of context collapse. http://blog.joeandrieu.com/2011/04/10/constellations-of-privacy/ In this understanding that private and public are not black & white universals, one can see that information that unexpectedly and undesireably crosses contextual boundaries is a privacy violation. Similarly, the unwanted correlation of identity information across contexts is a privacy violation. In other words, unifying identity is the problem, not the solution.
I believe the group of us are on the same mission, so I doubt we are in disagreement about the intent of the terminology we use. However, the notion of a "unified identity" or a "unique identity" runs counter to both how identity actually functions (in the mind of every observer) and how undesired correlation is rejected by the self-sovereign identity movement.
In short, I don't believe in an "inalienable and essential identity that [individuals] alone possess. Rather, I believe:
Every human being is endowed with an independent manifestation, that they alone possess, and which exceeds any particular behaviors they engage in or roles they play in any particular context, digital or otherwise. To secure this manifestation and its representation in any medium, architectures are instituted which confer upon individuals primary ownership and control over the means of their recognition, remembrance, and response. These resulting self-sovereign identities provide the means for respectful and binding negotiations of the use of such representations in systems beyond the individuals direct control.
Hey Joe, the principle of existence states that each person has an identity exists essentially and a priori, beyond the eye of any observer. It is that essential pre-existence, which doesn't depend on anyone else's observations, on which the moral case for self-sovereign identity rests. We are more than just a collection of observations about ourselves. Accordingly, "A self-sovereign identity simply makes public and accessible some limited aspects of the “I” that already exists."
Is that first principle something you agree or disagree with?
-- Natalie Smolenski Learning Machine www.learningmachine.com http://www.learningmachine.com/ +1 (972) 365-2750 Skype: nataliesmolenski
On Mon, Apr 16, 2018 at 11:41 AM, Joe Andrieu notifications@github.com wrote:
@cboscolo https://github.com/cboscolo Of course. I should have re-read rather than run with my first impressions. It was literally in the next sentence that my mistaken observation was corrected.
@nsmolenski https://github.com/nsmolenski That's excellent. Not only is the language powerful, but your argument for an explicit statement of the self evident is spot on.
My remaining difference with the language of both Natalie's proposal and Chris's, is the notion of a singular identity.
I ground my work in the observation that identity is subjective. It doesn't exist without identification and as such, exists, necessarily, in the minds of the observer. Notions of my identity exist at Google, Facebook, Amazon, the CA DMV, the US State Department, and even in the minds of everyone reading this post. These several identities will certainly have some overlap--I tend to use the same name in different contexts not only when legally required, but also because its just simpler for me. However, at their basic functionality, these identities independently enable each observer to recognize, remember, and respond to me as a specific individual. These separate identities are an inevitable fact of the observation that identities depend on identification, which depends on an observing system.
As such, I've always framed privacy issues in terms of context collapse. http://blog.joeandrieu.com/2011/04/10/constellations-of-privacy/ In this understanding that private and public are not black & white universals, one can see that information that unexpectedly and undesireably crosses contextual boundaries is a privacy violation. Similarly, the unwanted correlation of identity information across contexts is a privacy violation. In other words, unifying identity is the problem, not the solution.
I believe the group of us are on the same mission, so I doubt we are in disagreement about the intent of the terminology we use. However, the notion of a "unified identity" or a "unique identity" runs counter to both how identity actually functions (in the mind of every observer) and how undesired correlation is rejected by the self-sovereign identity movement.
In short, I don't believe in an "inalienable and essential identity that [individuals] alone possess. Rather, I believe:
Every human being is endowed with an independent manifestation, that they alone possess, and which exceeds any particular behaviors they engage in or roles they play in any particular context, digital or otherwise. To secure this manifestation and its representation in any medium, architectures are instituted which confer upon individuals primary ownership and control over the means of their recognition, remembrance, and response. These resulting self-sovereign identities provide the means for respectful and binding negotiations of the use of such representations in systems beyond the individuals direct control.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/WebOfTrustInfo/self-sovereign-identity/issues/6#issuecomment-381707293, or mute the thread https://github.com/notifications/unsubscribe-auth/AUFwTwdTYSXwsZZ4zq1kHflvAWJQJUSkks5tpOXSgaJpZM4TUmua .
I disagree, but with exceptions that may prove a way forward.
First, we observe ourselves. As such, our sense of self emerges from this self-observation. This internal identity is independent of anyone else's observations. This is, I think, in agreement with your notion of pre-existence. However, that internal identity need not, and in a free society, MUST not be unified with external notions of "who we are". Free will depends upon freedom of mind. In my heart of hearts, I may see myself as a revolutionary or a stalwart of the orthodoxy, forcing the externalization of that self-identification would be a horrible thing. So the very nature of self-identity as a private phenomenon argues against building systems that "unify" a single identity across multiple observers.
Also, it is possible to lose one's sense of self, either in the sense of amnesia or "in-the-moment" when we react to the flow of events independently from how we like to think of ourselves. If you can't remember your name, or wether or not you are republican or democrat, gay or straight, you have lost your identity. You may regain it. You may regain only parts. Or you may never reconnect with that person you used to be. As such, even this internal identity is dependent on your own cognition and is not persistent against all threats. A notion of identity that persists through cognitive collapse without reliance on physical continuity doesn't seem consistent with how identity works.
Courts resolve questions of continuity of self, in the face of dementia or insanity, based on the continuity of the physical person and competency of the mind. There is no method to determine, or dependency upon determining, whether or not the restored competent mind has any cognitive link back to the person they used to be. So, while we have independent manifestations physically, which predate and outlast cognition and self-awareness, we do not have even internal cognitive identity independent of observation.
Second, functionally, identity is not "who we are". That is an existential question. Identity is who we are recognized as--including by ourselves. But it is not who we are. I can be republican at heart and not even recognize it myself. I can be so repressed in my own person that I live for decades in denial. But whether or not the fact of my republican nature is recognized, such recognition (or lack) and resulting identity won't change the underlying existential fact. Similar analysis can be made of any unobserved factual phenomenon such as sickle-cell anemia or a genetic predisposition to Huntington's disease. I can be "X" and knowledge of that fact (including by me), won't change it; but such knowledge or ignorance of that fact will shape my identity.
The fields in which identity can rightly be considered "who we are" include psychology and sociology, because those fields focus on self as the manifestation of recognition, either in one's own mind or in relationship to others. So their notion of identity-as-self doesn't violate the functional notion of identity, but both intentionally ignore the other ways in which self exists beyond identity. I am who my mind expresses as myself (psychology) and I am who I am in relation to others (sociology) reasonably sidestep the factual question of "who I am" in the context of my physical person. Their perspective is somewhat tautological but internally consistent and useful within those fields.
However, bringing psychological or sociological notions of identity into the design of systems often creates the false sense that the identity--as constructed and managed by systems--is identity and hence, is the self. Yet, identity-as-self is obviously a misconception when the system manifests identity as a set of attributes. We are NOT our attributes. We exist beyond the digital breadcrumbs we leave in systems we interact with online and off and so does our identity.
This is the fundamental of the first principle. We are not the data you have about us. We are more than that. We are more than that because we exist physically outside your systems. We have mind and will and an inalienable right to exert that will over our physicality. This is the source of the moral authority of self-sovereign identity. Not in the pre-existence of an internal identity, but in the innate manifestation of our will through our own physicality. Digital systems must not become a means to disassociate our inalienable right to control our manifestations by constructing additional, limited manifestations beyond the reach of our physical person.
How is this:
"This is the fundamental of the first principle. We are not the data you have about us. We are more than that. We are more than that because we exist physically outside your systems. We have mind and will and an inalienable right to exert that will over our physicality. ... Not in the pre-existence of an internal identity, but in the innate manifestation of our will through our own physicality."
meaningfully different from this:
"A self-sovereign identity simply makes public and accessible some limited aspects of the “I” that already exists."
It just seems like a much wordier way of saying the same thing. Remember, a statement of principles document cannot be byzantine. It must be short, crisp, and clear, or else no one will read it or care.
-- Natalie Smolenski Learning Machine www.learningmachine.com http://www.learningmachine.com/ +1 (972) 365-2750 Skype: nataliesmolenski
On Mon, Apr 16, 2018 at 12:56 PM, Joe Andrieu notifications@github.com wrote:
I disagree, but with exceptions that may prove a way forward.
First, we observe ourselves. As such, our sense of self emerges from this self-observation. This internal identity is independent of anyone else's observations. This is, I think, in agreement with your notion of pre-existence. However, that internal identity need not, and in a free society, MUST not be unified with external notions of "who we are". Free will depends upon freedom of mind. In my heart of hearts, I may see myself as a revolutionary or a stalwart of the orthodoxy, forcing the externalization of that self-identification would be a horrible thing. So the very nature of self-identity as a private phenomenon argues against building systems that "unify" a single identity across multiple observers.
Also, it is possible to lose one's sense of self, either in the sense of amnesia or "in-the-moment" when we react to the flow of events independently from how we like to think of ourselves. If you can't remember your name, or wether or not you are republican or democrat, gay or straight, you have lost your identity. You may regain it. You may regain only parts. Or you may never reconnect with that person you used to be. As such, even this internal identity is dependent on your own cognition and is not persistent against all threats. A notion of identity that persists through cognitive collapse without reliance on physical continuity doesn't seem consistent with how identity works.
Courts resolve questions of continuity of self, in the face of dementia or insanity, based on the continuity of the physical person and competency of the mind. There is no method to determine, or dependency upon determining, whether or not the restored competent mind has any cognitive link back to the person they used to be. So, while we have independent manifestations physically, which predate and outlast cognition and self-awareness, we do not have even internal cognitive identity independent of observation.
Second, functionally, identity is not "who we are". That is an existential question. Identity is who we are recognized as--including by ourselves. But it is not who we are. I can be republican at heart and not even recognize it myself. I can be so repressed in my own person that I live for decades in denial. But whether or not the fact of my republican nature is recognized, such recognition (or lack) and resulting identity won't change the underlying existential fact. Similar analysis can be made of any unobserved factual phenomenon such as sickle-cell anemia or a genetic predisposition to Huntington's disease. I can be "X" and knowledge of that fact (including by me), won't change it; but such knowledge or ignorance of that fact will shape my identity.
The fields in which identity can rightly be considered "who we are" include psychology and sociology, because those fields focus on self as the manifestation of recognition, either in one's own mind or in relationship to others. So their notion of identity-as-self doesn't violate the functional notion of identity, but both intentionally ignore the other ways in which self exists beyond identity. I am who my mind expresses as myself (psychology) and I am who I am in relation to others (sociology) reasonably sidestep the factual question of "who I am" in the context of my physical person. Their perspective is somewhat tautological but internally consistent and useful within those fields.
However, bringing psychological or sociological notions of identity into the design of systems often creates the false sense that the identity--as constructed and managed by systems--is identity and hence, is the self. Yet, identity-as-self is obviously a misconception when the system manifests identity as a set of attributes. We are NOT our attributes. We exist beyond the digital breadcrumbs we leave in systems we interact with online and off and so does our identity.
This is the fundamental of the first principle. We are not the data you have about us. We are more than that. We are more than that because we exist physically outside your systems. We have mind and will and an inalienable right to exert that will over our physicality. This is the source of the moral authority of self-sovereign identity. Not in the pre-existence of an internal identity, but in the innate manifestation of our will through our own physicality. Digital systems must not become a means to disassociate our inalienable right to control our manifestations by constructing additional, limited manifestations beyond the reach of our physical person.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/WebOfTrustInfo/self-sovereign-identity/issues/6#issuecomment-381728988, or mute the thread https://github.com/notifications/unsubscribe-auth/AUFwT50XXz1P-kMQPFNChcI1CCjJTLv7ks5tpPdUgaJpZM4TUmua .
Well, that paragraph was my explanation of it, not proposed text.
However, there are at least two meaningful differences from your quote: "A self-sovereign identity simply makes public and accessible some limited aspects of the “I” that already exists."
First, self-sovereign identity need not to anything public. Sharing in context need not be public at all.
Second, self-sovereign identity can be used to accrete new aspects of self to a root that did not exist before. This was the case with Joram. The SSI anchor and his selectively shared attributes were all constructs that enabled recognition, remembrance, and response independent of the "I" that already existed. UNLESS the notion of the "I" that already exists reduces to his physicality.
But identity is clearly more than just resolving our physicality, so the key question is how do we define a self-sovereign identity whose recognition is independent of the physicality while its moral foundation is based on the independent will expressed in our physical manifestation?
"A self-sovereign identity simply makes public and accessible some limited aspects of the “I” that already exists."
Simply changing "public and accessible" to "accessible" would address your first point. The sentence simply refers to disclosure to any other person or entity. But we don't even have to keep it in the first principle, which simply refers to the existence of digital identity, rather than its disclosure.
We also need to avoid making identity implicitly synonymous with any particular technical term, like root. I would avoid using "root" anywhere in this statement of principles, not only because it's a technical term that will immediately lose the broader audience you're trying to persuade, but because it's too precise of a technical commitment to make--the whole purpose of principles is to be the guidelines for changing digital architectures (these may or may not include what we today call "roots" over time).
I still don't see any problems with the below formulation. Remember, this is the first principle, "Existence." All it's stating is that you have a digital identity of which you are the owner, and which cannot be alienated from you. We can address issues of disclosure in subsequent principles.
We take to be self-evident that every human being is endowed with an inalienable and essential identity that they alone possess, and which exceeds any particular behaviors they engage in or roles they play in any particular context, digital or otherwise. To secure this identity, digital architectures are instituted which confer upon individuals ownership of a persistent and unique digital identity.
I think this is enough for point one.
-- Natalie Smolenski Learning Machine www.learningmachine.com http://www.learningmachine.com/ +1 (972) 365-2750 Skype: nataliesmolenski
On Mon, Apr 16, 2018 at 1:46 PM, Joe Andrieu notifications@github.com wrote:
Well, that paragraph was my explanation of it, not proposed text.
However, there are at least two meaningful differences from your quote: "A self-sovereign identity simply makes public and accessible some limited aspects of the “I” that already exists."
First, self-sovereign identity need not to anything public. Sharing in context need not be public at all.
Second, self-sovereign identity can be used to accrete new aspects of self to a root that did not exist before. This was the case with Joram. The SSI anchor and his selectively shared attributes were all constructs that enabled recognition, remembrance, and response independent of the "I" that already existed. UNLESS the notion of the "I" that already exists reduces to his physicality.
But identity is clearly more than just resolving our physicality, so the key question is how do we define a self-sovereign identity whose recognition is independent of the physicality while its moral foundation is based on the independent will expressed in our physical manifestation?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/WebOfTrustInfo/self-sovereign-identity/issues/6#issuecomment-381743773, or mute the thread https://github.com/notifications/unsubscribe-auth/AUFwT4VWNqQcqa_eNf45FWPzS7qREK_hks5tpQNAgaJpZM4TUmua .
That's mostly just back to your earlier suggestion, about which I already voiced my differences. We don't possess our identity. We possess ourselves. Conflating the two will not help us.
I see. So are you suggesting that self-sovereign digital identity should not be owned by the user to whom it refers, because they don’t own their identity full stop? If so, that’s a fundamental difference of principle that we won’t be able to reconcile.
On Mon, Apr 16, 2018 at 5:51 PM Joe Andrieu notifications@github.com wrote:
That's mostly just back to your earlier suggestion, about which I already voiced my differences. We don't possess our identity. We possess ourselves. Conflating the two will not help us.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/WebOfTrustInfo/self-sovereign-identity/issues/6#issuecomment-381774720, or mute the thread https://github.com/notifications/unsubscribe-auth/AUFwT4nkojCYSgVN3EsrDnhAB40IozBYks5tpSB4gaJpZM4TUmua .
-- Natalie Smolenski VP Business Development Learning Machine +1 (972)-365-2750 Skype: nataliesmolenski
First, I'm not limiting self-sovereign identity to the digital realm.
Second, while one may own self-sovereign identifiers and may control the release of attributes attached to those identifiers, the resulting identities are fundamentally not ownable in any recognizable sense by the individual. I will always know you as Natalie and no matter why you might change your name, you have neither the right nor the ability to force me to change how I think of you in my own mind. Whatever sovereignty you have stops--at a minimum--at the boundary of my mind.
Ownership is not the regime under which self-sovereignty earns its moral authority. I don't have rights to the use of information about me because I own that information. Rather, I have rights because I am, in this context, treated as a peer. Within their domain, the individual is sovereign, outside that domain, they are treated as a peer. That's self-sovereignty.
GDPR and similar regulatory and legal frameworks are pushing far beyond the notion of ownership to establish the negotiated boundary of a domain in which the user's directive is law. Individuals can no longer be treated as serfs subject to the whims of the aristocratic lords. This is self-sovereign identity at its core. No DIDs, no VCs, no "containers" required.
So yes, if your definition of self-sovereign identity depends on the notion of ownership, we have a fundamental, unresolvable conflict.
Our identities are not concrete things to be owned or stored or moved around. Our identities are how we are recognized, remembered, and responded to. We do not own what is in other people's heads.
I would further take issue--as I've explained--with the idea of an individual having "an identity". Identity is myriad, not singular.
Self-sovereign identity is not the assertion of ownership of some set of information, but rather the establishment of a domain of primacy and a framework for negotiable, binding exchanges with those outside that domain.
Ownership of information is a black hole that regulators and technologists like to fall in to, but it is a false model because ownership itself is a construct of law and subject to evolution over time. Trying to base new laws on old laws based on fundamentally different concepts is deeply tautological and misguided. None of the existing paradigms of ownership, in intellectual property, real property, or physical property apply to the current use of personal information. Constructing a new paradigm of ownership is hugely complicated and not for the plebiscite. It will take deep legal scholarship and years--if not decades--of political wrangling to construct a viable definition of ownership regarding personal information.
But we don't need that. What we need is a negotiable domain within which the individual is in command and outside of which they are respected as a peer.
On Mon, Apr 16, 2018 at 3:54 PM Natalie Smolenski notifications@github.com wrote:
I see. So are you suggesting that self-sovereign digital identity should not be owned by the user to whom it refers, because they don’t own their identity full stop? If so, that’s a fundamental difference of principle that we won’t be able to reconcile.
That is not what I’m hearing Joe say. I think he is saying we have multiple personal identities, each which may own digital identities. dana boyd (famously all lower case) did surveys to show that teenagers go through as many as 20 different identities (bubbly princess, punker, tom girl, opposite sex, etc. ) both in the real world and digital before finding their niche. Digital used to allow for more safety. I know my gamer & music communities thinks of me much differently, and I behave differently with each.
I appreciate the deep thought in this discussion. We are covering tough territory here. We are simultaneously trying to be a strong declaration, technically accurate (for both personal & digital identity), persuasive, avoid the common stumbling blocks that tie people in unnecessary knots, all the while keeping it as simple as possible.
I believe we can find a nuanced new wording for the first principle, and think we are close!
So in your “domain” you are “in command” over things (data) you don’t own? I presume you’ve done the work of unpacking the differences between the notion of “domain” you’re proposing (ownerless command) and the Roman legal notion of “dominion” (from which “domain” derives) literally meaning the ownership of private property, and of “dominus” as “owner.” I’m sure you have an account for how certain data end up within your domain while others do not, and why a sovereign individual would get to command some data they don’t own but not other data they don’t own.
This discussion has gotten too in the weeds for me, and in the wrong direction—I’m afraid that excluding any notion of ownership from a definition of self-sovereignty is simply untenable in the long term. But wishing you all the best formulating it in a way that laymen can understand and that transates into an actionable project that will rally people all over the world to build sustainable, empowering architectures.
On Mon, Apr 16, 2018 at 6:42 PM Joe Andrieu notifications@github.com wrote:
First, I'm not limiting self-sovereign identity to the digital realm.
Second, while one may own self-sovereign identifiers and may control the release of attributes attached to those identifiers, the resulting identities are fundamentally not ownable in any recognizable sense by the individual. I will always know you as Natalie and no matter why you might change your name, you have neither the right nor the ability to force me to change how I think of you in my own mind. Whatever sovereignty you have stops--at a minimum--at the boundary of my mind.
Ownership is not the regime under which self-sovereignty earns its moral authority. I don't have rights to the use of information about me because I own that information. Rather, I have rights because I am, in this context, treated as a peer. Within their domain, the individual is sovereign, outside that domain, they are treated as a peer. That's self-sovereignty.
GDPR and similar regulatory and legal frameworks are pushing far beyond the notion of ownership to establish the negotiated boundary of a domain in which the user's directive is law. Individuals can no longer be treated as serfs subject to the whims of the aristocratic lords. This is self-sovereign identity at its core. No DIDs, no VCs, no "containers" required.
So yes, if your definition of self-sovereign identity depends on the notion of ownership, we have a fundamental, unresolvable conflict.
Our identities are not concrete things to be owned or stored or moved around. Our identities are how we are recognized, remembered, and responded to. We do not own what is in other people's heads.
Self-sovereign identity is not the assertion of ownership of some set of information, but rather the establishment of a domain of primacy and a framework for negotiable, binding exchanges with those outside that domain.
Ownership of information is a black hole that regulators and technologists like to fall in to, but it is a false model because ownership itself is a construct of law and subject to evolution over time. Trying to base new laws on old laws based on fundamentally different concepts is deeply tautological and misguided. None of the existing paradigms of ownership, in intellectual property, real property, or physical property apply to the current use of personal information. Constructing a new paradigm of ownership is hugely complicated and not for the plebiscite. It will take deep legal scholarship and years--if not decades--of political wrangling to construct a viable definition of ownership regarding personal information.
But we don't need that. What we need is a negotiable domain within which the individual is in command and outside of which they are respected as a peer.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/WebOfTrustInfo/self-sovereign-identity/issues/6#issuecomment-381783786, or mute the thread https://github.com/notifications/unsubscribe-auth/AUFwT16NphAuKtv5lbN_EHC2aTUQMu93ks5tpSx3gaJpZM4TUmua .
-- Natalie Smolenski VP Business Development Learning Machine +1 (972)-365-2750 Skype: nataliesmolenski
Maybe the discussion/definition can be more focused on
an individual having control over disclosure of personable identifiable information in the form of shared identities fit for purpose
rather than
an individual owning their identity and disclosure thereof
I also think we may be conflating human personhood and personal identity. As a human person I have rights under the UN Charter of Human Rights, no matter what identity, or multiple identities I have held, including different citizenships, witness protection, conservatorship or guardianship under another, or the old-fashioned “going away & reinventing myself” that used to be possible in the past.
I’ll concede I am one human person, but I hold many personal identities (some of which like citizenship I don’t actually own/control), and those in turn may hold many digital identities (some of which don’t own/control), and those may have many identifiers.
Digital self-sovereign identity (what we are focused on now) declares that my digital identities & identifiers should be more in my own/control, whereas statement about those (claims, reputation etc.) can still be made about those digital identities & identifiers.
My original purpose of principle 1: existence was to address the problem that no digital self-sovereign identity is not the whole you. You may have more digital identities, more than one real world identity that holds them, and beyond that you are a unique person that is more than any identity can describe (dare I say “soul”?). Thus first, and foremost we must say that digital identity is not the full representation of a person, and it is impossible to be so.
[Wrote this on iPhone in BART so please forgive any errors :-) ]
P.S. I would love to solve the problem of self-sovereign personhood, but hope we can leave that off the table and focus on what we can change (for now).
Thanks Christopher. The fundamental question that needs to be addressed is:
What about digital identity makes it self-sovereign?
So far, you have an ownership answer and a control answer, which are very difficult to separate in practice.
There are a few models under which these can be separated already under the law: the trust and the rentier/shareholder. Under a trust model, an asset is owned by one party but controlled by another, who functions as a custodian. The gains and losses accruing to the underlying asset accrue mostly to the owner rather than the custodian, although the custodian may receive a share of the gains and losses as incentive to manage the trust well. Under a rentier/shareholder model, a capital engine is owned by a specified party or parties but administered by another, with the income or capital accruing to the owner(s).
I would argue that the first model (the custodial model) is not self-sovereign, either for owner or custodian. The second model could be (only for the owner), but it's difficult to imagine a use case in the digital identity space that wasn't illegal (i.e. "identity lending").
For these reasons, I would make the argument that the paradigmatic case of digital self sovereignty is one in which the identity addressee (the "self" who is addressed by the identity) owns and controls at least some primal sphere of their own identity data.
They may not be the only owners/controllers of this data, and the asset that is owned is not a commodity--but they certainly exercise the ownership/control function.
Without some sense of ownership, the very notion of "sovereignty" is called into question. In jettisoning it, we would need to devise a term other than SSI to describe what we're talking about.
-- Natalie Smolenski Learning Machine www.learningmachine.com http://www.learningmachine.com/ +1 (972) 365-2750 Skype: nataliesmolenski
On Mon, Apr 16, 2018 at 5:49 PM, Christopher Allen <notifications@github.com
wrote:
P.S. I would love to solve the problem of self-sovereign personhood, but hope we can leave that off the table and focus on what we can change (for now).
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/WebOfTrustInfo/self-sovereign-identity/issues/6#issuecomment-381794478, or mute the thread https://github.com/notifications/unsubscribe-auth/AUFwT24Dd9oHDh06j43LwfDDOKzVn6h-ks5tpTw3gaJpZM4TUmua .
They may not be the only owners/controllers of this data, and the asset that is owned is not a commodity--but they certainly exercise the ownership/control function.
[I have not read this entire thread and may be missing context. Another point of view may be beneficial.]
In my view you do not ever own data. There is simply data private to you and data known to others (that may know you have it too / applies to you).
In the sphere of personal identity (applies to all spheres) the data known to others forms your identity in their eyes based to the extent:
I phrased it as:
an individual having control over disclosure of personal~ble~ identifiable information in the form of shared identities fit for purpose
In my view it is all about privacy of data and the logic that controls disclosure of private data or aspects thereof to other parties.
I do not think that ownership of data even needs to be considered as it is a construct provable only to the extent a sum of claims provide with no real proof. It is not useful when talking about privacy.
When speaking about digital claims it is not even about privacy of data but about the controls for disclosure as privacy vanishes as soon as data is shared with one external party. So privacy of data may have no place in the core definition either.
When I read comments trying to fit a bigger picture (and legal terms) to what is being done by this group I feel repulsed as I feel that the core concepts are being over-complicated.
I believe there should be primary focus on:
The human aspects of identity should simply be an application of this foundational logic and the extent to which this application is easily possible in practice proves the soundness of the core logic.
The core logic of partial data disclosure has wide application and IMO the solution must be neutral in language and completely functional in application divorced from any ideology and complicated language.
In my view (digitally speaking) self-sovereign is simply the recognition that an entity has control over the disclosure of its private data where disclosure is granted directly or indirectly through logic by a human actor.
I would go as far as saying that there is no self-sovereign without a human actor as a human will always have called execute in the history of a running system orchestrating entities. No digital entity is self-sovereign as it can never make an original (trans-dimensional) decision. Digital entities such as AI can only ever be autonomous within their dimension of computation and would pervert the truth in individual human sovereignty and its possible self-sovereign digital extension.
So @cadorn, if you were to incorporate what you’ve learned in this thread so far, what would your new proposal be?
@nsmolenski said:
In jettisoning it, we would need to devise a term other than SSI to describe what we're talking about.
What about Self Administered Identity?
So @cadorn, if you were to incorporate what you’ve learned in this thread so far, what would your new proposal be?
I am going to give it a shot framed around Self Administered Identity when I get a chance in next few days. Need to review the other docs in this repo and this thread again first.
Great conversation!
I would strongly oppose trying to rename "Self Sovereign Identity" to "Self Administered Identity". It is very difficult to get ideas (and the labels we give them) to be recognized by many different individuals and technical circles. Like it or not, there is a large diverse community of people now using the term "Self Sovereign Identity". IMO, it will be much easier to morph the definition to align with new thinking than to rename it.
So @nsmolenski — what is your current proposal for principle one, given the conversation so far?
My proposal is unchanged. Without a robust commitment to data ownership by the individual, there is no “sovereignty” in self-sovereignty. A sphere of “ownness” or “mineness” is also the scientific basis (within the science of subjectivity) for any concept derived from primary ownership, such as privacy or administrative control. Without it the whole architecture collapses.
Regarding terminology, I will not go to bat to defend watered-down, vague concepts like “self-administered identity.” Frankly, if there is no commitment on principle to data ownership or self-sovereignty by the purported SSI crowd, then I don’t see what its purpose is, and you can remove me from future deliberations on these questions.
Natalie
On Sun, Apr 22, 2018 at 8:06 PM Christopher Allen notifications@github.com wrote:
So @nsmolenski https://github.com/nsmolenski — what is your current proposal for principle one, given the conversation so far?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/WebOfTrustInfo/self-sovereign-identity/issues/6#issuecomment-383427670, or mute the thread https://github.com/notifications/unsubscribe-auth/AUFwT-W9Obk4tcppbPY65ors8rt3KYHBks5trSkEgaJpZM4TUmua .
-- Natalie Smolenski VP Business Development Learning Machine +1 (972)-365-2750 Skype: nataliesmolenski
@nsmolenski I'd like to figure out how to both incorporate your thoughts on how to connect Self-Sovereign Identity to fundamental principles of ownership and property law, but I'd also like to connect them one level higher to fundamental rights that are above that, in the same way the US Declaration of Independence make assertions to "Unalienable Rights".
So I'd like to see some way to start the first principle of "We Exist!" — that as human beings our personal existence is our most fundamental fact, and the control over our self is our most fundamental freedom, our “Unalienable Right". That human dignity demands that individuals be treated with respect and as peers. For me this comes first both in the real world and in the digital one, independent of any law.
Then to connect to your thoughts that the way to accomplish in digital systems this is through control of data ownership by the person through principles of property law and ownership. I don't know if this has to be a new 2nd principle, or if it can be incorporated into the first principle.
Can we get your help in puzzling through how to describe that connection? This is only the first principles in this issue (maybe I should not have started here and started in the middle!) and I really think your contributions to the other principles will be unique & very valuable.
Regarding terminology, I will not go to bat to defend watered-down, vague concepts like “self-administered identity.” Frankly, if there is no commitment on principle to data ownership or self-sovereignty by the purported SSI crowd, then I don’t see what its purpose is, and you can remove me from future deliberations on these questions.
I think everyone is on board with the principles, but there are a lot of fancy words in this thread. Some technical nuances seem to be causing confusion, so I'll weigh in on what I think those are.
I understand that the term "self-sovereign" is well-known and aspirational, and that's great. But some of us more technical folk squirm around its lack of precision. And also the lack of precision around "ownership". There are different forms of identifiers (e.g. guardian-managed vs self-managed) that are valuable in different contexts, and that I think are aligned with the "self-sovereign" principles we all carry in our heads. But the implementation details around "ownership" vary so much that threads like this just don't compute.
It seems reasonable to draw distinctions between:
This is definitely the right group to figure this out. I think we just need to focus on getting a common vocabulary.
Christopher, it sounds like you have something very specific in mind. Perhaps you could write the document you are looking for and invite feedback, rather than trying to write it by committee. It seems that is just causing confusion. Define your terms in the paper so it’s clear what is being talked about and then invite people to contribute based on their areas of expertise.
On Mon, Apr 23, 2018 at 1:40 PM Christopher Allen notifications@github.com wrote:
@nsmolenski https://github.com/nsmolenski I'd like to figure out how to both incorporate your thoughts on how to connect Self-Sovereign Identity to fundamental principles of ownership and property law, but I'd also like to connect them one level higher to fundamental rights that are above that, in the same way the US Declaration of Independence make assertions to "Unalienable Rights".
So I'd like to see some way to start the first principle of "We Exist!" — that as human beings our personal existence is our most fundamental fact, and the control over our self is our most fundamental freedom, our “Unalienable Right". That human dignity demands that individuals be treated with respect and as peers. For me this comes first both in the real world and in the digital one, independent of any law.
Then to connect to your thoughts that the way to accomplish in digital systems this is through control of data ownership by the person through principles of property law and ownership. I don't know if this has to be a new 2nd principle, or if it can be incorporated into the first principle.
Can we get your help in puzzling through how to describe that connection? This is only the first principles in this issue (maybe I should not have started here and started in the middle!) and I really think your contributions to the other principles will be unique & very valuable.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/WebOfTrustInfo/self-sovereign-identity/issues/6#issuecomment-383679491, or mute the thread https://github.com/notifications/unsubscribe-auth/AUFwTxeSwKD8aHme6cYa8jJWk1zrsq4yks5triAigaJpZM4TUmua .
-- Natalie Smolenski VP Business Development Learning Machine +1 (972)-365-2750 Skype: nataliesmolenski
Apologies if my comments alienated instead of moving things forward. I've spent a lot of time, a lot of brain cells, and a lot of dialog with fellow advocates trying to tease out the best way to advance this idea of humans first.
I appreciate that ownership is an emotionally compelling and seemingly accessible foundation for individuals trying to wrap their head around user-centric architectures and user-driven services. Having spent over a decade exploring and debating and inventing ways for individuals to take greater control over the information we share--including co-founding and running the Information Sharing Working Group at Kantara for four years--I have found the quick hit from ownership as a metaphor doesn't pay off when you move beyond high concept into actual policies and technologies.
Ownership is problematic as a foundation for three reasons. First, lack of a legal regime, second, alienability, and third, effervescence & first sale doctrine.
The first I have actually railed against (as a property advocate) for years. If there is no property regime that handles information in today's legal framework, then let us create one! Ownership is a specific bundle of rights, constructed from a combination of common, statutory, and case law. So, why not do the work and figure out the "correct" bundle of rights that would apply in some reasonable way to personal information? I still believe that would be a more resonant solution than GDPR, although it is, in fact, what GDPR is constructing: a set of rights and responsibilities attached to information about data subjects. Although they don't call it property, it is, in effect, constructing a new category of informational property rights in "personal data". The problem is, even with the de facto ownership regime of GDPR, there remains no regime whatsoever that applies in the US and I expect that is true in the rest of the world as well. And because of how GDPR is written, one can't apply standard notions of property. It's all new ground.
The second is that property is alienable. There are good reasons "pursuit of happiness" replaced "property" in that famous triplet in the Declaration of Independence. Even the constitution merely recognizes citizens' rights against unreasonable search and seizure. Reasonable seizure is completely constitutional. The state seizes property on a regular basis through civil forfeiture and eminent domain. So, even if there were a property regime under which we could establish rules for self-sovereign identity, its basis in property would mean even local municipalities and police departments could legally violate that property. Self-sovereign identity comes from a deeper place than this.
If self-sovereignty comes from ownership, then ownership precedes sovereignty. Since ownership is fundamentally a social contract, that would mean that our sovereignty depends on what society allows us to be. That's not right. Self-sovereignty, at its core, must precede the social contract. This is Devon Loffretto's life work, restoring the self-sovereignty we once had before nation states reduced individuals to citizens and numbers.
The third is that if we base SSI on property, we lose the authority to deal with independent inference and acquisition as well as the ability to have control or influence over information we have already given to someone else. Perhaps the strongest point of GDPR is that it doesn't matter where the data came from. Whether it was acquired from observation, from third parties, inferred by analytics, shared by a second party (e.g., a friend posting a pic of you at their Monday night gathering), or given directly to the data controller or processor.
Information about us effervesces. It bubbles up unbidden and we ought to have influence over that data, even though we aren't the source. Plus, even when we are the source, if we give information to someone, there is no property regime that would let us continue to retain ownership unless specifically wrapped in the mechanisms of trade secrets--and to be clear, almost NONE of our online activity is covered by trade secrets.
If we wanted to control the re-use of information we share--attaching terms of use--the first sale doctrine makes that option challenging:
The first sale doctrine, codified at 17 U.S.C. § 109, provides that an individual who knowingly purchases a copy of a copyrighted work from the copyright holder receives the right to sell, display or otherwise dispose of that particular copy, notwithstanding the interests of the copyright owner. https://www.justice.gov/usam/criminal-resource-manual-1854-copyright-infringement-first-sale-doctrine
In the Information Sharing Working Group, we invested years drafting and advocating for a standard information sharing agreement. It was a lot of work, which ultimately failed to get the market support from either individuals or corporations. The idea was, quite simply, to use the point of sharing information to bootstrap an agreement--based on standard terms for 95% of the legal matter with ~5% specific to that instance of sharing. It's still probably the best architecture for some sort of user-directed terms of use. But I no longer believe it is a viable path forward. In part because of the first sale doctrine, but also because without a definitive shift in power, the individual has no traction for changing the unilateral TOSs we operate in within the US. GDPR has provided that shift in Europe. There's nothing anywhere else that comes close.
Instead of a property based approach, if self-sovereignty is the first principle of social interaction: the acknowledgement of a peer, that an individual's authority is supreme within their domain and that all people deserve respect, then participation in the social contract, and the very notion of property, emerges from this negotiated agreement between peers. In this construction, the moral authority behind self-sovereign identity depends not on some legal notion of property, but rather on the fundamental, inalienable right to control our own manifestation.
We exist. Our existence is our most fundamental fact, our control over our self is our most fundamental freedom. As digital systems create representations of us, a free society demands that individuals be given a voice in deciding how those representations are created and used. Not because we own that data, but because individual human beings are the ONLY valid source for any moral authority. Because human dignity demands that individuals be treated with respect no matter which systems they interact with. Without that, we become nothing but data in the machine. Entries in a ledger to be managed, problems to be solved.
I am working on my own document to illustrate my point of view. How do I submit it to this group?
I find that when I think about self-sovereign identity on my own in abstract terms it all makes sense. When I try and narrow my perspective to what can be understood and realistically lived by a wide group of people and situations, things get very tricky. I am thus trying to stay away from even needing a precise definition of personal sovereignty and instead focusing on the underlying controls that are needed to represent a human identity online, no matter what the specific requirements of self sovereign digital identity are.
The only thing at our disposal for protecting an online identity are encryption and transactional anonymity. Both come down to a secret private key and such secret private keys are used to own private spaces of data.
I see self sovereign digital identities (I actually like the term even though it is a somewhat abstract notion) as realizable using cryptographic claims and thus instances of private data spaces.
It thus comes down to:
To attach this model, through which self-controlled digital identity may arise, to individual sovereign human beings it must be recognized that a person can own a private key and its associated private data space and such ownership must be protected by law to the greatest extent possible.
IMO we (technical folks) must focus on the technology that can enable ideal self-sovereign digital identity without needing a precise path to realization as actual/ideal realization is tied to innumerable hurdles none of which are solvable by this group nor in short time by a large number of peers from other professions.
If self-sovereignty comes from ownership, then ownership precedes sovereignty. Since ownership is fundamentally a social contract, that would mean that our sovereignty depends on what society allows us to be. That's not right. Self-sovereignty, at its core, must precede the social contract.
In the model I am proposing, self-sovereignty is original and unquestionable and it is brought online via private data spaces owned by individuals. There is no consideration of what a private data space contains or how many there are. That is up to the individual.
Perhaps the strongest point of GDPR is that it doesn't matter where the data came from.
This is consistent with my position that there is only data private to an individual and data known about an individual by others and no ownership of it. The only ownership you have is about the disclosure of it which GDPR extends to data inferred about you which goes beyond the considerations of the basic building block I am trying to establish.
Information about us effervesces. It bubbles up unbidden and we ought to have influence over that data, even though we aren't the source. Plus, even when we are the source, if we give information to someone, there is no property regime that would let us continue to retain ownership
We ought to but as stated in various formulations, what others gather about us is really out of our control. One major problem that is arising in our digital world is that there are centralized systems correlating huge amounts of data about us for purposes that are counter to the individual. IMO this seems to be what GDPR is trying to address by correcting privacy violating behaviour. We are going to need much more than GDPR to solve this problems on all dimensions.
If we wanted to control the re-use of information we share--attaching terms of use--the first sale doctrine makes that option challenging
I don't see how the first sale doctrine fits into this. It states that an individual who knowingly purchases a copy of a copyrighted work from the copyright holder. If we are speaking to identity information, when does an individual "sell" their information a third party? By agreeing to the terms and conditions of a website? If so then people must only use websites that do not "purchase" the user's data. If I transact with a party (no money exchanged) and disclose something about myself, how does that party have the right to sell, display or otherwise dispose of that particular copy? This all seems to be rooted in contract law for me. GDPR seems to be changing what some of the default contractual terms are.
Instead of a property based approach, if self-sovereignty is the first principle of social interaction: the acknowledgement of a peer, that an individual's authority is supreme within their domain and that all people deserve respect, then participation in the social contract, and the very notion of property, emerges from this negotiated agreement between peers.
Exactly. A person can choose to disclose information about themselves, can choose to have other parties verify information about themselves and can choose not to participate in other public agreements. There is no need for central authorities or databases like the UN is seemingly trying to establish. There is no one party that holds all information. The entire trust model is based on social interaction of individuals with other individuals and groups.
As a sovereign individual, I presume the right / liberty to create infinite independent aliases. In fact, though the physical, biological being typing into this box can be seen from a certain point of view as a single organism, I claim that "I" am not one being. I am many different beings depending on context.
Let me illustrate with a single small use-case. As part of my professional life, I provide confidential services to a variety of individuals and corporate entities where I am representing them in some capacity. Under any variety of circumstances, it could be damaging to one or another of those clients for it to be known that "I" am providing such services to them and also to one or more other specific people / entities. Thus in order for my work with them to be safe for them, I MUST have the ability to create aliases that are independent of one another so that I may represent one client without in any way connecting them with any other of my clients.
This would be impossible under a system of a bound, 1:1 matching between a biological identity and a digital representation thereof. Part of my professional life becomes impossible under that scenario.
Hence I favor @cadorn's approach thumbnailed above where an "online" (digital) identity is based on a private key and that private key is owned by a human individual, who may own indefinitely many other private keys each of which can be the basis for an independent digital persona.
As a tangent to the above, while it seems laudable to try to ground whatever technical recommendations and/or products this project will eventually produce in some kind of first principles, it seems unlikely to me that you/we are going to come up with a formulation that satisfactorily solves the problem of the nature of identity any time soon, if ever. People have been going at that for a couple thousand years at least. But if you relax the need to solve that problem, I think a pragmatic approach that could have working deliverables that could make a difference in the real world could be based on the approach that @cadorn sketched above.
Like it or not, there is a large diverse community of people now using the term "Self Sovereign Identity". IMO, it will be much easier to morph the definition to align with new thinking than to rename it.
If I was to move this Self Sovereign Identity Conception Project forward I would steer away from defining the qualities of self sovereign identity and instead first focus on defining the principles and capabilities of self sovereign identity containers. It may then be determined if such a container is adequate in representing human identity digitally and if such a concept is acceptable to peers in other disciplines. Without recognition by many in other disciplines you have nothing of value as the primary objective is to solve this problem for all.
All we can offer are mechanisms to contain digital identities by restricting them to a private space that an individual may control via private keys. We ought to define what a Self Sovereign Identity Container is, the principles it must follow and the requirements it must meet. This must go hand-in-hand with the practical implications of using such a container online, specifically as it pertains to inadvertently disclosing identifying information.
I see there being different types of Self Sovereign Identity Containers and many implementations of such where each follows unique guiding principles in an effort to achieve digital human identity in a specific context with specific security considerations.
IMO if this group leads the way in defining what a Self Sovereign Identity Container is, how it lives in a larger ecosystem and provides tests to compare different container implementations, we have something valuable to move forward without needing to precisely define what human identity is. In the self-sovereign spirit, such a definition is for each of us to determine and live by individually. All we need is software tools and an ecosystem to accommodate what each of us see.
We will never all agree on what identity is but I can see us agreeing on approaches to contain identity for specific purposes. I am proposing a technically functional approach which can evolve over time rather than a lowest common denominator philosophical approach we must get right from the start.
Yet another variant on Principal #1 Existence from https://www.newamerica.org/future-property-rights/blog/fpr-principles-identity/ by timothy robustelli (Twitter @fp_robo, github unknown)
- Inclusion (Identity should be available to all). Every individual should be provided with an identity from birth to death. Enrollment processes cannot discriminate against an individual due to ethnicity, gender, socioeconomic status, illiteracy, language, a lack of resources, or technological ineptitude. An identity platform should ensure minimum cost to the end user in order to maximize inclusion.
FWIW, here's an eloquent article by Dee Hock (founder of the unconference among other accomplishments) about the source and consequence of individual sovereignty.
http://www.deewhock.com/blog/2018/1/21/sovereignty
The opening lays it bare:
EVERY CHILD ON THIS PLANET IS BORN SOVEREIGN OF THEIR OWN LIFE.
Good article by Elizabeth M. Renieris & Dazza Greenwood on Property Law & Human Rights orientations on Identity: https://medium.com/@hackylawyER/do-we-really-want-to-sell-ourselves-the-risks-of-a-property-law-paradigm-for-data-ownership-b217e42edffa
@jandrieu, @nsmolenski, @shannona, @cboscolo, @msporny, @matthewjosef, @kimdhamilton
To begin the processing of reviewing and updating the 10 principles by end of summer, I'm starting here with a discussion on the first principle: Existence. I'd like to wrap this discussion on this principle in 2 weeks (2017-03-27) and go on to the next.
In the original Self-Sovereign Identity Principles, the first principle was:
My format for each principle was simplest couple of words, then an imperative sentence, then a more complete paragraph.
In the Self-Sovereign Bill of Rights it was expressed as:
My challenge with this second version is I thought was was trying to say in the original that digital identity can't be all of who you are, Thus my first principle was we must accept that everyone is more than their digital shadow. For instance, part of the problem with Aadhaar is that you are either in the system, or it become too easy that you are not a person. Dignity of the individual, not their digital shadow is first priority.
@cboscolo — what was I missing that made you change it to your text?
Any ideas on how to express this principle better, without falling into things that should go into subsequent principles?