Discuss "Identity profile"

[satazor]

I would like to schedule a discussion & brainstorm session around Identity Profile. Please fill in the doodle so that we can find a good match for the meeting: https://doodle.com/poll/nrrb9mr5u6wz2qft

DIDs gives as globally unique and secure identifier for each identity while Verifiable Credentials augment that DID with information, including personal information and social proofs. This "union" between DIDs and Verifiable Claims is new and is still being spec'ed. The Identity Profile packs all the meaningful information for DApps and other tools to KYC.

Agenda:

1. Discuss privacy around the Identity Profiles: public vs private, principle of Minimum Disclosure. Three different non-exclusive approaches:
   • The identity profile is passed just one-time when authenticating; one chooses what to disclose about the identity
   • The identity profile is passed when authenticating, alongside a revocable token to retrieve the identity profile in the future; one chooses what to disclose about the identity
   • There's a public identity profile that can be fetched at any time by any DApp
     • DApps could link any identity profile profile in the data-structures they create, instead of replicating them
     • This would also enable us to do a public search/discovery of identities
     • Private information is passed via the other 2 strategies
2. All the Verifiable Credentials created in a device should be stored and replicated among others.
   • How will they be stored and replicated? Should we use peer-base? Some DIDs, such as uPort, already do this partially, while others don't.
   • Devices can be added and removed (revoked) at any time, which is important for encryption
   • There's an overlap with https://3box.io/ and Identity Hub (similar to Textile's cafes)

[pgte]

Submitted doodle

[satazor]

More info about Identity-Hubs on this whitepaper, which is currently being spec'd by Microsoft within DIF:

DIF Identity Hubs are based on usercontrolled, off-chain, personal datastores. Users, via their DID User Agent apps, determine who they want to share data with, and to what level of granularity. Requests to Identity Hubs are routed based on DPKI metadata called Service Endpoints that’s associated with DIDs. Identity Hubs are a multi-instance personal mesh, where data is edge-encrypted and userpermissioned to ensure privacy by design. Identity Hubs are designed to support a wide range of identity interactions and provide a foundation for serverless, provider-agnostic, decentralized apps. Microsoft believes a widely accepted personal datastore standard is the key to unlocking the most compelling use cases in this new ecosystem and is one of many members in DIF working on the DIF Identity Hub specification and reference implementation. Microsoft will offer an instance of DIF’s Identity Hub as an Azure service that users can select as one of their Identity Hub instances.

Identity Hub hosts are facilitators of storage and message relay. They don’t have the keys to decrypt user data, and users can revoke/remove encrypted data access from any entity. Permissions are signed with their DID keys, and data is encrypted in accordance with them. Details on the specification for Identity Hub permissions will be made available in the coming weeks

A key property of DIF Identity Hubs is that a user can leverage multiple instances across providers and infrastructure boundaries that sync and replicate data to achieve a shared state. But you’re not required to use a provider for your Identity Hub at all: Identity Hubs are open source server technology that you can run on any device or infrastructure. This ensures that your identity data is not bound to any organization, upholding the commitment to decentralization, self-ownership, and user control.

[satazor]

Thanks for filling in the doodle, I've scheduled for Friday, 25 Jan at 3pm GMT+0. You should have received my invitation on the calendar.

Zoom: https://protocol.zoom.us/j/586782711 Notes: https://cryptpad.fr/code/#/2/code/edit/dFSr7NfMvbgzlqHIKDTgejFb/ (I will be filling this soon)

[ghost]

Hello everyone, here are the notes from today's meeting (2019-01-25) regarding the discussion around "Identity Profile":

Notes:

• approach 1: information might get stale ... eg. name changes, email changes, gets married
• use cases
  • completely personal
  • e-commerce - checkout process
  • everybody knows each other
  • zoom / google docs - private document
  • completely public
  • discussify
• @pgte - profile vectors
  • privacy
  • public
  • group private
  • p2p private
  • synchronization
  • discovery
  • social network global index / graph
  • scuttlebutt (invite-based / mutual) - not global
• focus on simplistic problem first as baseline
• verified credential stored locally in dapp (may be encrypted)
  • group encryption?
  • nuances have big impact
• example: share link in zoom to google doc ... request access -> encrypt
• identity hub
  • only facilitates storage
  • facilitates messages
  • computation, API
  • revocation
  • complex
  • do an implementation in 6 months based on IPFS tech?
• uPort, BlockStack have own methods
• identity hub has a lot of features
• low hanging fruit: name + avatar
• @daviddahl - revocation, time limit
  • @satazor - tied to DID spec
  • IPID does not have layered keys - use paper key
  • layered key for IPID would be more complicated
• social proofs come late (Facebook / Twitter, etc.)

[jonnycrunch]

sorry I haven't been very involved in this discussion. Hope to contribute in the future discussions, especially update on IPID. Best, Jonny