Re: concerns about personal data hubs, identity hubs, EDV
Samuel Smith
I want to echo Daniels concerns about SSI at least the sovereignty part. There is a subtle but very important distinction between a proxy service that acts on the behalf of DID controller using end-to-end authentication back to the DID controller and an intermediary service that is authenticated with its own DID to serve up a third parties data. This should be the default.
In some cases, however, (high volume) it may make sense to have a intermediary sign things (versus end-to-end back to originator). But that signing authority should be under the control of the originator controller not the intermediary. KERI includes the concept of hierarchical delegated keys/identifiers. This allows a controller to delegate a set of signing keys/identifiers to a proxy but those keys are controlled by the delegator and may be revoked/rotated away from the intermediary delegate at the discretion of the delegator. This allows true portability of the underlying identifiers. The delegator may merely change delegation via a rotation event to port their signing delegation to a new intermediary. A compliant intermediary would support an API for a new delegate to download the data from the old delegate. The rotation event indicates the control authority of the new delegate to extract the data from the old delegate. This approach when coupled with derived DIDs (see the DAD paper RWOT7) preserves the essential characteristics of self-sovereignty in more hierarchical or complex arrangements.
Samuel M. Smith Ph.D. Founder ProSapien LLC 242 East 600 North, Lindon Utah 84042-1662 USA Office 1.801.768-2769 Mobile 1.801.592.8230 Skype: samuelmsmith NOTICE: This electronic mail message, together with any attachments contains information that may be copyrighted, confidential, proprietary, and/or legally privileged of and/or by ProSapien LLC. This electronic mail message is intended solely for the use of the individual or entity originally named as the intended recipient. If you are not the intended recipient, and have received this message in error, please return immediately this message
|
|