Sovereign Identity Model for Digital Ecologies
By Patrick Deegan, PhD
Submitted to the 3rd Rebooting the Web of Trust Technical Workshop as a discussion paper.
- Definition of a next-generation digital identity stack
- Most pressing issue: Standardization of each interface between layers (e.g., emulate OSI model)
- Proposal for some of those layers: RootID, CoreID, and Personas
The world is becoming increasingly interdependent and digital for the individual, the corporation and the nation state. Autonomous robots and Internet of Things devices may soon be as commonplace as PCs and smartphones are today. Robots are machines that can take measurements, plan, and take actions in order to bring about desired outcomes. These systems are widely used for the automation of a manufacturing and supply chain, where physical goods and virtual assets are controlled via computational and algorithmic governance mechanisms. However, there is significant risk when these systems are deployed in real-world, internet connected use cases. In particular, an autonomous robot with many "users" must address many of the same interactive flows that humans experience when transacting internet based entities: authentication, authorization, claim verification, etc. In both cases, these systems may have to exhibit transparency, consistent offline behavior, high assurance, high availability, self-deployment, and self-healing, for example.
This transition to a ubiquity of devices that can sense, think, and act on their own will enable many new opportunities for peer-to-peer transactions. This is especially the case for collaborative, mobile, dexterous and social robots that are situated in human-centric environments and that are serving to bridge interactions between real and virtual worlds. Across the spectrum, the ownership, control and security of one’s personal and legal identity and digital information are becoming aspects of paramount importance. The challenge ahead is to design and implement technological systems that can support an empowered individual and their digital equivalent. In doing so, we may take an ecological approach while implementing global scale permissioned ledger and private network deployments. The following is meant to be a proposal for a schema that may fulfill some of these criteria.
In order to meet the needs of economies of the future that strive for inclusivity, accountability, and long-term sustainability, we may view the individual and the group as one and the same (e.g., system’s engineering model of ‘holon’ and ‘holarchy’). According to Wikipedia, a holon is an “autonomous, self-reliant units that possess a degree of independence and handle contingencies without asking higher authorities for instructions” [https://en.wikipedia.org/wiki/Holon_(philosophy)]. This may be an appropriate model, since in many cases groups of digital actors will form “organically” and bootstrap a localized form of governance, while still being situated and embodied within a larger social, legal, or business context. Moreover, this model calls for online groups to be self-governed and consent to share their information, collaborate and take collective action in order to safeguard the welfare of their e-citizens. The idea is that each node is responsible for setting consensus and enforcing containment so that order and value can emerge without introducing systemic risk or resulting in unintentional or collateral damage. With so much at stake, it is essential that we ensure an appropriate level of trust in order for these new distributed markets and platforms to function efficiently and ultimately deliver value to consumers. It is proposed that Self-Sovereign Identity combined with the notion of a holonic network topology (i.e., identity-centric) may lead us to a scalable and trustworthy digital asset exchange system capable of powering a global scale information economy revolution.
While this future has much promise to improve quality of life, care must be taken when computational/cognitive Artificial Intelligence (AI) and digital services are connected through new virtual and augmented interfaces. This is especially the case when systems such as autonomous vehicles are allowed to impart forces on the real world (i.e., connect to feedback control systems that rely on a network of distributed sensors for truth and express their will through powerful actuators that reside in human environments). Even cybersecurity experts are encouraging a more device and identity centric network topology to mitigate ongoing threats. Therefore, it appears that a next-generation Identity Layer for the internet will be just as central for machines (on their continual evolution to sentience, IMO) as it will be for humans. In particular, Self-Sovereign Identity Systems (SIS) research seems to hold the most promise to mediate the risk of entrusting these devices with critical infrastructure such as transportation or caring for the elderly.
TOPICS OF INTEREST
A foundation for solving the problem of trust on the internet should include these pillars:
(Definition) A secure and distributed form of digital legal identity that is portable and provides the means for independently verifiable claims (including: remote attestation, proof of ownership/attribution, and continuous authentication)
(Perspective) I control my identity and consent to what information is shared, with whom, and for what purpose. I trust that I’m interacting with the correct entities and we are all who we say we are
Digital Assets with Autonomy
(Definition) The protocols and standards that define a container for the principled management and exchange of information and physical assets.
(Perspective) I control my data – its provenance is known and its existence and integrity is cryptographically secured. I control my information and digital assets, even after they have left my personal network (e.g., beyond the perimeter of my private cloud and devices). I am ensured that I control the definitive copy, empowering me to maximize my data’s value and ensuring that I am safe when interacting with powerful machines.
Trust Frameworks and Algorithmic Governance
(Definition) A system for deploying and maintaining independently enforceable computational policies for the management (i.e., govern the state transitions) of immutable records, digital supply chain services, and robust, available, and trustworthy data stores.
(Perspective) I know that an independent mechanism ensures the system cannot be exploited for self-interest. I rely on transparent and automatically enforced rules to ensure counterparty rights and obligations are met.
A MODEL FOR AN IDENTITY STACK
In the real world we have seen rapid shifts in nearly every domain from face-to-face interactions to network mediated transactions that may occur over vast distances, often obfuscating the stakeholders from each other. This introduces governance issues around trust, truth and accountability. Arguably, the technology now exists to create systems that impart effective governance through every layer of the system (i.e., the stack of hardware and software technologies). It turns out that myriad social or personal phenomena are readily measured via the "smart phones" that most of us in the developed nations now carry - inseparably throughout our day. Moreover, vast amounts of data have already been collected and yet much of the potential is still unmet: managed in disparate silos or is just not readily accessible or computable due to any number of reasons or forms that it may take. We are deploying sensors that can record nearly every nuance of any real-world situation at a very rapid pace. Closing the loop on these systems will present the opportunity to automate the coordination of vast resources and bring about desired outcomes. Many use cases will benefit from these advances, however when these systems are able to physically manipulate the real-world, we need to be absolutely certain these advances cannot be abused. Fortunately, recent work is proving that we can enable anonymous transactions while ensuring that counterparties are held accountable for their agreed-to rights and obligations.
Seemingly innocuous, are countless instances where marketing and advertising has been aimed to manipulate our preferences and effect our purchasing behavior. So it brings us to ask the questions around trust and risk:
- Why should we trust technology when we already know it is being used to fundamentally limit our free will and autonomy?
- Who guards the guardians themselves? Who watches the watchmen?
Thus, when designing next generation identity systems, at the core of meeting the rights and obligations required of such systems, is the ability to engender the necessary trust to ensure that all counter-parties are fairly served and risk is sufficiently mitigated. Standards and protocols are needed that can provide the counter-parties with certain assurances that information will be used only in the manner and with the effect that is lawfully appropriate in each context.
In consideration of the following diagram, some use case examples are presented:
- AAUIW to prove that my identifier is valid and I consent to share or be known as any of my chosen digital Identities (Personas with attributes) in a particular context. The Persona (with a one-way binding to the CoreID) can serve to provide a publicly verifiable record of compliance with numerous governance frameworks, processes, etc. The data associated with these Personas should be governed in a similar manner.
- AAUIW to state that I am the only entity that has been associated with and has been in control of a persistent, unique, global identifier (RootID)
- AAUIW to use my mobile device to collect GPS points and execute an algorithmic process to determine my home and work addresses to a verifiable performance metric (e.g., truthiness). I will then use them to generate attributes for my Personas, that can be securely escrowed in order to self-attest compliance with legal identity requirements.
- AAUIW to provide my own re-identifying information to meet standards that will allow nation states and corporations to attest to various attributes of my CoreID, such as citizenship.
- AAUIW to control my RootID and be protected when I need a replacement (e.g, due to temporary loss of control). This RootID must not leak any information about me (re-identifying information) when an attestation of its validity and veracity is expressed (an independently verifiable claim)