Self-Sovereign Identity: Decentralized digital identity and verifiable credentials
- Length: 504 pages
- Edition: 1
- Language: English
- Publisher: Manning Publications
- Publication Date: 2021-06-08
- ISBN-10: 1617296597
- ISBN-13: 9781617296598
- Sales Rank: #103360 (See Top 100 Books)
In Self-Sovereign Identity: Decentralized digital identity and verifiable credentials, you’ll learn how SSI empowers us to receive digitally-signed credentials, store them in private wallets, and securely prove our online identities.
Summary
In a world of changing privacy regulations, identity theft, and online anonymity, identity is a precious and complex concept. Self-Sovereign Identity (SSI) is a set of technologies that move control of digital identity from third party “identity providers” directly to individuals, and it promises to be one of the most important trends for the coming decades. Now in Self-Sovereign Identity, privacy and personal data experts Drummond Reed and Alex Preukschat lay out a roadmap for a future of personal sovereignty powered by the Blockchain and cryptography. Cutting through the technical jargon with dozens of practical use cases from experts across all major industries, it presents a clear and compelling argument for why SSI is a paradigm shift, and shows how you can be ready to be prepared for it.
Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.
About the technology
Trust on the internet is at an all-time low. Large corporations and institutions control our personal data because we’ve never had a simple, safe, strong way to prove who we are online. Self-sovereign identity (SSI) changes all that.
About the book
In Self-Sovereign Identity: Decentralized digital identity and verifiable credentials, you’ll learn how SSI empowers us to receive digitally-signed credentials, store them in private wallets, and securely prove our online identities. It combines a clear, jargon-free introduction to this blockchain-inspired paradigm shift with interesting essays written by its leading practitioners. Whether for property transfer, ebanking, frictionless travel, or personalized services, the SSI model for digital trust will reshape our collective future.
What’s inside
The architecture of SSI software and services
The technical, legal, and governance concepts behind SSI
How SSI affects global business industry-by-industry
Emerging standards for SSI
About the reader
For technology and business readers. No prior SSI, cryptography, or blockchain experience required.
About the authors
Drummond Reed is the Chief Trust Officer at Evernym, a technology leader in SSI. Alex Preukschat is the co-founder of SSIMeetup.org and AlianzaBlockchain.org.
Table of Contents
PART 1: AN INTRODUCTION TO SSI
1 Why the internet is missing an identity layer—and why SSI can finally provide one
2 The basic building blocks of SSI
3 Example scenarios showing how SSI works
4 SSI Scorecard: Major features and benefits of SSI
PART 2: SSI TECHNOLOGY
5 SSI architecture: The big picture
6 Basic cryptography techniques for SSI
7 Verifiable credentials
8 Decentralized identifiers
9 Digital wallets and digital agents
10 Decentralized key management
11 SSI governance frameworks
PART 3: DECENTRALIZATION AS A MODEL FOR LIFE
12 How open source software helps you control your self-sovereign identity
13 Cypherpunks: The origin of decentralization
14 Decentralized identity for a peaceful society
15 Belief systems as drivers for technology choices in decentralization
16 The origins of the SSI community
17 Identity is money
PART 4: HOW SSI WILL CHANGE YOUR BUSINESS
18 Explaining the value of SSI to business
19 The Internet of Things opportunity
20 Animal care and guardianship just became crystal clear
21 Open democracy, voting, and SSI
22 Healthcare supply chain powered by SSI
23 Canada: Enabling self-sovereign identity
24 From eIDAS to SSI in the European Union
Self-Sovereign Identity Copyright dedication contents front matter preface acknowledgments about this book Who should read this book About the code liveBook discussion forum Other online resources about the authors about the cover illustration Part 1 An introduction to SSI 1 Why the internet is missing an identity layer—and why SSI can finally provide one 1.1 How bad has the problem become? 1.2 Enter blockchain technology and decentralization 1.3 The three models of digital identity 1.3.1 The centralized identity model 1.3.2 The federated identity model 1.3.3 The decentralized identity model 1.4 Why “self-sovereign”? 1.5 Why is SSI so important? 1.6 Market drivers for SSI 1.6.1 E-commerce 1.6.2 Banking and finance 1.6.3 Healthcare 1.6.4 Travel 1.7 Major challenges to SSI adoption 1.7.1 Building out the new SSI ecosystem 1.7.2 Decentralized key management 1.7.3 Offline access References 2 The basic building blocks of SSI 2.1 Verifiable credentials 2.2 Issuers, holders, and verifiers 2.3 Digital wallets 2.4 Digital agents 2.5 Decentralized identifiers (DIDs) 2.6 Blockchains and other verifiable data registries 2.7 Governance frameworks 2.8 Summarizing the building blocks References 3 Example scenarios showing how SSI works 3.1 A simple notation for SSI scenario diagrams 3.2 Scenario 1: Bob meets Alice at a conference 3.3 Scenario 2: Bob meets Alice through her online blog 3.4 Scenario 3: Bob logs in to Alice’s blog to leave a comment 3.5 Scenario 4: Bob meets Alice through an online dating site 3.6 Scenario 5: Alice applies for a new bank account 3.7 Scenario 6: Alice buys a car 3.8 Scenario 7: Alice sells the car to Bob 3.9 Scenario summary Reference 4 SSI Scorecard: Major features and benefits of SSI 4.1 Feature/benefit category 1: Bottom line 4.1.1 Fraud reduction 4.1.2 Reduced customer onboarding costs 4.1.3 Improved e-commerce sales 4.1.4 Reduced customer service costs 4.1.5 New credential issuer revenue 4.2 Feature/benefit category 2: Business efficiencies 4.2.1 Auto-authentication 4.2.2 Auto-authorization 4.2.3 Workflow automation 4.2.4 Delegation and guardianship 4.2.5 Payment and value exchange 4.3 Feature/benefit category 3: User experience and convenience 4.3.1 Auto-authentication 4.3.2 Auto-authorization 4.3.3 Workflow automation 4.3.4 Delegation and guardianship 4.3.5 Payment and value exchange 4.4 Feature/benefit category 4: Relationship management 4.4.1 Mutual authentication 4.4.2 Permanent connections 4.4.3 Premium private channels 4.4.4 Reputation management 4.4.5 Loyalty and rewards programs 4.5 Feature/benefit category 5: Regulatory compliance 4.5.1 Data security 4.5.2 Data privacy 4.5.3 Data protection 4.5.4 Data portability 4.5.5 RegTech (Regulation Technology) References Part 2 SSI technology 5 SSI architecture: The big picture 5.1 The SSI stack 5.2 Layer 1: Identifiers and public keys 5.2.1 Blockchains as DID registries 5.2.2 Adapting general-purpose public blockchains for SSI 5.2.3 Special-purpose blockchains designed for SSI 5.2.4 Conventional databases as DID registries 5.2.5 Peer-to-peer protocols as DID registries 5.3 Layer 2: Secure communication and interfaces 5.3.1 Protocol design options 5.3.2 Web-based protocol design using TLS 5.3.3 Message-based protocol design using DIDComm 5.3.4 Interface design options 5.3.5 API-oriented interface design using wallet Dapps 5.3.6 Data-oriented interface design using identity hubs (encrypted data vaults) 5.3.7 Message-oriented interface design using agents 5.4 Layer 3: Credentials 5.4.1 JSON Web Token (JWT) format 5.4.2 Blockcerts format 5.4.3 W3C verifiable credential formats 5.4.4 Credential exchange protocols 5.5 Layer 4: Governance frameworks 5.6 Potential for convergence References 6 Basic cryptography techniques for SSI 6.1 Hash functions 6.1.1 Types of hash functions 6.1.2 Using hash functions in SSI 6.2 Encryption 6.2.1 Symmetric-key cryptography 6.2.2 Asymmetric-key cryptography 6.3 Digital signatures 6.4 Verifiable data structures 6.4.1 Cryptographic accumulators 6.4.2 Merkle trees 6.4.3 Patricia tries 6.4.4 Merkle-Patricia trie: A hybrid approach 6.5 Proofs 6.5.1 Zero-knowledge proofs 6.5.2 ZKP applications for SSI 6.5.3 A final note about proofs and veracity References 7 Verifiable credentials 7.1 Example uses of VCs 7.1.1 Opening a bank account 7.1.2 Receiving a free local access pass 7.1.3 Using an electronic prescription 7.2 The VC ecosystem 7.3 The VC trust model 7.3.1 Federated identity management vs. VCs 7.3.2 Specific trust relationships in the VC trust model 7.3.3 Bottom-up trust 7.4 W3C and the VC standardization process 7.5 Syntactic representations 7.5.1 JSON 7.5.2 Beyond JSON: Adding standardized properties 7.5.3 JSON-LD 7.5.4 JWT 7.6 Basic VC properties 7.7 Verifiable presentations 7.8 More advanced VC properties 7.8.1 Refresh service 7.8.2 Disputes 7.8.3 Terms of use 7.8.4 Evidence 7.8.5 When the holder is not the subject 7.9 Extensibility and schemas 7.10 Zero-knowledge proofs 7.11 Protocols and deployments 7.12 Security and privacy evaluation 7.13 Hurdles to adoption References 8 Decentralized identifiers 8.1 The conceptual level: What is a DID? 8.1.1 URIs 8.1.2 URLs 8.1.3 URNs 8.1.4 DIDs 8.2 The functional level: How DIDs work 8.2.1 DID documents 8.2.2 DID methods 8.2.3 DID resolution 8.2.4 DID URLs 8.2.5 Comparison with the Domain Name System (DNS) 8.2.6 Comparison with URNs and other persistent Identifiers 8.2.7 Types of DIDs 8.3 The architectural level: Why DIDs work 8.3.1 The core problem of Public Key Infrastructure (PKI) 8.3.2 Solution 1: The conventional PKI model 8.3.3 Solution 2: The web-of-trust model 8.3.4 Solution 3: Public key-based identifiers 8.3.5 Solution 4: DIDs and DID documents 8.4 Four benefits of DIDs that go beyond PKI 8.4.1 Beyond PKI benefit 1: Guardianship and controllership 8.4.2 Beyond PKI benefit 2: Service endpoint discovery 8.4.3 Beyond PKI benefit 3: DID-to-DID connections 8.4.4 Beyond PKI benefit 4: Privacy by design at scale 8.5 The semantic level: What DIDs mean 8.5.1 The meaning of an address 8.5.2 DID networks and digital trust ecosystems 8.5.3 Why isn’t a DID human-meaningful? 8.5.4 What does a DID identify? 9 Digital wallets and digital agents 9.1 What is a digital wallet, and what does it typically contain? 9.2 What is a digital agent, and how does it typically work with a digital wallet? 9.3 An example scenario 9.4 Design principles for SSI digital wallets and agents 9.4.1 Portable and Open-By-Default 9.4.2 Consent-driven 9.4.3 Privacy by design 9.4.4 Security by design 9.5 Basic anatomy of an SSI digital wallet and agent 9.6 Standard features of end-user digital wallets and agents 9.6.1 Notifications and user experience 9.6.2 Connecting: Establishing new digital trust relationships 9.6.3 Receiving, offering, and presenting digital credentials 9.6.4 Revoking and expiring digital credentials 9.6.5 Authenticating: Logging you in 9.6.6 Applying digital signatures 9.7 Backup and recovery 9.7.1 Automatic encrypted backup 9.7.2 Offline recovery 9.7.3 Social recovery 9.7.4 Multi-device recovery 9.8 Advanced features of wallets and agents 9.8.1 Multiple-device support and wallet synchronization 9.8.2 Offline operations 9.8.3 Verifying the verifier 9.8.4 Compliance and monitoring 9.8.5 Secure data storage (vault) support 9.8.6 Schemas and overlays 9.8.7 Emergencies 9.8.8 Insurance 9.9 Enterprise wallets 9.9.1 Delegation (rights, roles, permissions) 9.9.2 Scale 9.9.3 Specialized wallets and agents 9.9.4 Credential revocation 9.9.5 Special security considerations 9.10 Guardianship and delegation 9.10.1 Guardian wallets 9.10.2 Guardian delegates and guardian credentials 9.11 Certification and accreditation 9.12 The Wallet Wars: The evolving digital wallet/agent marketplace 9.12.1 Who 9.12.2 What 9.12.3 How Reference 10 Decentralized key management 10.1 Why any form of digital key management is hard 10.2 Standards and best practices for conventional key management 10.3 The starting point for key management architecture: Roots of trust 10.4 The special challenges of decentralized key management 10.5 The new tools that VCs, DIDs, and SSI bring to decentralized key management 10.5.1 Separating identity verification from public key verification 10.5.2 Using VCs for proof of identity 10.5.3 Automatic key rotation 10.5.4 Automatic encrypted backup with both offline and social recovery methods 10.5.5 Digital guardianship 10.6 Key management with ledger-based DID methods (algorithmic roots of trust) 10.7 Key management with peer-based DID methods (self-certifying roots of trust) 10.8 Fully autonomous decentralized key management with Key Event Receipt Infrastructure (KERI) 10.8.1 Self-certifying identifiers as a root of trust 10.8.2 Self-certifying key event logs 10.8.3 Witnesses for key event logs 10.8.4 Pre-rotation as simple, safe, scalable protection against key compromise 10.8.5 System-independent validation (ambient verifiability) 10.8.6 Delegated self-certifying identifiers for enterprise-class key management 10.8.7 Compatibility with the GDPR “right to be forgotten” 10.8.8 KERI standardization and the KERI DID method 10.8.9 A trust-spanning layer for the internet 10.9 Key takeaways References 11 SSI governance frameworks 11.1 Governance frameworks and trust frameworks: Some background 11.2 The governance trust triangle 11.3 The Trust over IP governance stack 11.3.1 Layer 1: Utility governance frameworks 11.3.2 Layer 2: Provider governance frameworks 11.3.3 Layer 3: Credential governance frameworks 11.3.4 Layer 4: Ecosystem governance frameworks 11.4 The role of the governance authority 11.5 What specific problems can governance frameworks solve? 11.5.1 Discovery of authoritative issuers and verified members 11.5.2 Anti-coercion 11.5.3 Certification, accreditation, and trust assurance 11.5.4 Levels of assurance (LOAs) 11.5.5 Business rules 11.5.6 Liability and insurance 11.6 What are the typical elements of a governance framework? 11.6.1 Master document 11.6.2 Glossary 11.6.3 Risk assessment, trust assurance, and certification 11.6.4 Governance rules 11.6.5 Business rules 11.6.6 Technical rules 11.6.7 Information trust rules 11.6.8 Inclusion, equitability, and accessibility rules 11.6.9 Legal agreements 11.7 Digital guardianship 11.8 Legal enforcement 11.9 Examples References Part 3 Decentralization as a model for life 12 How open source software helps you control your self-sovereign identity 12.1 The origin of free software 12.2 Wooing businesses with open source 12.3 How open source works in practice 12.4 Open source and digital identities References 13 Cypherpunks: The origin of decentralization 13.1 The origins of modern cryptography 13.2 The birth of the cypherpunk movement 13.3 Digital freedom, digital cash, and decentralization 13.4 From cryptography to cryptocurrency to credentials References 14 Decentralized identity for a peaceful society 14.1 Technology and society 14.2 A global civil society 14.3 Identity as a source of conflict 14.4 Identity as a source of peace References 15 Belief systems as drivers for technology choices in decentralization 15.1 What is a belief system? 15.2 Blockchain and DLT as belief systems 15.2.1 Blockchain “believers” 15.2.2 DLT “believers” 15.3 How are blockchains and DLTs relevant to SSI? 15.4 Characterizing differences between blockchain and DLT 15.4.1 Governance: How open is the network to open participation? 15.4.2 Censorship resistance: How centralized is trust? 15.4.3 Openness: Who can run a node? 15.5 Why “believers” and not “proponents” or “partisans”? 15.5.1 How do we measure decentralization? 15.6 Technical advantages of decentralization References 16 The origins of the SSI community 16.1 The birth of the internet 16.2 Losing control over our personal information 16.3 Pretty Good Privacy 16.4 International Planetwork Conference 16.5 Augmented Social Network and Identity Commons 16.6 The Laws of Identity 16.7 Internet Identity Workshop 16.8 Increasing support of user control 16.9 Rebooting the Web of Trust 16.10 Agenda for Sustainable Development and ID2020 16.11 Early state interest 16.12 MyData and Learning Machine 16.13 Verifiable Claims Working Group, Decentralized Identity Foundation, and Hyperledger Indy 16.14 Increasing state support for SSI 16.15 Ethereum identity 16.16 World Economic Forum reports 16.17 First production government demo of an SSI-supporting ledger 16.18 SSI Meetup 16.19 Official W3C standards 16.20 Only the beginning References 17 Identity is money 17.1 Going back to the starting point 17.2 Identity as the source of relationships and value 17.3 The properties of money 17.4 The three functions of money 17.5 The tokenization of value with identity References Part 4 How SSI will change your business 18 Explaining the value of SSI to business 18.1 How might we best explain SSI to people and organizations? 18.1.1 Failed experiment 1: Leading with the technology 18.1.2 Failed experiment 2: Leading with the philosophy 18.1.3 Failed experiment 3: Explaining by demonstrating the tech 18.1.4 Failed experiment 4: Explaining the (world’s) problems 18.2 Learning from other domains 18.3 So how should we best explain the value of SSI? 18.4 The power of stories 18.5 Jackie’s SSI story 18.5.1 Part 1: The current physical world 18.5.2 Part 2: The SSI world—like the current physical world, but better 18.5.3 Part 3: Introducing the Sparkly Ball1—or, what’s wrong with many current digital identity models 18.6 SSI Scorecard for apartment leasing Reference 19 The Internet of Things opportunity 19.1 IoT: Connecting everything safely 19.2 How does SSI help IoT? 19.3 The business perspective for SSI and IoT 19.4 An SSI-based IoT architecture 19.5 Tragic story: Bob’s car hacked 19.6 The Austrian Power Grid 19.7 SSI Scorecard for IoT References 20 Animal care and guardianship just became crystal clear 20.1 Enter Mei and Bailey 20.1.1 Bailey gets a self-sovereign identity 20.1.2 Guardianship transfer 20.1.3 Vacation for Mei and Bailey 20.1.4 A storm and separation 20.1.5 Lost and found at your fingertips 20.2 Digital identity unlocks opportunities for the well-being of animals and people 20.3 SSI for animals reaffirms their inherent worth 20.4 SSI Scorecard for pets and other animals 21 Open democracy, voting, and SSI 21.1 The problems with postal voting 21.2 The problems with e-voting 21.3 Estonia: A case study 21.4 The three pillars of voting 21.4.1 A state’s bill of needs 21.4.2 A voter’s bill of rights 21.5 The advantages of SSI 21.5.1 SSI Scorecard for voting References 22 Healthcare supply chain powered by SSI 22.1 Emma’s story 22.2 Supply chain transparency and efficiency through SSI 22.3 Industry ecosystem efficiency powered by SSI 22.4 Future supply chain transformation across industries: The big picture 22.5 Eliminating waste 22.6 Authentication and quality 22.7 SSI Scorecard for the pharma supply chain References 23 Canada: Enabling self-sovereign identity 23.1 The Canadian context 23.2 The Canadian approach and policy framework 23.3 The Pan-Canadian Trust Framework 23.4 The normative core 23.5 Mutual recognition 23.6 Digital ecosystem roles 23.7 Supporting infrastructure 23.8 Mapping the SSI stack to the PCTF model 23.9 Using the Verifiable Credentials Model 23.10 Enabling Self-Sovereign Identity 23.11 SSI Scorecard for the Pan-Canadian Trust Framework 24 From eIDAS to SSI in the European Union 24.1 PKI: The first regulated identity service facility in the EU 24.2 The EU legal framework 24.3 The EU identity federation 24.3.1 The legal concept of electronic identification (eID) 24.3.2 The scope of the eIDAS FIM Regulation and its relationship with national law 24.4 Summarizing the value of eIDAS for SSI adoption 24.5 Scenarios for the adoption of SSI in the EU identity metasystem 24.6 SSI Scorecard for the EBSI References appendix A Additional Livebook chapters Chapter 25: SSI, payments, and financial services Chapter 26: Solving organizational identity with vLEIs Chapter 27: SSI and healthcare Chapter 28: Enterprise identity and access management realized with SSI Chapter 29: Insurance reinvented with SSI Chapter 30: Enabling SSI in humanitarian contexts Chapter 31: Guardianship and other forms of Delegated Authority with Self-Sovereign Identity Chapter 32: Design principles for SSI Chapter 33: SSI: Our dystopian nightmare Chapter 34: Trust assurance in SSI ecosystems Chapter 35: The evolution of gaming with SSI appendix B Landmark essays on SSI “The Domains of Identity” “New Hope for Digital Identity” “The Architecture of Identity Systems” “Three Dimensions of Identity” “Meta-Platforms and Cooperative Network-of-Network Effects” “Verifiable Credentials Aren’t Credentials. They’re Containers.” “The Seven Deadly Sins of Customer Relationships” appendix C The path to self-sovereign identity You can’t spell “identity” without an “I” The evolution of identity Phase one: Centralized identity (administrative control by a single authority or hierarchy) Phase two: Federated identity (administrative control by multiple, federated authorities) Phase three: User-centric identity (individual or administrative control across multiple authorities without requiring a federation) Phase four: Self-sovereign identity (individual control across any number of authorities) A definition of self-sovereign identity Ten principles of self-sovereign identity Conclusion appendix D Identity in the Ethereum blockchain ecosystem Identity on the blockchain The keys to identity On-chain identity solutions ERC 725 v2: “Proxy Account” The owner The key-value store The public on-chain identity Off-chain identity solutions ERC 1056: “Lightweight Identity” The lightweight registry Owner and delegates Other ERCs Conclusion appendix E The principles of SSI index contributing authors
Donate to keep this site alive
How to download source code?
1. Go to: https://www.manning.com
2. Search the book title: Self-Sovereign Identity: Decentralized digital identity and verifiable credentials
, sometime you may not get the results, please search the main title
3. Click the book title in the search results
3. resources
section, click Source Code
.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.