Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Revising Principle "Control. Users must control their identities." #8

Open
ChristopherA opened this issue Jul 13, 2018 · 0 comments
Open

Comments

@ChristopherA
Copy link
Member

@jandrieu, @nsmolenski, @shannona, @cboscolo, @msporny, @matthewjosef, @kimdhamilton, @cadorn, @aquabu, @pjv

We probably started this project with the hardest one: existence. However, hopefully we can tackle revising the principle of control more easily and rapidly.

The goal is to complete this one by the end of July, so we can move on to revising principles 3-10 before the next #RebootingWebOfTrust in Toronto on September 24th-26th.

From the original self-sovereign identity principles: https://github.com/WebOfTrustInfo/self-sovereign-identity/blob/master/ThePathToSelf-SovereignIdentity.md :

Control. Users must control their identities. Subject to well-understood and secure algorithms that ensure the continued validity of an identity and its claims, the user is the ultimate authority on their identity. They should always be able to refer to it, update it, or even hide it. They must be able to choose celebrity or privacy as they prefer. This doesn’t mean that a user controls all of the claims on their identity: other users may make claims about a user, but they should not be central to the identity itself.

A variant from the Self-Sovereign Identity Bill of Rights https://github.com/WebOfTrustInfo/self-sovereign-identity/blob/master/self-sovereign-identity-bill-of-rights.md :

Individuals must have the tools to access and control their identities. Self-sovereign identity holders must be able to easily retrieve identity attributes and verified claims as well as any metadata that has been generated in the process of transactions. There can be no personally identifiable information (PII) data that is hidden from the identity holder. This includes management, updating or changing identity attributes, and keeping private what they choose.

From Future Property Rights Principles of Identity https://www.newamerica.org/future-property-rights/blog/fpr-principles-identity/ (by timothy robustelli):

  1. Control (Users must control their identities) An individual must have ultimate authority over their identity and all related data. Storage should be decentralized to the greatest extent possible. It is the user's prerogative to update, share, and hide any information. Solution administrators and/or stewards must be prohibited from revoking a user's identity.

A common misunderstanding of the Control principal that critics harp on is that is you don't have total control. Instead, I find my more recent explanation of this posted on Twitter at https://twitter.com/ChristopherA/status/989121010493526016 helpful:

Self-Sovereignty doesn’t mean that you are in complete control. But it does define the borders within which you can make decisions and outside of which you negotiate with others as peers, not as a petitioner.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant