Interview with Kaliya Young (co-founder of the Internet Identity Workshop and co-author of the Comprehensive Guide to Self-Sovereign Identity)

If you follow Kaliya Young on social media, two things are immediately strikingly clear: Kaliya is one of the world’s foremost experts in Digital Identity and she is a strong advocate and a firm believer in a more diverse, inclusive and humane tech industry.

Humans First

Mark Zuckerberg is famous for his motto of “move fast and break things”. This hacker mindset, which favoured speed and disrespect for the status quo in order to build, learn and blitzscale quickly, spread like wildfire in Silicon Valley. 

According to Reid Hoffman, co-founder at Linkedin: “early-stage startups are a lot like pirate ships. Pirates do not convene a committee to decide what to do – they strike quickly, break rules and take risks. And you need this buccaneering spirit to survive when the cannonballs are flying and the odds are against you”. (source)

Start-ups became romantically associated with pirate imagery and spirit. (Steve Jobs even coined the phrase: “It’s better to be a pirate than to join the navy” and hanged a jolly roger in the Apple offices). Entrepreneurs were swashbucklers abiding to no law and order with only one focus in mind: grow their ship.

Kaliya, co-founded the Human First Tech movement with Shireen Mitchel. They think this mindset actually “broke democracy and bulldozed key aspects of social systems that are good for human communities”. 

The Human First Tech stands for three key changes in the tech culture:

  1. Humanness has to come first in all stages of tech development. Tech has to be “rooted in emotionally healthy adulthood with good boundaries, and clear agreements first”.
  2. Actively center communities that have been marginalized in the creation of Web 1.0, Web 2.0 and Social Media and involve them in the tech creation process.
  3. Anticipate and design with awareness of threat models and “bad actor behavior” that may inevitably arise rather than be surprised by it.

A reflection on the culture of tech is necessary as a revolution in tech infrastructure is approaching.

Self-Sovereign Identity, a model of identity management where users are in control of their digital personal data, will change how people interact with institutions, companies and with each other. Being in total control of that relationship. For the first time, users can be the sole owners of their data and be able to decide who to share it with and how much of it to share. Enabling a safe and private interaction online. Kaliya is a proponent, one of the first ones, of Self-Sovereign Identity but also one of thinking consciously about who is sitting at the table where the decisions on this new technology are being made. As this seismic shift in the tech infrastructure has to serve “a broad and inclusive group of people” and avoid repeating the error of prioritizing tech over people. With a purposeful deliberation on “who should create, control and benefit from people’s identity information”.

This moment, the infancy of Self-Sovereign Identity, is the best time to act.

The Domains of Identity

Kaliya Young is, along with Phil Windley and Doc Searls, the co-founder of the Internet Identity Workshop. An event that “has been finding, probing and solving identity issues twice every year since 2005”. She holds a Masters of Science in Identity Management and Security and was named one of the most influential women in tech by Fast Company Magazine. Kaliya is the co-author, along with Heather Vescent, of the Comprehensive guide to Self-Sovereign Identity and her Masters report, Domains of Identity, provides us with a framework on the several domains of identity where personal data is stored in databases.

Using that framework, Kaliya walks us through the idea that identity is socially constructed and contextual. It’s who we see ourselves to be, who we present ourselves to be and how we are seen by others. It depends on social contexts such as family, groups, institutions and organisations we are part of. All these contexts attribute us different identifiers. The government attributes us an ID number or a passport. The University gives us a student number. For the hospital we have a patient number.

She states that the proliferation of the internet brought us even more identifiers. Such as usernames and passwords, emails or URLs. But these digital identifiers are not truly ours. We are renting the url name to a domain provider or our phone number to the phone company. 

With no control over our identifiers we have no control over our personal data. So how do we own our digital identifiers? This is the question that Kaliya has been trying to answer for 15 years.

The 16 Domains of Identity, as described by Kaliya, are:

1) Me and My Identity: where and how the individual stores his own personal data.

2) You and My Identity. The cases where a person – like children or elders – need their identity management delegated to someone else.

3) Government registration. Including the registrations our parents do on our behalf and all those we do for ourselves (i.e driver’s license).

4) Government Transaction. Where we use the identity provided to us by the government to access other services (i.e: car registration).

5) Civil Society registration. Comprising all the organisations and institutions the individual has a relationship with. Schools, health facilities, sports teams, etc. All these institutions issue their own identity credentials.

6) Civil Society transactions. Where the individual uses the identity provided by the above mentioned institutions to access services.

7) Commercial registration. An identity registration used to access commercial services. Cases such as a loyalty card, airline miles, etc.

8) Commercial transactions. Using the identity provided by the commercial entities to access services from them. Like using discounts, using the airline miles, etc.

On the domains pertaining to Surveillance, Kaliya specifies that there are 3 types of surveillance – Voluntary Known, Involuntary Known, Involuntary Unknown – and each domain has levels of each one.

9) Government Surveillance.

10) Civil Society Surveillance. Examples of voluntary known would be CCTV from a school or a heart monitor.

11) Commercial Surveillance.

12) Employment registration. Job applications and the consequent process of being onboarded in a company (where the company will attribute credentials to him or her).

13) Employment transactions. Using the above mentioned credentials to do work.

14) Employment Surveillance.

15) Data Broker Industry. Using data from all the above mentioned entities and reselling it to the commercial sector.

16) Black Market. When criminals or state actors take advantage of personal data from all the above mentioned domains and use it on the black market.

Self-Sovereign Identity would allow for the individual to be at the center of all these relationships and manage them in a less complex, more private and secure way.

Note: the Domains of Identity are CC licensed with attribution.

Q&A

You’ve been a leader in the community of User-Centric Identity/Self-Sovereign Identity for the past 15 years. What are the most positive changes you’ve seen happen during those 15 years?

We have created open standards that have been widely adopted (OpenID, OAuth, SCIM). 

We have, through the processes of iteration and experimentation, grown community based knowledge about what “doesn’t work” or at least is unlikely to work from past experiences (Information Cards and Mozilla Persona being two examples). 

In the past several years we have collectively innovated the emerging standards around self-sovereign and decentralized Identity.

In the field of Digital Identity, what is the question that people should be asking more but aren’t?

This may sound weird… but step way way back and figure out what you are actually talking about. 

Much of the material from the World Bank talks about “Digital Identity” but in this they think of it as a government issued ID in digital form, and primarily one that resides in a centralized government database. This is indeed one type of digital identity but the community around what was called user-centric digital identity that I got my start in begins with the premise of people having digital representations of themselves in “an online world” and then asks the questions how are they actually under the control of the person and can they be “owned” by the person instead of the company or site that that person is interacting with.

Can the digital avatar created in one (digital) place be ported by the person who created it to another (digital) place – just like bodies in the physical world can move from one location to another. Still another definition of digital identity centers on how enterprises manage the ID of the people who are their employees. I wrote the Domains of Identity. I just signed a contract with Anthem press and it is coming out as a real book this winter. 

Right now the questions need to be about what do the customers who will be early adopters of this technology really need. 

How do we really make this stuff interoperable?

Specific roadblocks other people in this space should look out for?

Not actually doing technical due diligence on systems. 

Not understanding the deeper motivations of different actors in the systems.

What are your hopes for the future of Self-Sovereign Identity?

We can live with the tensions between those who believe permissions vs those who believe in permissionless systems. They will both exist in the future no matter what.

We can continue to innovate via collaborative highly participatory forums. 

We can center the needs of real people. We can broaden the diversity, equity and inclusion in our community so that the whole range of human experience is in the room.

What is the book (or books) you have recommended most to others?

Obviously my book on Self-Sovereign Identity 🙂 

My forthcoming book on the Domains of Identity.
I would recommend folks read the Augmented Social Network: Building Identity and Trust into the Next Generation Internet. This is what inspired me to work on digital identity way back in the beginning. It’s well worth the read today.


We, at Tykn, would like to thank Kaliya Young for her time and for sharing her ideas and knowledge with us. Thank you, Kaliya! Be sure to follow her Blog and Twitter.

Tykn is a digital identity company. If you’re keen on reading more we suggest:

  • – Interview with Kim Hamilton Duffy (Co-chair of W3C Credentials Community Group and Architect of the Digital Academic Credentialing Infrastructure at MIT)
  • – This Definitive Guide to Identity Management with Blockchain.
  • – Interview with Tim Bouma (Senior Policy Analyst for Identity Management at the Treasury Board Secretariat of the Government of Canada).
  • – Interview with David Lamers (Blockchain Specialist at Rabobank) about the bank’s research and Self-Sovereign Identity Initiatives.

Interview with Kim Hamilton Duffy (Co-chair of W3C Credentials Community Group and Architect of the Digital Academic Credentialing Infrastructure at MIT)

Self-Sovereign Identity allows individuals to control their personal data. To fully control it and the relationships where his or her identity is being used in. Choosing who gets to “see” it and how much of it they get to “see”. 

Self-Sovereign Identity “privileges individual ownership of credentials, rather than custodianship of credentials by a software provider or issuing institution”. (source)

That’s according to Kim Hamilton Duffy, Co-chair of W3C Credentials Community Group and Architect of the Digital Academic Credentialing Infrastructure at MIT (Digital Academic Credentials Initiative). 

For her, the path towards a truly decentralized identity management system is through Decentralized Identifiers (DIDs) and Verifiable Credentials. She sees these as fundamental elements of Self-Sovereign Identity, promising to address the shortcomings of existing decentralized credentialing solutions such as Blockcerts, a blockchain-based credentialing solution that Kim developed in collaboration with the MIT Media Lab in order to solve the problem of decentralized verification.

Decentralized Identifiers

According to the W3C DID specification, “DIDs are URLs that relate a DID subject to means for trustable interactions with that subject”. They “enable the controller of a DID to prove control over it and to be implemented independently of any centralized registry, identity provider, or certificate authority”.

In an Self-Sovereign Identity ecosystem, individuals make claims about their identity, using DIDs, and those claims are “rendered tamper proof through digital signatures” stored on the blockchain. These claims can be verified anywhere, anytime. DIDs and Verifiable Claims allow for “persistent, independent digital identities” with increased privacy and security.

Kim considers DIDs an important tool for the proliferation of Self-Sovereign Identity. Managing cryptographic keys is a cumbersome process. DIDs make it easier for an individual to “retain ownership of their identifiers over time”. They offer cryptographic strength while factoring in the full lifecycle of keys, including expiration and revocation”. Decentralized Identifiers help prevent a “situation in which all of a person’s data is tied to a single individual identity profile” by allowing an individual to have as many DIDs as he or she may wish in order to “curate their identity profiles and increase their privacy”. (source)

DIDs also benefit institutions and organisations who issue or verify identity. Their decentralized nature makes identity always available for verification. As opposed to a system where identity is in a centralized database that may be rendered useless if it becomes offline for any reason (or, in a worst case scenario, destroyed).

On the Use Cases for Decentralized Identifiers, you can read what Kim considers the 15 required features for DIDs.

Open Standards

“The Blockcerts standard was published under the MIT open source license in 2016 so that any institution, vendor, or researcher can use it to build their own applications for issuing and verifying claims on the blockchain”. For Kim, it’s extremely important that identity solutions rely on open standards in order to achieve “maximum interoperability and portability of documents and data, without sacrificing privacy or individual control”. To her, openness and standards compliance are essential.

Kim believes that through open standards, DIDs and Verifiable Credentials, there is a possibility to evolve the identity management paradigm to one that preserves the privacy, security and self-sovereignty of the individual. With Blockchain opening the door for the possibility of true individual control of personal data.

We had the opportunity to ask Kim Hamilton Duffy a few questions:

Q&A

What are your responsibilities (and goals) as the Architect of the Digital Academic Credentialing Infrastructure at MIT (Digital Credentials Initiative)?

For context, the Digital Credentials Initiative is a university-led effort to develop a learner-centric digital credentialing ecosystem. I joined the initiative to drive the technical architecture and prototype/implementation rollout with the technical working group. Our initial focus is on standards, requirements, and shared infrastructure. We’re not defining competing standards; we’re identifying existing standards that suit our use cases, and extending/adapting them where necessary. So this effort complements existing credentialing standards (such as W3C Verifiable Credentials) and well-known vocabularies/taxonomies in the EDU/OCC space.

There are two characteristics that make this effort special. One is our participants’ commitment to include a broader range of perspectives and expertise. We felt that emerging decentralized credentialing standards showed a lot of promise, but that there were many open questions and gaps (not just technical — policy, governance, and more) that needed to be addressed. So for us, it was important to lead the effort with a well-rounded set of stakeholders.  

The other interesting characteristic is our ability to strongly advocate for learner use cases. The learner side often gets deprioritized in existing credentialing systems, resulting in limited ability for learners to access, store, and use their credentials across systems (as an example, credential exchange protocols are still in early phases of development). This initiative is positioned (and committed) to drive these standards and requirements forward – and even develop reference implementations if the market is not providing them.

In the field of Digital Identity, what is the question that people should be asking more but aren’t?

It’s critical to have clearly defined use cases when dealing with digital identity. I think many efforts start that way, but then get muddied by adding on — almost as an afterthought — higher stakes use cases that are not well-understood. When I say “higher stakes”, I mean the stakes may be higher for the populations involved (e.g. displaced persons needing access to resources) or the nature of the claim itself (e.g. containing more private information). The risk is that a poorly-informed “solution” can do more harm than good. 

One reason is that “identity” is so overloaded and potentially all-encompassing. If instead, we’re precise about the capabilities we are building, we may not need to “go to ‘identity’” (phrase borrowed from Steve Wilson). Further, pushing for use case clarity, as well as continually learning from intended users, allows us to build systems for our users (as opposed to systems that are imposed on them).

What needs to be true for SSI to achieve mass adoption, and what uses cases you think will gain early traction?

First, a caveat. SSI on its own is not something we can reasonably ask people to adopt — it’s an idea, with a confusing name at that, due to baggage associated with the word “sovereign”. (For clarity, I’d like to point readers to Christopher Allen’s 10 principles of self-sovereign identity and also Philip Sheldrake’s Generative Identity – beyond self-sovereignty). That said, those of us working in the decentralized identity space have not done a great job communicating the value-add or articulating concise use cases that, if solved, would actually warrant adoption.

An example: an SSI advocate might lead in with “imagine a Facebook but where you control your data”. Here are the problems with pitches like that:

  • Control and privacy are not features many users will pay for. In fact, some users accept (or at least claim to accept) that their data is already for sale so they might as well get paid for it. The downsides of thinking of data as property is more thoroughly analyzed in Elizabeth Renieris’ “Do we really want to “sell” ourselves? The risks of a property law paradigm for personal data ownership”.
  • – Many users believe (rightly so, in many cases) that they must choose between usability/convenience on one hand and privacy/control on the other. Users are accustomed to the conveniences of centralized systems, and we need to work harder on UX.

In sum, we need to (1) improve usability and capabilities (particularly in “exceptional” cases requiring recovery of control), (2) develop interoperability standards currently missing in the decentralized identity stack, and (3) focus on compelling user-focused scenarios.

So there’s a lot of work to do, but there are some use cases that can obtain immediate traction. Those involve public claims (i.e., without sensitive data) that are improving efficiencies of existing workflows. This includes educational and occupational claims (equivalent to what you would post on LinkedIn), and government/business registries. As an example of the latter, Samantha Chase, founder of Venn Agency, is doing some interesting work around safety credentials backed by British Columbia’s Verifiable Organizations Network and OrgBook BC. This approach improves transparency and efficiency around safe workplace claims, which can further benefit companies through reduced costs (in the form of insurance discounts, for example).

Specific roadblocks other people in this space should look out for?

In the decentralized identity space, discussions around GDPR (and similar emerging privacy protections) have focused too much on rationalizing existing technical choices. It seems like every discussion about GDPR jumps to a debate about whether a hash of PII on a blockchain is acceptable. While I’ll steer away from that specific question, I think this misses the point, which is that designing systems for privacy and individual control offers exciting architectural challenges. It’s an opportunity to design systems more responsibly, which can lead to cleaner architectures that limit liability and exposure.

In my mind, GDPR has been generous in its rollout, and as long as system designers are being mindful about how user data is handled, and documenting decisions along the way, then they’ve made tremendous progress. And while it’s important to stay up-to-date as the consequences of such regulatory frameworks emerge, having documented your decisions along the way will make everyone’s life much easier.

What are your hopes for the digital identity field in the future?

I’d like for us to develop meaningful ways to include more diverse perspectives and expertise in our decentralized identity-focused groups. In our eagerness to develop core building blocks, technical folks (myself included) have sometimes inadvertently created sandboxes that exclude essential perspectives. We need to improve how we communicate about what we’re building. But more importantly, we need to actively engage, listen to, and accept leadership from people with a broader range of backgrounds and experience.

What is the book (or books) you have recommended most to others?

Because many of the writings I find interesting are not yet in book form, I’m going to include some blogs as well. Here are the writers/writings I keep coming back to:


We, at Tykn, would like to thank Kim Hamilton Duffy for her time and for sharing her ideas and knowledge with us. Thank you, Kim! Be sure to follow her Blog and Twitter.

Tykn is a digital identity company. If you’re keen on reading more we suggest:

  • – Interview with Tim Bouma (Senior Policy Analyst for Identity Management at the Treasury Board Secretariat of the Government of Canada).
  • – This Definitive Guide to Identity Management with Blockchain.
  • – Interview with David Lamers (Blockchain Specialist at Rabobank) about the bank’s research and Self-Sovereign Identity Initiatives.

Meeting refugees in Turkey with the SDGia: What We Learnt.

Talking directly to refugees in Turkey who have been to hell and back was an extremely emotional experience for us. 

Being able to put ourselves in the shoes of people affected by displacement and identity-related problems is key in our journey to craft a solution inclusive for all.

For the past two months, Tykn’s co-founders, Jimmy J. P. Snoek and Khalid Maliki, along with consultant Evan Yap-Peraza, have been traveling throughout the country  for the SDG Impact Accelerator.

This accelerator, led by the Turkish Ministry of Foreign Affairs and the UNDP, supported by the Bill and Melinda Gates Foundation, Eczacıbaşı Holding, Limak Holding and the World Food Programme, is looking for Digital Identity solutions that allow refugees to access basic services and means of livelihood.

The importance of having boots on the ground

What frequently happens, when innovating, is that innovators talk about problems they have never seen before. Most people have never seen the problems they are trying to solve up close. The reason why it’s so important to have boots on the ground is because there is a difference between “knowing” and “understanding”. We tend to use these words interchangeably. We watch the news and say “I understand what happened in Syria”. But we don’t. We know about it. 

This is a big misconception. We think we understand and we try to create a solution, drawn from expectations and assumptions. But it all changes the moment we set our boots on the ground. Because all of a sudden we are talking with people who suffer from it. It’s real. It’s not a story on the news. To truly understand what’s going on, we have to go and experience the problem second hand. On the ground there’s no filter.

Zooming in on the problem

Turkey has the largest refugee population in the world. Almost 4 million people. And 97% of those refugees live in the cities among the local people, not in refugee camps. Imagine, all of a sudden, incorporating 4 million people in your civil infrastructure and the tremendous implications of that. Those people need services, products and healthcare. And they don’t speak the local language. The system needs to adapt too.

Blockchain Consultant, Evan Yap-Peraza

Sitting in a focus group with 12 refugees is an emotional experience. The first thing all of them ask is “what are you going to do for me now?”. We were looking people in the eye who have been to hell and back. Living in Aleppo. Buildings collapsed with their family members in it. Who have lost everything. People who cannot work and their children ages 9 and 10 have to work in a factory full-time for just $60 a month. 

Truly understanding the problem is realising that the biggest challenges these people face have nothing to do with technology. It’s about surviving. 

Solving the problem is not about changing the entire system because the current state of their identity management is weak. It’s about delivering value that positively affects one aspect of these people’s lives. And that could be even in the simplest of things.

These refugees are holding paper-based identities issued by the Turkish government. The papers are in Turkish and the refugees speak Arabic. Refugees don’t understand the language so they can’t read the papers. There’s a lot of bureaucratic processes and all of them go through the administrative offices. They speak Turkish, the refugees don’t. 

If we zoom in on their problem we realise that the biggest change we can make is the simplest change we can make: a digital version of their identities in Arabic language. An identity protected from loss, theft or fraud but also one that provides them with access to information in another language.

Tykn co-founder, Jimmy J. P. Snoek

This problem in accessing information was one of the major insights we brought from our experience in SDGia.

We also learnt that innovation in this field is achieved best with small operational change that provokes large social impact. It’s not about going to the system and saying “whatever you are doing now is wrong”. Yes it’s wrong because a lot of people are suffering from it but we can’t change it overnight. We need to take incremental steps. Being also aware that it is a coordination game. We need the refugees on our side, the government on our side and the institutions too. Having a perfect idea is not enough. It’s the ability to coordinate effectively between all these parties that will determine the success of our implementation.

Khalid Maliki (Tykn co-founder), Jimmy J. P. Snoek and Evan Yap-Peraza

We would like to thank the SDG Impact Accelerator and all our fellow participating digital identity start-ups Gravity Earth, Sertifier, and ZAKA.


If you’re keen on reading more about how blockchain technology can bring privacy and security to digital identity, here’s an in-depth guide on Identity Management with Blockchain.

Self-Sovereign Identity at Rabobank: Interview with one of Rabobank’s Blockchain Specialists, David Lamers.

rabobank self-sovereign identity

One of the largest Dutch banks, Rabobank, is doing research on Self-Sovereign Identity using blockchain technology since 2016.

Self-Sovereign Identity (SSI) is a new model of identity that puts users at the center of the identity management process. Parting ways from the current systems of managing identity:

  • – the siloed model, where each user has to undergo a new registration for each service he wants to use (and those services do not “communicate” with each other); 
  • – and the federated one, where users and companies “outsource” their identity management to third parties to facilitate access to services (i.e login with Facebook, Google, etc). 

With Self-Sovereign Identity, users own their personal data and are always in control of the identity-based relationship established with other parties. A person holds their data on a digital identity wallet, like an app on his mobile device, and chooses who to share it with and how “much” of it to share.

This new model of identity management will considerably increase the privacy and security of personal data. Companies would not collect and store large databases of personal data that can always be under the risk of leaks, breaches, hacks or destruction (in case of physical databases).

When developing a Self-Sovereign Identity solution, one should use a common identity metasystem to create interoperability. This will enable a seamless experience for when users have to register or validate their identity across multiple platforms and services. Reducing bureaucracy and increasing the efficiency of identification processes.

The emergence of blockchain technology accelerated the possibility of Self-Sovereign Identity as blockchain unlocked the “functionalities for timestamping, the trust registry and revoking credentials.” (source)

Examples of Rabobank’s use cases, which they believe can bring “added value for the business lines, our customers and employees” are:

  • KYC: With their extensive “Know Your Customer” KYC and due diligence processes, Rabobank believes they could provide “directly verifiable data” that the customer could provide to third parties or use verifiable credentials in order to onboard new customers.
  • Mortgage: Mortgage flows require a lot of time and documents from several different sources. Most of those documents are not verifiable. Self-Sovereign Identity would allow for the direct verification of that data and the source.
  • HR and onboarding of employees: Rabobank wants their employees to be in control of their own data. Reusing “certificates or assessments they achieved or did at Rabobank everywhere else. Therefore we do projects in order to save certificates, diplomas, trainings and employment credentials”. They believe this innovative technology would “drastically improve employee onboarding times”.

Rabobank built a SSI backend for the identity issuer and the verifier. “For the issuing process, the issuer sends a challenge request to the holder – asking for a DID [Decentralized Identifier] for each credential so they can be revoked independently whilst maintaining privacy. The holder sends the DIDʼs back in the form of self-issued verifiable credentials encapsulated in a verifiable presentation. The issuer then issues credentials on those DIDʼs and sends a verifiable presentation back to the holder. The verifier uses the same process, but the challenge request has different content. So, the holder sends a verifiable presentation with credentials retrieved from the issuer in the previous step.”

Rabobank SSI
Source

We had the opportunity to have a (virtual) sit down with David Lamers, Blockchain Specialist at Rabobank, about the work his team, the “Blockchain Acceleration Lab” and the bank have been doing regarding Self-Sovereign Identity.

What are your responsibilities at Rabobank?

As Blockchain Specialist at Rabobank you have a very versatile job so my daily tasks differ a lot, which I love. The blockchain team is researching the possibilities and opportunities blockchain can offer for the different business lines within the Rabobank. So, for me it’s important to be aware of the latest developments in the blockchain space, on technical as well as application level.

My responsibilities lie mainly within the identity and real estate finance domains. Within the blockchain team, named “Blockchain Acceleration Lab” we are developing a blockchain agnostic self-sovereign identity solution for PoC and pilot goals. I’m the linking pin between the developers and the interested business lines, also I’m working on our blockchain identity strategy. We have created a list of potential applications for SSI within the bank or for our clients. All projects are collaborations with (inter)national partners since you can’t do SSI alone. Being aware of all SSI developments and startups around the world is also important to me.

What does Self-Sovereign Identity mean to you?

For me SSI is the future step in building a society where one can exchange his personal data in a safe way, creating customer friendly and frictionless processes. SSI is the next step in the evolution of (digital) identity management. This evolution is often described as movement from siloed identities, to federated identities, to user managed identities and in the future self-sovereign identity. In the SSI scenario, the end-user should be fully in control of his own data (according to the design principles of Christopher Allen) and so not having to rely on a centralized authority. 

Do you remember when/how you first heard of Self-Sovereign Identity and what interested you in it?

After already experimenting with cryptocurrencies in 2013 I became really interested in blockchain technology in 2016. It was back then when I first read about SSI. Identity was an important topic in blockchain and players like uPort had a great vision. It was the early stage and solutions were not fully shaped. It is great to be so closely involved in the developments. Standards and protocols are much more defined, although still not fully, and we are working on an implementation. In this playing field it is still experimenting, changing and adapting, which makes it a wonderful experience and challenge.

In the field of Digital Identity, what is the question that people should be asking more but aren’t?

People should be more aware of the possibilities of digital twins. After having shifted towards semi-structured, non-cryptographically verifiable data that maybe matches the person that is in front of you (or the computer), digital twins can provide new opportunities. But that’s more for the business side. On the customer side, one should ask themselves about the sensitivity of the data they share with everyone. More and more data breaches are taking place which compose a risk to society. GDPR already requires businesses already a little more to take awareness of their customer privacy data, but customers should play a bigger role in this.

Why is Rabobank interested in blockchain technology?

Rabobank’s innovation department always focuses on the newest technologies and trends. Within the tech lab we focus on new and trending technologies like Blockchain. In the early stages it was already clear that blockchain could provide a wide range of opportunities for Rabobank. For example, we.trade which facilitates a trade platform using blockchain (already in production). we.trade provides more trust and transparency in open account trade.

How important is Self-Sovereign Identity for Rabobank and what are the key drivers for embracing Self-Sovereign Identity?

At the blockchain innovation conference our CEO Wiebe Draijer was interviewed (in Dutch). He is asked how blockchain can support the Rabobank as cooperation. He takes the example of identity, explains the principles of SSI and recalls blockchain as enabling technology. The potential value SSI can have for our business processes as well as for the societal contribution are example drivers.

What needs to be true for Self-Sovereign Identity to achieve mass adoption, and what uses cases you think will gain early traction?

In my opinion, interoperability is key. We see a wide range of initiatives and explorations, but if none is compatible with the other an adoption risk will arise. Therefore, we designed the Universal Ledger Agent (ULA) at Rabobank. This component is integrated in the app as well as verifier side and has the ability to store and verify credentials in different ledgers using different standards. This is realized with the use of plugins, an example plugin we developed is W3C verifiable credentials using the Ethereum blockchain or Sovrin.

Rabobank is developing a Self-Sovereign Identity wallet focused on HR. Can you tell us more about it?

HR Innohub is focusing on how new technologies can empower our employees. In our innovation process we do ideation games and an employee identity wallet was one of the use cases with HR on the closest horizon. They gathered a lot of interested stakeholders from other companies and educational institutions with whom we have a regular meetup. I really enjoy these meetups; everyone is really engaged and keen to deliver input. In Q4 2018 we had the first proof of concept: we integrated two educational institutions in order to deliver credentials to the wallet. We learned a lot of lessons and are now ready for the first pilot with Randstad. With the wallet, one holds all his verifiable credentials like diplomas, certificates and evaluations from issuers in an app and can share these easily with others. All are directly verifiable to improve employee onboarding and compliance and the employee is empowered with his credentials throughout his career.

What is the importance of creating an interoperable ecosystem in Rabobank’s Self-Sovereign Identity initiatives and how are you aiming to do so?

Important is that it should be possible to store different types of credentials in one wallet. In collaborations we started to face the challenge that each partner was interested in a different SSI technique/ledger. That’s why we designed the Universal Ledger Agent. In this way the consumer will not notice different techniques being used in the backend.

You wrote in your paper that you are “also looking at providing a nationwide solution with governmental partners. Together with government and banks we explore the possible setup of a dedicated entity for Self-Sovereign Identity. An important question remains who the provider should be and so the owner of such an Self-Sovereign Identity solution.” Why is that an important question?

The answer is twofold. On the one hand you don’t want to rely on a closed solution since it creates a dependency. So, an open source solution is required which is secure enough to handle your personal data. But this might create a liability towards the delivering party which can be a challenge to open source it. Also, important questions are how the key storage and recovery (backup) of verifiable credentials are implemented.

Apart from your work at Rabobank, what applications for SSI really excite you?

Personally, the most exciting use cases are the ones with societal impact. Tykn and ID2020 are great examples of how SSI can be meaningful for e.g. refugees. I’m also involved in cases for SSI within Rabobank focused on societal impact. Since they are still in the initial phase, I cannot tell you that much about it.

What are your hopes for the digital identity field in the future?

A single and interoperable digital identity being my digital twin which I can use in a safe way and is decentralized. From a business perspective I can use these to create customer friendly and frictionless processes and rely on signed, structured data from trusted sources.

Working at Rabobank, according to you how does the banking domain views Self-Sovereign Identity? Are they excited about it? Are they skeptical about it? Are they okay with losing the control over their user’s data? Are they happy with handing over the responsibility of keeping the data secure to the user’s?

At Rabobank they are very curious about the opportunities SSI can offer. There are a lot of roles a bank can take in the SSI ecosystem. We have identified the different roles and the relevant business lines are getting familiar with SSI. Rabobank is really focused on innovation and is for sure not skeptical. For instance, one of our four strategic pillars are excellent customer focus. We want to give our customers full control over their own data, and if they for instance want a verifiable credential of their wealth this should be possible. This because we are customer oriented and also see opportunities for our business processes.


We would like to thank David Lamers and Rabobank for this insightful interview and for sharing their ideas and knowledge with all of us!

More Resources:

– Our Definitive Guide on Identity Management with Blockchain (Updated for 2019)
– Our Digital Identity Management System that brings privacy and security to personal data.

Innovation in Healthcare: 4 ways Self-Sovereign Identity will disrupt Healthcare

innovative technology government banking healthcare education

The number one innovation in healthcare you should be paying attention to – whether you work in tech, innovation management, policy making or digital transformation within your healthcare institution – is private and secure digital identity. This blog will tell you why.

Our expertise in this space has led us to recently being funded with a seven digit figure and to winning awards by The Chivas Venture, the Blockchain Innovation Conference, The Spindle Innovation and more.

We have covered extensively on this guide about blockchain and identity management how a modern digital identity management system can maintain the security and privacy of its users by decentralising the data storage and by minimising the quantity of personal data stored.

By implementing the innovative technology of Self-Sovereign Identity, users own their personal data and are able to access services from an organisation, proving who they are and ensuring trust without the need to disclose any personal details. This greatly reduces the amount of data an organisation stores and thus reduces the possibility of Personal Data Regulations infringement.

Let’s dive in on the 4 reasons why Self-Sovereign Identity is a major innovation in healthcare:

Innovation in Healthcare: Efficient Identification

The importance of identity is paramount in the healthcare industry. According to a World Bank report on The Role of Digital Identification for Healthcare

“Providers need to know a patient’s identity to access relevant medical and treatment histories and ensure that they are giving consistent and appropriate care. 

Patients also need documentation to prove enrollment in insurance programs or other safety nets that cover medical expenses. (…)

Health insurers need to be able to identify patients to ensure that those for whom claims are submitted are actually insured and to facilitate the adjudication of claims based on the patient’s history. 

A secure, inclusive, and responsible method of uniquely identifying and authenticating healthcare users over time and across facilities is central to each of these needs and the goal of achieving universal health care”. 

identity management solution blockchain

Although this World Bank report focuses on the use of unique identifiers – that are a matter of concern privacy wise due to the possibility of correlation – the reasons they present for the importance of identification in healthcare we deem as valid.

Efficient identification becomes jeopardized in countries where identity and information systems are weak. Either because their records are paper based or because their digital identity management system do not allow for interoperability with other systems. Impeding record or data transferring between organisations. Which ultimately leads to less efficient health services.  

“As a result, 3.5 billion people worldwide who do not have access to quality essential health services” 

Private and secure channels for data transfer, that provide trust between health facilities, patients, insurers and government is thus of absolute importante. One that a Self-Sovereign Digital Identity could provide.

Innovation in Healthcare: Interoperability and Trust

By using a common identity metasystem, institutions within the healthcare industry could easily and seamlessly verify digital Verifiable Credentials issued by other organisations (and even issue some themselves). A healthcare facility could trust the authenticity of a patient credential without even having to check the actual data there contained.

identity management blockchain device

These privacy maintaining channels would be assured through cryptography and Zero-Knowledge Proofs. The verifying organisation would just have to check the blockchain to verify the authenticity of the signature of the attesting organisation or physician. If the signature matches the one in the patient’s credential, it’s authentic.

And you may ask, “But how do we know whether to trust the physician?”.

Phil Windley, Sovrin’s Chairman, answers this question: “Professionals can also create proofs from verifiable claims written about them to show that they have specific qualifications, certifications, or work at specific institutions. These claims are, in turn, verifiable in the same manner, creating a chain of trust.”

innovative technology government banking healthcare education

Non-interoperable identity systems are costly for the institutions and troublesome and stressful for the users. When patients arrive at the new facility, the need for duplicated registrations and paperwork increases bureaucracy for one side and frustrates patients in need of care.

“By allowing for secure and accurate identification and authentication of patients and enabling information exchange, they can increase the efficiency of patient management, improve the quality of treatment, reduce administrative burdens for patients, facilitate access to insurance, reduce fraud, and improve data collection.” (World Bank Report)

The digitization of healthcare identity systems is not enough though. Institutions must make sure their digital records are private and secure. Centralised healthcare records pose a major privacy risk for both patient and organisation. 

Self-Sovereign Identity is the innovation in healthcare that provides the decentralization, security, privacy and interoperability for a more efficient healthcare system.

Innovation in Healthcare: Birth Registrations

1.2 billion people around the world do not have an identity. Some of them because they never had it in the first place. Having no identity has grave consequences for these peoples’ lives as they are not able to access healthcareeducation or banking services. 

An interoperable identity system would be the major innovation in healthcare that allows hospitals, midwives or birth facilities to easily communicate a birth to the government who can instantly issue a digital birth certificate.

Innovation in Healthcare: Identity and Access Management

Identity and Access Management Softwares (IAM) are used by companies to authenticate, authorize, manage and create a central repository of their users/employees.

innovation in healthcare

Whenever a new employee is onboarded into a company, a whole new set of accounts has to be created. A lot of different accounts. From a simple email account to databases, servers or even Slack. 

Once this employee leaves, all these accounts have to be revoked as they were created: manually one by one. One instance of a not properly revoked credential can open the door for vulnerability. As a malicious former employee can access the company’s network and steal data. This is specially important given how sensitive the information in the healthcare industry is.

Through the use of Self-Sovereign Identity the user would be onboarded on all the different services using his own credential or one created by the company. One that the employee would store on his identity wallet. On the moment of revocation, only one credential would have to be revoked to cut access to all of the accounts.

Self-Sovereign Identity could also be an innovative technology for the Identity and Access Management space by improving the audit trail. For compliance reasons, these enterprise softwares register a log of user access for fraud prevention. Though the method through which that log is created – sometimes a text file – is of concern as privileged users could modify or delete logs for nefarious reasons. Blockchain, due to its immutable nature, could be a prime use case for access log security.


More Resources:

– Our Digital Identity Management System that brings privacy and security to personal data.
– Our Definitive Guide on Identity Management with Blockchain (Updated for 2019)

Innovation in Banking: 7 ways Self-Sovereign Identity will disrupt banking

innovative technology government banking healthcare education

The number one innovation in banking you should be paying attention to – whether you work in tech, innovation management, policy making or digital transformation within your financial institution – is private and secure digital identity. This blog will tell you why.

Our expertise in this space has led us to recently being funded with a seven digit figure and to winning awards by The Chivas Venture, the Blockchain Innovation Conference, The Spindle Innovation and more.

We have covered extensively on this guide about blockchain and identity management how a modern digital identity management system can maintain the security and privacy of its users by decentralising the data storage and by minimising the quantity of personal data stored.

By implementing the innovative technology of Self-Sovereign Identity, users own their personal data and are able to access services from an organisation, proving who they are and ensuring trust without the need to disclose any personal details. This greatly reduces the amount of data an organisation stores and thus reduces the possibility of Personal Data Regulations infringement.

Let’s dive in on the 7 reasons why Self-Sovereign Identity is a major innovation in banking:

Innovation in Banking: Quicker and more efficient processes

Mastercard and Microsoft believe a Digital Identity can play a pivotal innovation role in the banking industry.

identity management blockchain fraud theft prevention

They think it would be a major innovation in banking as it would improve the speed and efficiency of onboarding and identification processes of:

– opening bank accounts
– requesting a loan
– establishing a payment services account
– Create a more personalized and efficient shopping experience online and in stores
– simplify “interactions with government agencies and services
– such as filing taxes, applying for passports or securing support payments (e.g., Social Security)”.

identity management solution blockchain

All this done through “a single, reusable digital identity [that] can help people interact with a merchant, bank, government agency and countless other digital service providers with greater integrity, lower cost and with less friction”. (Source)

Of course this Digital Identity would need to be private and secure. That’s where Self-Sovereign Identity comes into play. A centralised storage of digital identity would just become a honeypot for hackers wanting to misuse people’s financial and personal details.

Innovation in Banking: No more usernames and passwords?

Barclays and Evernym are exploring how a decentralized, private and secure digital identity could benefit banking.

identity management blockchain device

One thing this innovation in banking would allow is to abolish usernames and passwords. “Everyone has multiple usernames and passwords – and some people use the same password for everything. Hackers love that. And it’s not just your email account they can take – once they’ve got your passwords, they can steal your whole identity,” says Jamie Smith, Strategic Engagement Director at Evernym

According to Barclays, “By 2022 it’s predicted that 40% of interactions between businesses and their customers will be affected by a form of digital ID known as self-sovereign identity (SSI).”

With Verifiable Credentials, everyone can prove claims about themselves without the need for login details such as usernames and passwords that jeopardize their data’s security and privacy.

Through the use of blockchain and cryptography (Zero-Knowledge Proofs) customers could prove claims about themselves without the actual need to disclose the personal information contained in the credentials.

innovative technology government banking healthcare education

Innovation in Banking: KYC – Know Your Customer

Since 2016, Rabobank, one of The Netherlands’ biggest banks has been researching into Self-Sovereign Identities.

Rabobank believes that with their extensive “Know Your Customer” KYC and due diligence processes, they could provide “directly verifiable data” that the customer could provide to third parties or use verifiable credentials in order to onboard new customers.

We interviewed one of Rabobank‘s Blockchain Specialists, David Lamers, about the work they have been developing regarding Self-Sovereign Identity.

identity management blockchain cryptography

Innovation in Banking: Mortgage Application

Another use case that Rabobank believes can bring added value to customers is in regards to Mortgages.

Mortgage flows require a lot of time and documents from several different sources. Most of those documents are not verifiable. Self-Sovereign Identity would allow for the direct verification of that data and the source.

Innovation in Banking: HR and Employees

Rabobank also wants their employees to be in control of their own data.

Reusing “certificates or assessments they achieved or did at Rabobank everywhere else. Therefore we do projects in order to save certificates, diplomas, trainings and employment credentials”. They believe this innovative technology would “drastically improve employee onboarding times”.

Innovation in Banking: Identity and Access Management

Identity and Access Management Softwares (IAM) are used by companies to authenticate, authorize, manage and create a central repository of their users/employees.

innovative technology government banking healthcare education

Whenever a new employee is onboarded into a company, a whole new set of accounts has to be created. A lot of different accounts. From a simple email account to databases, servers, AWS or even Slack. 

Once this employee leaves, all these accounts have to be revoked as they were created: manually one by one. One instance of a not properly revoked credential can open the door for vulnerability. As a malicious former employee can access the company’s network and steal data.

Through the use of Self-Sovereign Identity the user would be onboarded on all the different services using his own credential or one created by the company. One that the employee would store on his identity wallet. On the moment of revocation, only one credential would have to be revoked to cut access to all of the accounts.

Self-Sovereign Identity could also be an innovative technology for the Identity and Access Management space by improving the audit trail. For compliance reasons, these enterprise softwares register a log of user access for fraud prevention. Though the method through which that log is created – sometimes a text file – is of concern as privileged users could modify or delete logs for nefarious reasons. Blockchain, due to its immutable nature, could be a prime use case for access log security.

Innovation in Banking: GDPR Compliance and Data Portability

innovative technology government banking healthcare education

A private and secure digital identity reduces the level of bureaucracy and increases the speed of processes within organisations by allowing for a greater interoperability between departments and other institutions.

But if this digital identity is stored on a centralised server, it becomes a honeypot for hackers. Looking to breach it and leak it in order to misuse the personal details there contained. A centralised storage of identity is then a liability to the organisation.

A personal data breach – such as the CAPITAL ONE case – may result in huge fines due to privacy regulation infringement or simply due to customer trust loss and consequential damage to the organisation’s brand.

identity management blockchain security

Also, GDPR implemented the right to data portability. Previously, companies could “lock-in” customers by shutting their access to their personal data. Now, each user has the right to get a copy of the data each company possesses of him.

Self-Sovereign Identities would facilitate this transfer of data and its consequent sharing with other parties. An innovative technology that gives the user the freedom to share what he wants with whomever he wants.


More Resources:

– Our Digital Identity Management System that brings privacy and security to personal data.
– Our Definitive Guide on Identity Management with Blockchain (Updated for 2019)
– Our interview with David Lamers, one of Rabobank’s Blockchain Specialists, about their work regarding Self-Sovereign Identity.

How Identity Revocation on the blockchain works

identity management blockchain revocation

A blockchain is immutable. So what if you need to change something about your identity?

On this guide about identity management leveraging blockchain technology we scratched the surface of the Identity Revocation process. On this blog we will dive deeper into it.

What is Revocation?

Revocation means deleting or updating a credential. The possibility for an issuer to revoke a credential is crucial to an identity infrastructure for the main reason that identities are dynamic.

Attributes can change over time e.g. house address or number of children, and some credentials should have a expiry date for example a passport or drivers licence.

The fact is however, that in order to ensure trustworthiness of the system and eliminate the possibility to defraud, credentials are immutable. After issuing, no one (not even the issuer) can change the information inside the credential. Hence, when attributes change, a new credential needs to be issued and the old one needs to be announced invalid. Thus, at each proof the users needs to proof that the credentials used in the proof are still valid. The revocation registry allows him to prove this without contacting the issuing party. 

For example, the Government issues a credential to you, that you have 3 children. A month later your family is blessed with a 4th child. Now, the Government will mark the previous credential as invalid (stating that you have 3 children) and will issue a new credential stating that you have 4 children.

What is a Revocation Registry?

A Revocation Registry has 4 requirements:

  • – Credentials need to be revocable by their issuer;
  • – Revocation needs to be straightforward and fast;
  • – Testing of revocation needs to be privacy preserving;
  • – Proving and verifying the proof should be possible without contacting the issuer.

The revocation registry is a complex mathematical concept, however to get the basic idea you can see it as a list of numbers (called factors) and each number has its an index number in the row e.g. 000, 001, 002, etc.

Now all these numbers can be assigned to a verified credential in such a way that each verified credential has its own unique number from the row. All the numbers multiplied together is called the accumulator.

Essential is that only the numbers associated to non-revocated credentials are included in the accumulator. Once a credential is revoked the associated number is excluded from the multiplication and thus the accumulator value changes, see figure 1.

This accumulator is crucial in proving the validity of a credential.

Figure 1: Accumulator after revocation of credentials

When an identity owner wants to prove that her credential is valid and thus has an associated number in the registry list she can show a verifier that her number multiplied by the rest of all the numbers together (called the witness) results in the accumulator.

This is the basic concept of the revocation registry.

Flow: Set up, issuance, proof and verification

We will now go into more detail, following the flow from set up to issuance till proof and verification.

Step 1 – Set up for a revocable credential

The first step in order to set up a verifiable credential with revocation registry the following things needs to be in place:

  1. Schema
  2. Credential definition
  3. Issuer must publish a revocation registry 
  4. Issuer must publish the accumulator value that describes the latest status of for all the associated credentials

Step 2  – Additional information for the identity owner

When an issuer issues a credential he will have to give the identity owner the following additional information in order to allow him to create a valid proof.

Additional information for the identity owner:

  1. The credential itself (file/.json).
  2. The index for this credential in the revocation registry (posted on the ledger) such that the prover can look up his private factor (say a).
  3. The product of all other factors contributing to the (current) accumulator (so only the ones associated to non-revocated credentials). This is called the witness (say witness = b*c*d).

Step 3 – Required actions of the issuer of a revocable credential

When an identity owner creates and sends a proof he needs to prove that the credentials she uses in the proof have not been revoked by the issuer. He can do this through proving that: 

private factor * witness = accumulator (latest update as stated on ledger)

In order for the identity owners to be able to create an accurate proof the issuer needs to always complete the following tasks:

Required actions of the issuer of a revocable credential:

  1. When a credential is revoked, the issuer needs to update the accumulator on the ledger (leaving this credential factor out of the multiplication).
  2. To ensure that other identity owners can still prove that their credentials are not revoked, a witness delta will be posted in this transaction. Witness delta = a number that the prover has to use to adjust his witness such that his calculation (private factor * witness = accumulator) will match the updated accumulator.

Step 4 – Verify a proof

The proof generated by the identity owner is send to the verifier. The verifier can check the validity of the proof by executing the following checks.

Verify a proof:

  1. Check the attestation using the DID and verkey of the issuer.
  2. Check the non-revocation by checking whether the latest accumulator that is posted on the ledger is equal to the output of the proof (private factor*witness).

We would like to thank Katja Bouman for writing this thorough piece.

If you’d like to read more, we have this ultimate guide on blockchain and identity management and our own Digital Identity management platform.

Interview: Tim Bouma (Senior Policy Analyst for Identity Management at the Treasury Board Secretariat of the Government of Canada)

We started this interview with Tim Bouma talking about his expertise in digital identity and we ended up trying to solve the puzzle of a mysterious death. 

On July 8, 1917, Canadian painter Tom Thomson disappeared while on a canoeing trip on Canoe Lake. Eight days later, his body was found in the lake, with a four-inch cut on his right temple. Although the cause of death was determined as “accidental drowning”, the mystery of Tom Thomson’s death, and the speculation of a potential murder, is something that persists in Canadian lore.

Tim Bouma had been a fan of Thomson’s work for years. Reading biographies and collecting sketches of his work. Being a cybersecurity expert specialized in Digital Identity, Tim had a splinter of an idea forming in his mind: creating a fictional digital identity. The mystery of Thomson’s death created the perfect canvas. From March to July that year, during 100 uninterrupted days, Tim Bouma tweeted fictional journal entries channeling Tom Thomson’s persona and what he might be doing that day.

That twitter account ultimately led Tim to write the book Tom Thomson: Journal of My Last Spring (Burnstown Publishing House), that received praises from renowned Canadian author Roy MacGregor.

LESS Identity

But less about fiction writing and more about digital identity. Tim Bouma coined the phrase Legally-Enabled Self-Sovereign Identity. LESS Identity. That is how he wants his identity to be. These are the four characteristics of a LESS Identity:

  • Minimum Disclosure: Being able to disclose the minimum personal data possible in order to use/access a service.
  • Full Control: The user must have full control over what personal information he chooses to disclose (at any point in time).
  • Necessary Proof: In case the verifying party needs proof about the claim a user is making, the user has to be able to provide proof that sustain his claim. (i.e: attestations by a legal authority, etc)
  • Legally-Enabled: The existence of a legal framework that protects the users and the organisations providing the services while using this digital identity.

Bouma is a proponent of Self-Sovereign Identity. An approach to Digital Identity that puts the user at the center of the locus of control.

The locus of control is the “degree to which people believe that they have control over the outcome of events in their lives, as opposed to external forces beyond their control” (Source).

Self-Sovereign Identity removes the middle man as a vehicle of trust. An individual can prove claims about him or herself to an organisation without the need for that organisation to verify the authenticity of the claim with a third party. This is done through the use of blockchain technology.

Though Self-Sovereign Identity still has some issues to be figured out. Like how to make sure that a digital identity corresponds to an existing person in the analogue world. According to Tim, humans will always have to be involved in the “origin” moment. The initial registration process of the digital identity. “However, once that origin registration is carried out, your digital identity can be easily assured on an ongoing basis, using cryptography, verifiable claims, etc. But that digital identity, to be trusted, must be traceable back to that origin registration.” (Source) 

Pan-Canadian Trust Framework

Tim is also one of the masterminds behind the Pan-Canadian Trust Framework

Given Canada’s different levels of Government – Provincial, Territorial and Federal – this framework aims to avoid the creation of program-centred identities and ensure “the integrity of identity management business processes”, so that everyone can rely on each other’s digital identities.

Through this framework, Canadians will be able to “seamlessly access government services on-demand across jurisdictions in a matter of moments” (Source) and the government will be able to accept “trusted digital identities from other jurisdictions, greatly streamlines program enrolment processes and reduces costs — because the client is already known and trusted.” (Source).

The ultimate goal is to be able to use a Provincially or Territorially issued digital identity to access a federal program. What Canada’s government see as a “big win for all Canadians”. (Source)

Q&A

What are your responsibilities as Senior Policy Analyst for Identity Management at the Treasury Board Secretariat of the Government of Canada?

My role is to develop identity management policy instruments for Treasury Board Secretariat (TBS). TBS is a central agency for the Government of Canada and is responsible for management oversight for federal departments and agencies. Our policy instruments are the basis for aligning identity management capabilities across government. We also work with the Provinces and Territories to ensure alignment across Canada, which we call the Pan-Canadian Approach. Much of the work on the Pan-Canadian Trust Framework evolved from the collaborative work we have done with our different levels of government.

In the field of Digital Identity, what is the question that people should be asking more but aren’t?

The question people should be asking – ‘Why are you setting up your own identity management systems?’ If you are setting up your own systems, you are placing an even greater burden on your clients, who have to prove themselves one more time, and remember yet another password.

What are the specific roadblocks other people in this space should look out for?

The identity management technology is largely there. Centralized and federated approaches have existed for years. Decentralized and self-sovereigns are rapidly evolving and will become mainstream soon. So the roadblocks are largely conceptual – it’s about understanding how your program or business fits into a larger ecosystem. Two decades ago, during the dot-com boom, everyone was setting up their own servers, now nobody does that – it’s a cloud now. Soon identity, or self-sovereign-identity will be available as a utility and controlled by the users.

What are your hopes for the digital identity field in the future?

My hope is that Canadians will be able to access services without having second thought to their safety and security. The systems that will enable digital identity, or more generally verifiable credentials, will be open, interoperable and be as ubiquitous as GPS.

What is the book you have recommended most to others?

I could recommend my own book that would be self-serving. The latest book I am reading is The Blockchain and the New Architecture for Trust, by Kevin Werbach. A book which I really enjoyed, challenging my perspective, was Metaphors We Live By, by George Lakoff and Mark Johnson. I also have a few technical books on the go. I can’t say enough good things about Mastering Bitcoin, by Andreas Antonopoulos. Finally, for relaxation, I subscribe to Kindle Unlimited and churn through CIA spy-thrillers.

We, at Tykn, would like to thank Tim Bouma for his time and for sharing his ideas and knowledge with us. Thank you, Tim! Be sure to follow him on Twitter.


Tykn is a digital identity company. If you’re keen on reading more we suggest:


10 Digital Identity experts you should follow right now

Digital Identity and Self-Sovereign Identity are some of the most exciting fields in technology and innovation right now. We round up a list of 10 Digital Identity experts that you should follow if you want to be up to date on all the cutting edge developments in this space.

Christopher Allen

Christopher Allen is a Blockchain & Decentralized Identity Architect, Internet Cryptography Pioneer and co-author of the TLS Security Standard.

Allen wrote the influential The Path to Self-Sovereign Identity text in which he shares his “vision for how we can enhance the ability of digital identity to enable trust while preserving individual privacy”.

“Self-Sovereign Identity is the next step beyond user-centric identity and that means it begins at the same place: the user must be central to the administration of identity. That requires not just the interoperability of a user’s identity across multiple locations, with the user’s consent, but also true user control of that digital identity, creating user autonomy. To accomplish this, a self-sovereign identity must be transportable; it can’t be locked down to one site or locale.” – The Path to Self-Sovereign Identity

@ChristopherA

Kim Cameron

Kim Cameron is the former Chief Architect of Identity at Microsoft. Cameron wrote the seminal paper The Laws of Identity which aims to highlight the problem of the Internet having been built without means to know who and what we are connecting to and its possible solutions. He is described by Phil Windley, Chairman of the Sovrin Foundation as a “being from the future” as his 2005 Laws of Identity are only now being understood.

“Digital identity requires (…) a unifying identity metasystem that can protect applications from the internal complexities of specific implementations and allow digital identity to become loosely coupled. This metasystem is in effect a system of systems that exposes a unified interface much like a device driver or network socket does. That allows one-offs to evolve towards standardized technologies that work within a metasystem framework without requiring the whole world to agree a priori.” – The Laws of Identity

Kim’s Blog

Drummond Reed

Drummond Reed is Evernym’s Chief Trust Officer. Evernym was born to solve the problem of siloed identity. Massive databases of personal data that become honey pots for hackers and liabilities for the database owners. The solution? An identity each one of us can own. A Self-Sovereign Identity.

Reed was also the co-founder and co-author of the Respect Trust Framework, which was honored with the Privacy Award at the 2011 European Identity Conference.

Evernym are the inventors and original Founding Steward of Sovrin, the global public network enabling portable and private digital identity for all. Tykn is proudly one of Sovrin’s Stewards.

What Self-Sovereign Identity “means is that every digital relationship you have will be unique, private, and secure. There is no need to log in “with” anybody. This is a new type of relationship that has never been possible before and it is set to revolutionize the way that we interact with each other online.” – Why Login at all?

@drummondreed

Heather Vescent

Heather Vescent is, in her words, “obsessed with this new technology”, Self-Sovereign Identity, that uses identity standards that will allow for interoperability. For her, digital identity is a base layer where everything else is built on top and people are now starting to realise its importance. According to Heather, banking, healthcare and Internet applications have been building their own siloed identity solutions that are not interoperable between each other and Self-Sovereign Identity can change that.

Heather Vescent owns and operates a foresight and strategic intelligence consultancy and co-authored Your Guide to Self-Sovereign Identity with our next person you should follow, Kaliya Young.

@heathervescent

Kaliya Young

Kaliya, aka Identity Woman, has “committed her life to the development of an open standards based layer of the internet that empowers people”.

Her masters report, Domains of Identity, is a framework that explains the 16 domains of identity and how Self-Sovereign Identity can essentially change the relationships within those domains. Kaliya has a Master of Science in Identity Management and Security and has been named one of the most influential women in tech by the Fast Company Magazine.

“To get to this future we need to coordinate the development of common building blocks: code, infrastructure and protocol. We must ship interoperable products. And we need to work towards alignment, not control.”The Domains of Identity Presentation

@IdentityWoman

Phil Windley

Phil Windley is the chairman of the Sovrin Foundation as well as the co-founder and organizer of the Internet Identity Workshop. He served as CIO for the State of Utah and holds a Ph.D. in Computer Science from the University of California.

“Because there’s no central authority controlling DIDs and because people can issue private DIDs themselves, they constitute a truly decentralized means of not only creating identifiers, but using them for mutual authentication, privacy preservation, and secure communication of almost any information parties need to share.” – Decentralized Identifiers

@windley

Kim Hamilton Duffy

Kim Hamilton Duffy is the CTO of Learning Machine and Principal Architect of Blockcerts (that collaborated with the MIT Media Lab to develop an open standard for issuing and verifying credentials on a blockchain). She also co-chairs the W3C Credentials Community Group and is a member of the Rebooting Web of Trust board and the Steering Committee for the Decentralized Identity Foundation.

“It is time to evolve data management paradigms from those based on a centralized web architecture to those functioning from the decentralized web. Only in this way can individual self-sovereignty be guaranteed in a world where centralized authorities exert irreversibly amplifying control over digital infrastructures, and security breaches will only become more common.”The Time for Self-Sovereign Identity Is Now

Kim is also a researcher at the “Digital Credentials Initiative” at the MIT.

@kimdhamilton

Michiel van der Veen

Michiel van der Veen is the Director of Innovation & Development at the National Office for Identity Data in the Ministry of the Interior of The Netherlands. He is also an identification, biometrics and privacy-by-design expert for the ID4D program at the World Bank Group.

“In addition to digital ID, Biometric ID methods are also promising in poor and developing countries where scores of people still go unregistered. According to the World Bank, nearly a billion people are still unable to prove their identity, and millions more have forms of identification that cannot be reliably verified or authenticated.” –Privacy-by-design leads the way in keeping your online identity safe

@MvdVan

Tim Bouma

Tim Bouma is a Senior Policy Analyst focused on Identity Management for the Treasury Board Secretariat of the Government of Canada.

“My belief that humans still need to be involved in that first-time or “origin” registration of creating the digital identity and linking to the real person. This is the hardest part of creating a digital identity. This origin registration may be an expensive and inconvenient process to carry out, but with the value (and potential harm) associated with it — a digital identity that is, or not, under your control — the fully digital alternatives may be too risky (today, at least). However, once that origin registration is carried out, your digital identity can be easily assured on an ongoing basis, using cryptography, verifiable claims, etc. But that digital identity, to be trusted, must be traceable back to that origin registration.” –Digital Identity – the hardest part

@trbouma

Darrell O’Donnell

Darrell O’Donnell is the CTO at CULedger and Technical Advisor to multiple top-level agencies, departments, and services (including Canada’s and the US’ public safety and homeland security department) in the fields of blockchain and digital identity.

“Here’s the funny thing – we’re realizing that companies never really needed to own our digital identity. They did it out of necessity. Businesses are beginning to figure out what this means – and those that are wrapping their heads around blockchain identity are poised to succeed. The best are realizing that Blockchain Identity, particularly Self Sovereign Identity, is shifting the business view of digital identity. Digital identity is shifting to become a revenue driver, cost cutter, and even an asset.”Blockchain Identity for Dummies

@darrello


Tykn is a digital identity company. If you’re keen on reading more we suggest this Definitive Guide on Identity Management with Blockchain.


tykn digital identity management

Tykn finds new partner in IT entrepreneur Johan Mastenbroek

The Hague, May 20, 2019 – Tech start-up Tykn has received an investment of 1.2 million euros from Dutch IT entrepreneur Johan Mastenbroek. By using smart technology and blockchain the start-up is developing a digital identity management platform, which allows public and private institutions to issue and verify digital identity credentials. It is an innovative way to share and request personal data proofs, which protects identities against getting lost. A solution for the 1.2 billion people worldwide who have never had an identifying document or whose proof of existence got lost because of inefficient identity registration, wars or disasters.

Both Tykn and Mastenbroek are excited about the collaboration. “With Johan Mastenbroek as investor we do not just gain a financial partner, but also an experienced one. He has essential knowledge about blockchain and digital identity cases, which helps us to further develop our platform”, said Tey Al-Rjula, CEO of Tykn. “This collaboration is an important step in getting closer to the world as we envision it: a world where identities are portable, private and secure, so that no one has to lose access to their identity ever again.”

Tey Al-Rjula has personally experienced what it is like to be ‘invisible’. “My birth certificate got lost during the Gulf war in Kuwait. I lived as an ‘invisible’ man in the Netherlands when my work contract expired and I ended up in an asylum centre. There I met many Syrian refugees who had also lost their identity and faced the same problems as I did. As without an identity you do not have access to many basic needs and therefore not to your human rights.” This personal experience gave Al-Rjula the inspiration to found Tykn, together with social entrepreneurs Khalid Maliki and Jimmy J.P. Snoek.

IT entrepreneur Mastenbroek is also delighted about the collaboration: “I strongly believe in the principles and ideas of Tykn. They work together with international organisations, with whom they can provide a solution to a global problem and create a future of opportunities instead of a future of problems.”

Additionally, Mastenbroek is pleased with the addition of Tykn to his investment portfolio: “I mainly invest in IT & Innovation companies with a 3 million-plus revenue and a niche market focus, whereby I focus on management buy-outs and growth investments. My mission is to lift these innovate enterprises to the next level market position, business model and size. As such, Tykn fits well with the other companies I invests in, such as Ledger Leopard, Loek! and Finturi.”


Tykn is a digital identity company. If you’re keen on reading more we suggest this Definitive Guide on Identity Management with Blockchain.

tykn digital identity management system gif
The best content about Digital Identity delivered to your inbox once a month.

We are running a newsletter of highly curated and trustworthy content about Digital Identity.

Click here to see an example.