Identity Box
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
Title |
| |
Subtitle |
| |
Title of Series | ||
Number of Parts | 490 | |
Author | ||
License | CC Attribution 2.0 Belgium: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
Identifiers | 10.5446/47513 (DOI) | |
Publisher | ||
Release Date | ||
Language |
Content Metadata
Subject Area | ||
Genre | ||
Abstract |
|
00:00
Identity managementIdentical particlesCuboidSlide ruleComputer animation
00:14
Computer fileIdentity managementInformation privacyComputer networkInformationDatabase transactionChainBlock (periodic table)Distribution (mathematics)EncryptionData modelKey (cryptography)MathematicsVertex (graph theory)WindowBoom (sailing)Information privacyIdentical particlesMultiplication signSlide ruleWeb 2.0Image resolutionKey (cryptography)Resolvent formalismPublic-key cryptographySoftwareDistribution (mathematics)Identity managementQuicksortApproximationCartesian coordinate systemSoftware frameworkMobile appCuboidInheritance (object-oriented programming)Moment (mathematics)Centralizer and normalizerPeripheralString (computer science)IdentifiabilityPeer-to-peerStability theoryLaptopService (economics)Point cloudAbstractionSign (mathematics)Level (video gaming)PermanentGoogolPresentation of a groupCASE <Informatik>BackupFrame problemComputer networkResultantWordInstance (computer science)Roundness (object)WebsiteComputer animation
06:23
Bookmark (World Wide Web)Execution unitBoom (sailing)WindowWide area networkCuboidIdentical particlesAddress spaceBackupRight angleShift operatorType theoryQR code1 (number)Marginal distributionCodeSound effect2 (number)Service (economics)
08:18
WindowCore dumpBookmark (World Wide Web)QR codePort scannerCodeDemonBoom (sailing)QR codeIdentical particlesMobile appFacebookLink (knot theory)ResultantCryptography
08:56
Bookmark (World Wide Web)Boom (sailing)Identical particlesMessage passingLink (knot theory)Cuboid
09:18
FacebookPoint cloudOpen source
Transcript: English(auto-generated)
00:05
Identity box. Let me start with this. Sorry, the last slide. Privacy starts with identity.
00:22
But not really just identity, actually privacy starts with self-sovereign identity. And people here most probably know what self-sovereign identity is. It's, shortly speaking, identity that you own and that you control. So it's not owned by some service like Google, GitHub, whatever.
00:41
Nobody can take it away from you. And self-sovereign needs decentralized network. These slides will be repeated a couple of times today. And it may seem not to be obvious. It's really not obvious per se because it all depends how you perceive your identity, how it's really implemented. And the most trivial and in some way naive way of implementing identity
01:06
is to associate your identity with a public key. So basically every identity is your public key. And we did it. And we implemented this in Cogito, an identity management framework
01:22
that we created two years ago, approximately. And we even presented that last year at FOSDEM in a lighting talk. And as you can expect, using a public key as your identity, you immediately get questions like those. What if your private key gets compromised?
01:42
And of course your identity is gone. How are the people that use your identity going to know about it? Do you even know yourself who is using identity? Sure not. In other words, you get the network of keys, so some sort of web of trust again, something that we know it's a problem and doesn't really pick up very well.
02:04
But the guys from rebooting web of trust together with other people, they work on an interesting document. There's a standard about decentralized identifiers. And people that work in this group,
02:22
they came up with an interesting idea. So they introduced something which is called a DID resolver. And what does it do? So if you have your identity, which is just a string of characters in the end, you ask the resolver, give me something called decentralized identifier document.
02:41
And in this document, you can get whatever you need. So for instance, your public encryption key or your public signing key. Quite powerful concept. On a high abstraction level, should work very well. And of course, it makes all those questions that we had before solved quite nicely.
03:01
You can change your keys at any moment. Your identity stays the same after you change your key. People don't need to know your public keys. You don't have to keep public keys of any peers that you want to communicate with because you ask the resolver and resolver tells you, well, give me your identity.
03:21
I give you the keys, basically. So like key distribution problem solved. So in other words, instead of having network of keys directly connected as in typical Web of Trust, you end up in situations similar to this. You ask some kind of infrastructure to provide it to you. But if you look at this picture even,
03:41
this thing looks like centralized. Well actually, a resolver could be implemented in a purely centralized way. And we did it for exercise and it works great. It has super low latencies, it's super reliable. Of course, the problem is that if you base your resolution of your identity to a centralized service,
04:03
we are not speaking about self-sovereign anymore again. Which means basically the resolver itself needs to be built on decentralized network as well. So that's why I was saying at the very beginning, self-sovereign identity needs decentralized network. And now, what's the problem with decentralized networks?
04:23
Why don't we have even today, after so many attempts, we don't really have mainstream, reliable, stable peer-to-peer infrastructure out there. And one of the reasons is that there are no really physical nodes. It's not enough to put 1,000 nodes in a cloud on Amazon or something.
04:43
And it's also not sufficient that network enthusiasts run their nodes on a laptop for a few hours a week. That's not how it works. Even IPFS promotes the nodes which are stable and stay on. So the centralized network needs physical nodes that are available, stable and possibly always on.
05:05
And I brought one such a node. So our identity box is actually a physical node. It's a physical device. This is just a case. It's empty inside because my identity box runs at the very moment on my desk. It's connected with other identity boxes.
05:21
And how would it work in such a case? So we want this to go to people's homes, something like a physical device. And once you get such a device, you also get an identity app from us. And now I have to switch from presentation so that you also can see this.
05:48
Hopefully this will pick it up. So here you see an identity app,
06:03
application from which I can manage all identities, basically. Sorry, I have to make those things a bit smaller. So I scanned the box.
06:21
You see that would be this. And this thing connects to my identity box, the one that you show running on my desk right now. It has some backups from it, but I will not use the backups to restore my identity. So I create quickly an identity.
06:43
And you see in my address book, I already have just one. My identity, I don't have any peers' identities. The nice thing about self-soaring identities, of course, you can create multiple identities once I am here. I can create identity, which indicates that, let's say, I am at Fosdum.
07:09
Now in my address book, you see I have two identities, so I can easily switch between them. I can be marching if I like, and if I can be marching at Fosdum. Of course, now I would like to send something to someone.
07:21
And Mark happened to follow me from Eindhoven here. He works with me, but we don't speak daily. So he has his own identity box. He's associated with his own identity box. And I would like to connect with him. So he shows me now a QR code. And I use my phone.
07:41
You see I'm doing scan here and here. So I see his name. For some reason, I don't see your phone. So I type here, Mark. Now in address book, I have also peer identities. I have Mark. And we have a demonstration sharing service,
08:02
which we can use to send secrets between people. So let's shift Mark's phone to the left a bit, because for some reason, I don't see his. So I connect. So I go to my identity app again.
08:21
I scan this small QR code. Now this thing asks me to choose an identity I want to send it to. I want to send it to Mark. I send it. Now this thing resolves the idea,
08:41
a DID document of Mark's, and it creates a link which you can put everywhere you want, on Dropbox even, or Facebook. Only Mark can decrypt that stuff.
09:00
And Mark can actually decrypt it with his device. So this is, it will also create the same connect link. You have the same thing. And you would see his decrypted message. So this is Identity Box. Thank you.