随摘随想 | 通往自我主权身份之路 The Path to Self-Sovereign Identity

原文链接：The Path to Self Sovereign Identity (Christopher Allen)

随摘

4 stages of online identity 数字身份演进的四个阶段

Phase 1: Centralized identity (administrative control by a single authority or hierarchy) 集中身份（由单一机构或层级管控）

• Centralized authorities became the issuers and authenticators of digital identity, such as IANA (the validity of IP addresses), ICANN (domain names), CA certificate authorities (validity of internet commerce sites)

• The problem is that users are locked into a single authority, who can deny their identity or even confirm a false identity. Centralization innately gives power to the centralized entities, not to the users.

• To a large extent, identity on the internet today is still centralized. Digital identities are owned by CAs, domain registrars, and individual sites, and then rented to users or revoked at any time.

• PGP (Public Goods Privacy) offered one of the first hints towards SSI (self-sovereign identity) by introducing the "Web of Trust", which established trust for a digital identity by allowing peers to act as introducers and validators of public keys. Anyone could be validator in the PGP model.

Phase 2: Federated identity (administrative control by multiple, federated authorities) 联合身份（由多个联合机构管控）

• A variety of commercial organizations moved beyond hierarchy to debalkanize online identity in a new manner. Microsoft's Passport imagined federated identity, which allowed users to utilize the same identity on multiple sites.

• Federation improved on the problem of balkanization. However, each individual site remained an authority.

Phase 3: User-centric identity (individual or administrative control across multiple authorities without requiring a federation) 以用户为中心的身份（跨多个权威的个人或管理控制，无需联盟）

• The Augmented Social Network (ASN) (2000) group felt that Microsoft Passport and the Liberty Alliance have put too much emphasis on the privatization of info and the modeling of users as consumers, thus hindered the very assumption that every individual ought to have the right to control his/her own online identity.

• The Internet Identity Work (IIW) (2005-present) focused on a new term that countered the server-centric model of centralized authorities: user-centric identity. IIW has supported many new methods of creating digital identities, incl. OpenID (2005), OpenID 2.0 (2006), OpenID connect (2014), OAuth (2010), and FIDO (2013). By adopting them, a user can decide to share an identity from one service to another and thus debanlkanize his digital self.

• Unfortunately, powerful institutions co-opted their efforts and kept them from fully realizing their goals. Much as with the Liberty Alliance, final ownership of user-centric identities today remain with the entities that register them.

  • Facebook Connect (2008): People who access other sites with their “user-centric” Facebook Connect identity may be even more vulnerable than OpenID users to losing that identity in multiple places at one time.

• It’s central authorities all over again. Worse, it’s like state-controlled authentication of identity, except with a self-elected “rogue” state.

Phase 4: Self-sovereign identity (individual control across any number of authorities) 自我主权身份（跨任意权威的个人控制）

• To take the next step requires user autonomy. Rather than just advocating that users be at the center of the identity process, self-sovereign identity requires that users be the rulers of their own identity.

• Self-sovereign identity has been previously addressed as a mathematical policy, where cryptography is used to protect a user’s autonomy and control, and a legal policy, which defines contractual rules and principles that members of the network agree to follow. In the last year, self-sovereign identity has also entered the sphere of international policy. This has largely been driven by the refugee crisis that has beset Europe, which has resulted in many people lacking a recognized identity due to their flight from the state that issued their credentials. However, it’s a long-standing international problem, as foreign workers have often been abused by the countries they work in due to the lack of state-issued credentials.

A definition of self-sovereign identity 什么是自我主权身份

• Self-sovereign identity is the next step beyond user-centric identity and that means it begins at the same place: the user must be central to the administration of identity. That requires not just the interoperability of a user’s identity across multiple locations, with the user’s consent, but also true user control of that digital identity, creating user autonomy. To accomplish this, a self-sovereign identity must be transportable; it can’t be locked down to one site or locale.

• A self-sovereign identity must also allow ordinary users to make claims. It can even contain information about the user that was asserted by other persons or groups.

• A self-sovereign identity must defend against financial and other losses, prevent human rights abuses by the powerful, and support the rights of the individual to be oneself and to freely associate.

• The truth is that there is no consensus, and it's just a starting position.

10 principles of self-sovereign identity 自我主权身份的10个原则

These principles attempt to ensure the user control that’s at the heart of self-sovereign identity. However, they also recognize that identity can be a double-edged sword — usable for both beneficial and maleficent purposes. Thus, an identity system must balance transparency, fairness, and support of the commons with protection for the individual. 身份是把双刃剑，可以被用于有益或有害的目的。身份系统必须平衡透明性、公平性、对公共的支持和对个人的保护

1. Existence 存在: Users must have an independent existence 用户必须具有独立的存在

   • 自我主权身份并不能凭空产生，而是需要依托于真实存在的个体

   • 自我主权身份本质上是让部分“我”的身份公开和可被访问

2. Control 控制: Users must control their identities 用户必须控制他们的身份

   • 用户对他们身份应具有最终权威，身份是可以被指向、更新、甚至被隐藏

   • 这并不意味着用户控制所有对其身份的声明（claim），其他用户也可以针对某用户提出声明，但他们无法拥有和控制他人的身份

3. Access 访问: Users must have access to their own data 用户必须能够访问自己的数据

   • 用户必须始终能够检索他身份中的所有声明和数据，不能有隐藏数据或看门人（gatekeepers）

   • 这并不意味着用户可以随意改动所有针对他身份的声明，但他必须能够意识到所有声明的存在

4. Transparency 透明: Systems and algorithms must be transparent. 系统和算法必须是透明的

   • 管理和运营身份网络的系统，无论是他们如何运行还是如何被管理和更新，必须是公开透明的

   • 算法必须是免费、开源、和众所周知的，且尽可能独立于任何特定的架构，任何人都应能够检查他们如何运作

5. Persistence 持久: Identities must be long-lived. 身份必须是能长久存在的

   • 身份必须尽可能的长久存在，至少是在用户的意愿之下

6. Portability 可移植: Information and services about identity must be transportable. 有关身份的信息和服务必须是可转移的

   • 身份不应该被单一第三方实体持有，即使它是一个可信赖的实体，因为任何实体都可能会消失，而且在互联网时代预计大部分实体最终都会消失

   • 可转移的身份保证了用户始终对他的身份拥有控制权，并随着时间推移提高身份的持久性

7. Interoperability 互操作: Identities should be widely usable as possible. 身份应尽可能广泛使用

   • 身份信息应尽可以在多种场景下被使用，跨越国际边界创建全球身份

8. Consent 同意: Users must agree to the use of their identity. 用户必须同意使用他们的身份

   • 任何身份系统都是围绕该身份和针对其的声明而构建的，身份数据共享必须通过用户的同意

9. Minimalization 极简化: Disclosure of claims must be minimized.  必须尽量减少披露

   • 针对用户身份信息的披露应尽可能极简化，如只询问最低年龄限制是否符合，就不应披露用户的实际年龄；如只询问具体年龄，就不应披露用户的出生年月日

   • 这个原则可以通过针对性披露、范围证明、零知识证明技术来实现，但非相关性仍然非常困难

10. Protection 保护: The rights of users must be protected. 必须保护用户的权利

    • 当身份网络的需求和个人用户的权利发生冲突时，网络应保护个人的自由和权利

    • 因此身份认证需通过独立算法和去中心化的方式运行，以抵抗审查和强权

随想

• 从身份演进的前三个阶段来看，虽然身份仿佛变得逐渐“以用户为中心”，但实则更多是从体验上让用户更易操作，而从身份归属上仍然非常中心化。类似Facebook一样的大公司，其实也堪比权威联盟或权威机构了。如果总是使用Facebook账号登录其他平台，体验上每次登陆是会变得非常便捷，但也相当于每次都移交自己的部分身份给了Facebook，长久积累个人和平台的权力就会非常不对等。个人身份主权的让渡往往是单向的，非常难逆转。

• 因为没有对身份主权的控制权、访问权、可移植性和互操作性，个人在大平台上的积累是带不走的，而平台的消失可以直接带走一部分个人的身份信息。比如近期重新登录人人网为例，之前在平台上的blog、照片、与别人的互动留言、在其他主页发布的内容，所有内容都形成一部分我的身份。而随着人人网的没落消逝和服务器的减少和停止，我的一部分身份就也随之消失了。如果泛化至个人-公司的组织形式，个人对自己的社会工作身份也是没有主权的，一旦离职除了能在简历上写一笔，此前在公司平台上写的代码、设计的方案、所有创作和积累是很难带走的。延伸至个人-国家的形式，如果国家这个“平台”因为战争等种种原因消失，个人要以何种身份立足。如果国家对个人进行social cancel，那个人在这个“平台”上的经济资本、文化资本、社会资本积累也是难以移植。