Centralized identity is ultimately going to get hacked and leaked.
Has anyone ever thought about utilizing SD-JWT and ZKPs as a standard?
I own username.id http://username.id and have done some deep research on ideas. Reach out if you are interested in putting together a Presentation Exchange that could map up to NIP-05.
https://docs.walt.id/community-stack/concepts/selective-disclosure/sd-jwt/intro
https://datatracker.ietf.org/doc/draft-ietf-oauth-selective-disclosure-jwt/
Yestr!
nostr:nprofile1qqsqddupn4l3cl65wggcyehd009g0pwuatsfudh28f90vewx68vrylqprfmhxue69uhhyetvv9ujuem9w3skccne9e3k7mf0wccszenhwden5te0ve5kcar9wghxummnw3ezuamfdejj7mnsw43rzufkd43hywr5d3erxmp5va6hxvmnveh8wd3hxue8xdm6v9jnv6r3de3k6ae4wa4rydm9df6kgdthvduxvdm3xph8sdmyx5lkyun0v9jxxctnws7hgun4v5q3gamnwvaz7tmjv4kxz7fwv3sk6atn9e5k7nznd8h and I were talking about this recently in relation to a Person kind.
Verifiers could Attest to the whole or selectively revealed (as per your note) parts of this.
The key difference is the issuer is oneself - so called 'first person' credentials.
I think with Person NIP, SD-JWT, Attestations and #safebox we have everything we need.
I'm not sure we even need ZKPs.
That’s my gut feeling too. You only need SD-JWTS and ZKPs if you over-collection information in the first place. Authorities love them, because it gives them an excuse to over-collect with the false assurance they can give you a ZKP when you need (beg for) one.
I can envision an offline, local-first P2P mesh network connecting NFC, Bluetooth, WiFi Direct, and LoRa, with Transport Bonding, built around assertion claims and attestations. Layered interoperability could ensure the user remains in control through distributed capabilities.
It might be a pipe dream, but I’d like to see a protocol of TEE enclaves using distributed Git checksum proofs, combined with Schema Negotiation between servers and clients. This would apply an orthogonal method for verifying trusted remote execution of an oblivious pseudo-random function exchange, one that maps up to a trust registry at the DNS level for maintaining NIP-05 usernames in a way that is distributed and private. Domains are currently subject to renewal issues so managing state changes with NIP-03 on OP_RETURN and an alternative routing mechanism might be an interesting approach. It would need to be managed by open-source developers of course.
These ideas have surfaced across several overlapping communities. After exploring Solid, Linked Data, OpenSocial, ActivityPub, FOAF, and Web5, I believe the simplicity of the Nostr protocol, with its relay model, is a step in the right direction. The openness of the community and the NIPs is a breath of fresh air.
The main question and fuzzy area that you mentioned is how to engage with some kind of presentation exchange with the current centralized system. Could there be interoperability bridges with mdoc/mDL, etc. https://docs.walt.id/community-stack/concepts/digital-credentials/mdoc-mdl-iso
Of course, the Verifiable Credentials community has been attempting it via DIF and other overlapping projects like OpenWallet etc. Do any of these communities have a chance?
I was in the Verifiable Credentials community for years. I think the simplicity of Nostr has a better chance of success in the long run.
I am leaning that direction as well, what are your thoughts on how to interoperate? What about mdoc/mDL? If this is the standard for issued IDs could it be used in a way that is more secure as long as it’s an ephemeral one way push with a schema negotiation between clients and relays via a trusted registry of privacy preserving endpoints.
I have been following the No Phone Home awareness.
https://blog.identity.foundation/no-phone-home/
and the privacy concerns of mDL
https://trbouma.substack.com/p/its-not-about-global-state-its-about
This is the way! We must protect local and prevent the tracking!
I am a signatory of the No Phone Home. I’ve concluded that ‘credentials’ is no more than a digital implementation of a medieval model and we need to move to private decentralized record sharing and attestation. That is what I am trying to do with #nostr #safebox and attestations
We are definitely on the same page. What is your vision of how it will work with issued IDs? Could it even work with mDL or is the standard not capable of passing attestations down to safebox to be handled offline? Is this concept in your crosshairs?
Taking a total greenfield approach. All the mDL stuff is too far gone and captured. Let it play out naturally. Looking for underserved communities than are willing to leapfrog.
