Versions Compared

Old Version 22

changes.mady.by.user Dr.-Ing. Roman Zoun

Saved on

compared with

New Version 23

changes.mady.by.user Dr.-Ing. Roman Zoun

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

I registered myself on Linux foundation using Linkedin and now I got an advertisement for training on the Linux foundation platform. So I used an identity and I paid with my behavior. We want to show there is another way! Imagine "login with google," and google will never know you did it. We introduce an anonymous social login plugin for digital services to allow users to use the secure way to onboard and register using third party login, without notifying them about it. Our goal is to wake the privacy awareness in users and tell the world that social login can be anonymous and the data collected by them shouldn't be collected. Additionally, the user will have a passwordless Identity manager in his hand, no forgotten passwords anymore. Stop "login with google", start "login with google as verifiable credential". 

We start our journey from the market and the customer side, check out our customer research in Appendix section.


Image

Source: https://twitter.com/SSI_by_memes

...

→ Market Research to this topic in the Appendix

To be professional, since the goal is to be accepted by the market an leverage hyperledger projects on the market, we started our market research. We can clearly show the needs of the market as a result of online research and as a customer survey. First, we research the web and publications about security and hyperledger projects and it came out, that overall the need for secure communication and secure exchange of personal data exists, especially in not trackability of activities and preventing personal data storage and the risk of data breaches. 

Besides this, we prepared a survey to find out features of customers with the highest importance and lowest satisfaction value. This brings insights and high opportunity to our topic. Furthermore, we asked in the survey afterwards for the best features. From this we defined the top 3 List of the features in the topic Login, Accounts and personal data security:

  1. knowing which organization is sharing your data with whom else
  2. you have transparency about which personal data you have shared with which organization/website.
  3. you can decide and control who can see your personal data (name, email, date of birth etc.)

The result is the top 3 wished features:

  1. that you can define who can see your personal data
  2. that you can see in an overview which of your personal data is used by whom
  3. knowing which organization is sharing your data with whom else

Solution

In the beginning we will tackle the feature "you have transparency about which personal data you have shared with which organization/website." and "you can decide and control who can see your personal data (name, email, date of birth etc.)". During the hackathon, we will bring a solution or concept, together with hyperledger mentor and community, to solve the feature "knowing which organization is sharing your data with whom else". So we implement the second and third position from our customer research for the hackathon, and will provide a concept to solve the Top1 feature together with hyperledger community during the hackathon using methods from "inventive thinking". 


  1. Provide a service which combines the usual social login onboarding, without the central IDP get your behavior. We introduce the Social verifiable credential, a service where a user login once, and issue his social account as verifiable credentials in his wallet. In addition, we introduce a simple OIDC SSI verifier to include the social login as verifiable credentials easy into your service.
  2. The user have then a passwordless social identity, because the whole account is in your wallet
  3. We introduce a easy auth server using SSI configured for the social accounts, that can be used for Login on every plattform.
  4. Our solution doesn't include any central IDP, no databases for storing the data and is easy to integrate to your service, as configuration for docker-compose, kubernetes AWS, Azure, Google Cloud ...
    1. alternatively we plan to use zapier for easy integration, like trinsic
    2. Our goal is decentralize, so verey service provider need to add his own verifier but we provide the easiest way to do it
  5. Minimum Implementation goal:
    1. As minimum is an issuer with the social login via central IDP. The verifier is not needed in the beginning, since a lot of products can solve this (trinsic, esatus, ...)

...