In the TF working group, we have been trying to figure out what an Identity Owner is, and what they need to agree to in order to sign the IdO Agreement. We’ve agreed enough to get started on the Provisional Network, but some key questions remain on this bridge between the SN and the real world. All DID’s need to be related to the a real person or organisation (group of people) but how do we know that whilst maintaining anonymity and the self-sovereign ID? Do we need to be able to prove that? One of the elements we intend to include in the IdO Agreement is
" Use a Sovrin Identity to impersonate another Identity Owner or otherwise misrepresent the Identity Owner’s identity or relationships."
Scott’s brilliant insight: This is about edges vs nodes:. Sovrin Identity is off-network, the SN is like a telecoms network, we need minimum criteria for a DID (like a 'phone number) and then focus on enabling connections (edges) rather than what they’re going to be used for or who’s making them (node). Building network and its traffic is all about the edges vs the nodes. There are plenty of examples in the world of telecoms to prove this point (https://en.wikipedia.org/wiki/Rabbit_(telecommunications))
This means that instead of thinking about a DID as representing an aspect or persona of a person, organisation or thing (the node), we think about each DID as representing a relationship (edge between an . A and B party, we hope that most connections will be A:A, an act of recognition of a persona. But often they will be A:B_n_
This is the difference between setting up a profile for your best mate on facebook, and posting a photo of your best mate on your own facebook profile. Even if it’s a bad actor trying to set up a DID impersonating you on the SN, that is still a valid relationship (ie you are his target).
The node-centric view of this is that each ‘Sovrin Identity’ (or possibly Identity Owner) is effectively their own many-faced god (http://gameofthrones.wikia.com/wiki/Many-Faced_God) going by different names (bits of PII) in different pantheons and faith structures (Trust Frameworks/ Contexts) but amounting to the same Sovrin Identity.
Change IO obligation to:
" Use a Sovrin Identity to misrepresent a relationship you have with a natural person, legal organisation or thing, at the time when the DID is created or used to transact, that natural person might in most cases be you"
"Use a Sovrin Identity to lay claim to be another person, organisation or thing, at the time when the DID is created or used to transact"
There are lots of ways you could prove both without needing to know who the IO is who’s creating the DID
Could be some thoughts for the GA TF