Check-in and access this session from the IGF Schedule.

IGF 2019 WS #245
Self-sovereign Identity: Data Governance implications

    Subtheme

    Organizer 1: Maike Gericke, German Blockchain Association
    Organizer 2: Kai Wagner, German Blockchain Association

    Speaker 1: Piekarska Marta, Technical Community, Western European and Others Group (WEOG)
    Speaker 2: Elizabeth M. Renieris , Private Sector, Western European and Others Group (WEOG)
    Speaker 3: Mawaki Chango, Private Sector, African Group
    Speaker 4: Kai Wagner, Technical Community, Western European and Others Group (WEOG)
    Speaker 5: Daniel Du Seuil , Government, Western European and Others Group (WEOG)

    Moderator

    Maike Gericke, Technical Community, Western European and Others Group (WEOG)

    Online Moderator

    Maike Gericke, Technical Community, Western European and Others Group (WEOG)

    Rapporteur

    Maike Gericke, Technical Community, Western European and Others Group (WEOG)

    Format

    Other - 60 Min
    Format description: Fishbowl session format: 7 chairs forming a round-table setting in the middle of the room (1 moderator, 5 speakers, 1 additional chair). The additional chair in this setting is reserved for audience members that want to actively participate in the discussion. Each of the speakers can also (temporarily) free their chair in order to give additional audience members the opportunity to participate.

    Policy Question(s)

    1. Empowering individuals to control their digital identities: How could the Self-sovereign Identity concept be an answer to the privacy paradox?

    2. What to do with your digital identity once you control it? Exploring scenarios for Self-sovereign Identity applications governed respectively from a “data rights” or a “data ownership” perspective.

    SDGs

    GOAL 5: Gender Equality
    GOAL 8: Decent Work and Economic Growth
    GOAL 9: Industry, Innovation and Infrastructure
    GOAL 10: Reduced Inequalities
    GOAL 16: Peace, Justice and Strong Institutions

    Description: Intended Agenda:
    1. Introduction
    a. Introduction of invited speakers and their touchpoints with the Self-Sovereign Identity discourse and development
    b. Introduction to the concept of Self-sovereign Identity
    c. Connecting Self-Sovereign Identity in the context of SDGs: How can the concept help in achieving the 2030 goals?
    2. Discussion: Could the Self-sovereign Identity concept be an answer to the privacy paradox?
    3. Discussion: What to do with your digital identity once you control it? Exploring scenarios for Self-sovereign Identity applications governed respectively from a “data rights” or a “data ownership” perspective
    a. What is the role of the individual? What is the role of the state?
    b. Comparative advantages/disadvantages of different rights frameworks
    4. Outlook:
    a. Summary of the discussion
    b. Outlook per panel participant, and outlook summary

    Session Format: Fishbowl
    We would like to facilitate audience participation through using a “Fishbowl” format.
    This format includes our confirmed speakers in a roundtable setting in the center of the room, with an additional free chair through which any audience member can join the discussion to share their perspective, share insights, or ask questions. Any speaker can also empty their chair to give additional audience members the possibility to join the discussion. Through this format, we hope to combine a facilitated expert discussion with audience participation that goes beyond asking questions during specified times.


    Expected Outcomes: - Audience has a clear picture of the opportunities and limitations of Self-sovereign identity.
    - The principles of SSI have been put into context of the rights vs. ownership debate, enabling the audience to make next move in following the debate themselves.

    Through the suggested fishbowl format, individual audience members have the possibility to participate in the roundtable discussion.
    We will further reserve time for questions and comments from the audience for each discussion point.

    Relevance to Theme: The emerging framework of Self-sovereign Identity offers a new approach for the long standing challenge of privacy preserving and secure interaction on the internet. Designed to be provider agnostic, this Identity framework applies a user centric model for digital identity. Being structured from the perspective of one identity subject (a natural person, a legal person or an IoT device), credentials (attested attributes or documents) are issued to the identity subject directly. Issued credentials are cryptographically bound to the identity subject and clearly state the issuer of a credential to enable transparency and accountability (See W3C Verifiable Credential Data Model). The identity subject has exclusive control over this identity. With a focus on open standards to enable interoperability, this identity framework holds the potential to enable a universal identity layer for the internet.

    With the Decentralized Identity Foundation, the W3C working group on Verifiable Credentials and the W3C Community Group on Decentralized Identifiers the technical outlook is promising.

    As the potential of Self-sovereign Identity is materialized in first implementations and pilot projects, the Data Governance approaches that emerge with it are still unclear. Self-sovereign identity can enable cryptographically attested consent records and liability trails but it equally represents a major shift in personal responsibility with the removal of a centralized identity provider that as of today carries the major responsibility for identities being compromised or stolen.

    The empowerment of individual identity subjects thus comes with a challenge to balance individual sovereignty with the privacy paradox. If one aims to serve the individual identity subject, appropriate governance approaches will need to be developed to ensure that the empowering potential of Self-sovereign Identity does not create disempowerment by leaving individuals unprotected from the potential harms caused by increased sovereignty over their data.


    Relevance to Internet Governance: With the above stated potential to empower an individual to self govern its data via the Self-sovereign Identity framework, the need arises for all stakeholders to find answers to this structural transformation. Self-sovereign Identity enables a future where every individual can hold a digital identity without being bound to the ecosystem of an isolated provider. The power structures inherent in centralized and federated identity systems play out differently in the Self-sovereign Identity context. Just as with the internet, accountability and liability is not defined by the infrastructure itself, but bound to the respective parties involved. When looking at Self-sovereign Identity through the lens of Internet Governance, a prime objective is to coordinate among the actors involved and establish a common understanding of this novel identity framework and the challenges and opportunities that arise with it.

    Online Participation

    Online participants are encouraged to raise questions throughout the session, which the moderator would raise at a fitting point in the discussion, or towards the end of the session.