6 Degrees of Identity Freedom

by | Nov 6, 2017 | Identity and Access Management (IAM), Self Sovereign Identity | 0 comments

I hosted a session at the Internet Identity Workshop XXV based on my friend, Tim Bouma’s “Digital Identity: Six Degrees of Freedom“.
Tim proposes 6 Degrees of Identity Freedom:
  1. Freedom of Credential — I should have the ability to use whatever credential (login, etc.) that ensures that I am in control.
  2. Freedom of Identity Data — I should have the ability to decide what identity information to use to identify myself.
  3. Freedom of Authorities — I should have the ability to choose which authorities (or lack thereof) I require to vouch for me on my behalf.
  4. Freedom of Disclosure — I should be able to decide which identity information (or subset of information) I give to others.
  5. Freedom of Consent — I should be able to decide how and when my identity information can be used, including the ability to fully revoke its use, if so be.
  6. Freedom from Control — I should have full agency over the decisions relating to the above in the identity system I choose to use.
Tim closes with the idea that I likely won’t have total freedom on all of these dimensions. The point of this is that there is a conscious starting point created.
Degrees of Identity Freedom

(Messy) Notes from the IIW Session

My premise for the discussion was that there is a continuum in each dimension. Depending on my use case I may have the freedoms I want but likely not in all dimensions.
Example: I am paying cash for lunch at a taco truck. I have most of the freedoms under my control, but if a purchase is in USD, my Freedom of Authority has been picked for me – and I need to be ok with that or walk from the transaction (no taco for me).
Some further reading was recommended during the fairly well attended session:
We bounced through multiple use cases and the 6 degrees concept held up quite well other than some relatively fine, and partly pedantic, disagreement. For my use Tim’s 6 Degrees are a great starting point.
The use cases that we floated ranged:
  • Making a purchase from Amazon of something like a book. In theory very little freedom is lost here – Identity Data is currently constrained but that may be a relic of how things have always been done. Amazon creates the Credential.
  • Making a purchase from a vendor of a food product. There are needs to potentially share more information here in the event that there is an urgent need to contact the end user (e.g. food contamination issue).
  • Creating a bank account on a simple KYC basis.
Further I wanted to understand if the dimensions withstood debate. They did.

Also published on Medium.