luke.b//blog

< back to logs after before

I just went to a very interesting webinar from Evernym on their SSI stack and it was really informative and engaging.

They definitely seem to be taking the Enterprise route, with large companies and organisations being their primary target.

In the webinar, Fido was mentioned as an alternative. But Fido only provides a yes/no answer to the question “are you who you say you are?”. SSIs formalise an alternative that allows for much more complex attribute verification.

Fido is a centralised digital identity - a more literal replacement of username + password that requires some second factor that is provided by some physical device or a biometric sensor on the device.

In the world of Fido, the CA-equivalents are still the platforms. For example, Android phones are Fido-compliant meaning they can verify a user’s identity for the purposes of authenticating with a 3rd party. In a sense, the Fido alliance itself can be seen as the one almighty CA. There isn’t really a “wallet” in this model - the keys are simply kept on the device of the user. The user trusts that their phone is capable of making a verifiable check against their pre-existing biometric data (which stays on the device). I would consider this more like a distributed model, where the main platforms and the software they write act as the ephemeral CAs of their users.

Importantly, the notion of identity is still centralised with the platforms or apps that require a user to be authenticated.

I’m definitely interested in reading more into this!