On KERI: a way not to reveal more personal info than you need to

You don’t walk around wearing a name badge.  Except maybe at a conference, or some other enclosed space where people need to share their names and affiliations with each other. But otherwise, no.

Why is that?

Because you don’t need a name badge for people who know you—or for people who don’t.

Here in civilization we typically reveal information about ourselves to others on a need-to-know basis: “I’m over 18.” “I’m a citizen of Canada.” “Here’s my Costco card.” “Hi, I’m Jane.” We may or may not present credentials in these encounters. And in most we don’t say our names. “Michael” being a common name, a guy called “Mike” may tell a barista his name is “Clive” if the guy in front of him just said his name is “Mike.” (My given name is David, a name so common that another David re-branded me Doc. Later I learned that his middle name was David and his first name was Paul. True story.)

This is how civilization works in the offline world.

Kim Cameron wrote up how this ought to work, in Laws of Identity, first published in 2004. The Laws include personal control and consentminimum disclosure for a constrained usejustifiable parties, and plurality of operators. Again, we have those in here in the offline world where your body is reading this on a screen.

In the online world behind that screen, however, you have a monstrous mess. I won’t go into why. The results are what matter, and you already know those anyway.

Instead, I’d like to share what (at least for now) I think is the best approach to the challenge of presenting verifiable credentials in the digital world. It’s called KERI, and you can read about it here: https://keri.one/. If you’d like to contribute to the code work, that’s here: https://github.com/decentralized-identity/keri/.

I’m still just getting acquainted with it, in sessions at IIW. The main thing is that I’m sure it matters. So I’m sharing that sentiment, along with those links.

 

1 comment

Comments are now closed.