I have already reported on the workshop on online identities led by @RobvanKranenburg at the NGI Forum in Helsinki. As I read more about the topic, I find many words and expressions that are highly specific of that intellectual space, and they are not necessarily super intuitive for a nonspecialist who is trying to form an opinion. So, I feel the need for a small glossary where I can stash their definitions, and come back to when I need to refresh one. Lately I came across this post, and I decided to start writing one. I’m making it a wiki in case others want to help.
Disposable identities are temporary attribute-based identities describing a smart contract between a receiver and a supplier of a service, ie. rent, leasing a car, energy for a home, paying taxes, basically any service.
I am not sure about the “smart contract” part, but the “disposable” part seems to point to identities that are “one shot”: you use them to secure a certain service, and then never again. In An example close to the experience of many of us is disposable email addresses: these are addresses you only use when you sign up to an online service, and only to do one thing: validate the email address. Once validated, you throw them away, or they even self-destruct (but now need to store your login information in a safe place). You can also get disposable phone numbers, and there is even a fun Fake name generator you can use to confuse algorithms.
Ok, but then how would it work to rent a car based on a disposable identity? When you rent a car, you need to show your driving license, for the very good reason that you carry responsibility and liabilities for any bad deed you might be carrying out with that car. It would be nice to rent one with a disposable ID, but I don’t think Avis is going to be willing to give you the keys.
I think the document refers to the IoT Trust Framework. This is basically a checklist meant to assess the trustability of a connected device. If the device does not meet the framework’s requirements (that is, if one or more “must have” characteristics are not there), then the device is not trustable.
I cannot find online definitions of this. By analogy with provable security, I imagine it to be a type of computing which does not happen in a black box; you can verify that the computing really treats the input data in the way it says on the label. +
In science, we have a similar concept called reproducibility. It comes down to publishing not just your results, but also your data and the code to crunch them.
Self-sovereign identity is the concept that people and businesses can store their own identity data on their own devices, and provide it efficiently to those who need to validate it, without relying on a central repository of identity data. […] There are three parts to identity: claims , proofs , and attestations. (source)