Beyond Jason Bourne - For what would you need a Disposable Identity?
Hello, dear community! I am posting this in the Name of @RobvanKranenburg. Looking forward to all the creative and thoughtful ideas and comments of yours!
Call for use cases ideas for Disposable Identities.
The goal is to take back the power and control of your own identity and to keep big cooperations and governments from profiting off of it. We need a multistakeholder governance on identity with citizens in charge together with SME (small companies) and inclusive tools from democratic organizations. (disposableidentity.com and disposableidentities.eu coming soon.)
Who we are:
We are developing a technical solution for the generation of disposable identities for "normal users."
We will reach out to the best use case idea’s and use our resources and technical know-how to develop your idea into a serious pitch or call application.
You own your use cases and ideas are theirs. We offer to help in making it into a pitch for a pitch, portfolio, investors or making it ready to apply for an NGI.eu call. The next step to realising your DID idea!
We ask you for the use cases you can imagine for such DiD’s.
Send your idea to Rob van Kranenburg at rob at dyne.org
The idea is that from a DiD a person can generate a disposable (limited in time, in purpose and scope) identity for each separate service (for example one for rent, one for the energy company, one for the water company) that can only be seen, controlled and traced back by the DID owner and that one specific service. So no one can aggregate services, nor are you ever fully exposed as a person unless you decide to, because you just send token/credential ‘enough money in the bank’ to rent, water and energy company as they just need to know that you can pay, not who you are.
Coding context: zenroom.org
How it works
Zenroom.org allows you to get credentials from a CA, like for example “I’m above 18” and “I’m Belgian” and “today I have more than 1000 EUR in my bank”. Each credential is a crypto object, signed by the CA.
Each time you want to use any of these credentials, they get anonymized, so if you use them twice, they don’t look the same and can not be linked to each other and therefore not traced back to you.
Example Use Case:
So for example, if you need to access a service that requires you to be 18+ and Belgian, you’d use those 2 anonymized credentials… the next day you use a different service that requires you to be 18+ and has 1000K EUR in your bank account, so you use those 2 other anonymized credentials: both times you effectively generated and used a disposable identity, because only the CA could know who you are, but the services can only see that the CA signed the fact that you are Belgian, 18+ etc.