The mandatory "state of the art"

Concerns about centralized systems and organizations

The Web is by nature a decentralized platform, but...

• Google sets record with 25% of U.S. traffic.
• "We need to re-decentralise the web".

No clear winner in decentralized solutions

• At browser level: Mozilla Persona.
• Standards: WebID, OpenID...
• Platforms (related to payments, or not): Diaspora et al. Many things you've already heard of, before or during this workshop.

What's cooking?

There's a lot of innovation, on the hardware side, but not only.

Frontiers between retail and e-commerce processing shrink.

• Smart[phones|cards] with Secure Elements, NFC, Biometry.
• mPOS, Beacon (BLE), Host-Card Emulation. Geolocation.
• FIDO alliance's specifications. Identity Credentials.

There are some issues that need to be addressed.

• Data aggregation.
• Credentials copying across devices.
• Multiple points of failure.

Identity and Privacy concerns

• Your Identity is defined by what other people or organizations know about you.
• Identity is the matter of being, Privacy is about choosing what you want to disclose or not.
• Identity and Privacy are a matter of trust which is subjective.

Handing back control to the user

• Let him/her create its web-of-trust. The key point here is Education. Encourage the user to add an Internet-savvy person in this group. Example: Facebook's Trusted Contacts.
• Let him choose what he/she wants to disclose to a given entity or service provider.

Thoughts about Credentials Sharing

• Shamir's Secret Sharing Scheme.
• As the user (should) know that he/she will share sensitive data, it's more likely that he/she will perform properly the first Identity checks.
• Use the IoT for secret sharing. Objects, wearable devices become part of your Identity (as they are IRL).
• Use a quorum so that UX is adapted to the situation.

Thank you!

Gregory Estrade (@Torlus) - Lyra Network