In this talk we present re:claimID, a decentralized, self-sovereign identity
management system. re:claimID allows users to reclaim authority over their
identities and personal data. The system is built on top if a
state-of-the-art, decentralized directory service: The GNU Name System.
Built-in cryptographic mechanisms allow users to selectively disclose
personal data and the directory service ensures that this data is accessible
to authorized parties even if the user is offline. Through OpenID Connect,
integration and use of re:claimID is straight-forward and authorization
flows are familiar. In this talk, we present the current state of re:claimID
as well as a future roadmap.
Today, users are often required to share personal data, like email
addresses, to use services on the web. As part of normal service operation,
such as notifications or billing, services require access to -- ideally
fresh and correct -- user data. Sharing attributes in the Web today is often
done via centralized service providers to reduce data redundancy and to give
services access to current, up-to-date information even if the user is
currently offline. Abuse of this power is theoretically limited by local
laws and regulations. But, the past has shown that even well-meaning
identity providers struggle to keep user data safe as they become major
targets for hackers and nation state actors while striving for monetizing
anonymized statistics from these data. We advocate for a new, decentralized
way for users to manage their identities for the following reasons:
* The current state of omniscient identity providers is a significant
threat to the users' privacy.
* Users must completely trust the service provider with respect to
protecting the integrity and confidentiality of their identity in their
* The service provider itself is facing substantial liability risks
given the responsibility of securely managing potentially sensitive personal
data of millions of users.
We present re:claimID, a decentralized identity service with the following
* Self-sovereign: You manage your identities and attributes locally on
your computer. No need to trust a third party service with your data.
* Decentralized: You can share your identity attributes securely over
a decentralized name system. This allows your friends to access your shared
data without the need of a trusted third party.
* Standard-compliant: You can use OpenID Connect to integrate reclaim
in your web sites.