Holding hands with a girl is a great way to show that you like her and you’re having a good time. Making the move to grab her hand for the first time can be a little nerve wracking, especially if you aren’t quite sure she wants to hold your hand. We’ve compiled a list of signs you can look out for to tell whether or not the girl you’re with wants to hold hands so you know exactly what to do the next time you two hang out.

Personality. You’ve got one; your friends have one—everyone has one! But what does it say about you and your social tendencies? In the early 1900s, Carl Jung coined the terms “introvert” and “extrovert” to describe personality traits and behaviors. Introverts tend to be more reserved, whereas extroverts thrive on social interaction. So, where do you fall? Are you an introvert, extrovert, or something in between? Answer these questions about what you would do in any given situation to find out.

Do you sense that you have a profound bond with a person? If so, maybe you want to know if your two souls are connected. Here, we'll reveal what a soul connection is and explain the different types of soul connections you'll encounter. Read on to explore how soul connections will shape you during your spiritual journey.

Rap songs often come off as effortless, but they actually require a lot of time and effort to write. You need lyrics that are catchy yet real. You also need top-notch rhyme and rhythm. In a way, writing rap is not all that different from writing poetry. If you are struggling to write a rap song, then this wikiHow is for you.

Wondering what the ✨ (sparkle) emoji means? This fun and glittery emoji can be used in a variety of ways, so we’ve put together an easy guide just for you! Keep reading to learn what the sparkle emoji means and how you can use it.

If you want to improve your writing speed, there are several steps that you can take to improve your efficiency and get assignments done faster. First, you'll want to do all of your research and organize your thoughts in an outline form. From there, you can set realistic goals for yourself and continue to practice until you improve. If you're struggling with the act of writing with a pen and paper, you should make sure that you're comfortable and have the right writing tools. With the right amount of practice and repetition, you can improve your writing speed.

Falling in love is beautiful, earth-shattering, magical, and sometimes really hard. Whether you're struggling to get over negative patterns, meet new people, or create a deep connection, your feelings are completely normal. So many people all over the world are asking themselves the same question: how can I finally find a deep, meaningful love? And luckily, there are tons of changes you can make today to raise your chances of romance—and, enjoy yourself more along the way, too. Let's get started.

If you really like spending time and hanging out with someone, you’re probably wondering if they feel the same way. While it’s sometimes pretty easy to tell if somebody is your friend, it never hurts to ask, especially if you want to pursue a more serious relationship with them. We know that it’s a little nerve-wracking to have this conversation, but there are a lot of ways to talk about it without any stress. Keep reading for a list of different direct and indirect ways you can pose the question.

We all have blind spots, especially when it comes to the ways we treat others (and ourselves). Unfortunately, it can be pretty tough to take a really objective look at what your own weak points are. We’re here to help. Hit “Start Quiz” to rip off the Band-aid and see what your blind spots really are. Keep in mind, though—this quiz is just for fun!

Easy ways to tell if she likes you as more than a friend (and what you can do about it)She glances your way, laughs at your jokes, and acts nervously around you. You’re not sure if she’s flirting, being friendly, or is simply uninterested. Whether you’ve had a crush on a girl for ages and are dying to know if the feeling is mutual or you just want to know if she likes you for curiosity’s sake, we’ll help you out. We consulted our dating experts to bring you 25 foolproof signs that a girl likes you.

Looking to improve your looks? Good news: there are actually tons of ways to become more attractive instantly, without too much work. Plus, at the end of the day, confidence and self-love makes anyone beautiful. From hair, to makeup, to clothes, to charisma, read on for our in-depth guide to becoming a more attractive person.

It’s easy to wish you looked like or acted like someone else, or had the cushy job or great boyfriend that someone else has. No matter who you are, you can learn to be happy and fulfilled with your life. Take time to appreciate your talents and characteristics while forming a healthy body image and self-esteem. Focus on the positive aspects of your job, hobbies, and lifestyle. Fostering strong and close relationships can help you feel more satisfied and confident in your lifestyle.

Overcome fear and get comfortable with discomfortIt can certainly be challenging and a little scary to step out of your comfort zone, but facing unfamiliar challenges can help you feel happier and more fulfilled in the long run. You can end up discovering a lot about yourself and your abilities when you make an effort to take risks and try new things. To help you begin this transformation, we’ve rounded up the best, most effective strategies for stepping out of your comfort zone, embarking on new adventures, and expanding your personal horizons.

If you've caught an adorable ladybug and you want to keep it for a while as a pet, they're easy to care for! In this article, we'll tell you how to set up a ladybug habitat and feed it so your ladybug is happy and healthy. Just remember to release your ladybug after a few days since they tend to thrive best in their natural habitat.

You already take diligent notes, but now you’re wondering how to up your note-taking game and start taking notes that are better and more useful for you. There are actually all kinds of note-taking methods and strategies you can use to make your notes as effective and clutter-free as possible, and we’ll show you how! We’ve also included some tips on the best ways to review your notes so you get the most out of them. Check out the steps below to get started.

Weird Al Yankovic, Alicia Keys, and Jodi Foster. What do all of these celebrities have in common? They were all valedictorians of their class. Though being valedictorian won't make you a supermodel or singer, it can set you on an impressive path that can lead you to succeed in your college career and in the world at large. All you need is to have mental toughness, endurance, and an unbeatable work ethic. So how do you do it? Just follow these steps.

Hoping to learn more about the world of palmistry? The love (or heart) line is a great place to start. Often considered one of the 3 most important lines on your palms, the love line provides a valuable glimpse into a person’s romantic and emotional tendencies. We’ve covered everything you need to know about this essential line, so you can have an easy time reading someone else’s palm—or even your own!

Texting is a fantastic way to connect with a guy that you're into, especially if you're nervous about talking in person. Sure, you can text whenever you want, but there are some key guidelines to follow so you don't overwhelm him or look desperate. Check out the following texting tips so you communicate with confidence.

Believe it or not, Spanish is the second-most spoken language on the planet. Developing your Spanish-speaking skills is a great way to meet new people, communicate with Spanish speakers, and immerse yourself in a new way of thinking. If you want to speak Spanish, start by learning the common phrases and vocabulary terms. Once you feel a little more comfortable with the language, you can learn a lot more by immersing yourself in the language, taking classes, and practicing to develop fluency in the language.

Learn the best instant coffee recipes, plus how to make your own from beans Are you craving a delicious cup of coffee but don’t want to wait for it to brew? Yes? Well, with instant coffee, just add hot water and you’ve got a fresh cup in seconds! You can even use it for your favorite specialty drinks, like lattes and frappés, if you want to make instant coffee more flavorful. No matter how you drink your coffee, we’ll walk you through exactly how to make it. Keep reading, and you’ll be sipping on a cup of joe in no time. Looking for how to brew regular coffee grounds? Learn how to use a coffee maker here.

Do you remember how to find the circumference of a circle? What about the capital of New Jersey? We’re about to quiz you game-show style with a variety of elementary school trivia questions, from math and science to history, geography, and language arts. Answer these 12 “Are You Smarter Than a 5th Grader?” questions to test your knowledge and see if you come out on top!

If someone you know has texted or messaged you a message with “WSP” in it, you may be scratching your head in confusion. Don’t sweat it—this one’s pretty easy and we’ll break it down for you. We’ll even walk you through a few corner cases where “WSP” might mean something unique, as well. Read on to learn everything you need to know about “WSP.”

Look for this symbol of good luck and connect with the spiritual worldDimes can have incredible spiritual meaning. Depending on when or where you found them or what side of the coin was facing up, they can be a sign from a departed loved one, an omen of good luck, a sign that your intentions are bringing the rewards you need, and more. In the article, we have all the answers to your questions. Let’s dive in.

Flirty and casual responses to send your crush or loved onesYou wake up, roll over, and grab your phone to find a message from your crush, “Good morning! How did you sleep?” You bolt upright in bed. You have to respond, but how? When someone asks, “How did you sleep?” they want to know how your evening was—they’re starting a conversation. So, what do you do if someone sends you this text first thing in the morning? Try sending them one of these friendly or flirty responses.

올해 노벨상 수상자들의 성과를 기리는 심포지엄에서 칼-울르프 안데르손(사진) 주한스웨덴대사가 “음악, 영화, 음식, 패션으로 문화계를 정복하는 한류의 물결이 계속되고 있는 지금, 한국이 문학으로 우리를 정복하리라는 것은 놀라운 일이 아니다”라고 말했다. 12일 서울 성북구 고려대 백주년기념관에서 열린 ‘제5회 스웨덴-대한민국 노벨 메모리얼 심포지엄’에서

올여름 파리 올림픽은 우리나라 선수들의 활약뿐만 아니라, 경기의 배경으로 역사와 낭만이 깃든 파리의 풍경을 감상하는 즐거움이 있었다. 파리올림픽조직위원회가 개회식 장소로 센강을 선정하고 파리의 명소를 경기장으로 활용한 이유는 이번 올림픽의 주제가 ‘혁신’, ‘공유’, 그리고 ‘지속가능성’이었기 때문이다. 조직위는 새로운 건물을 지을 때 발생하는 탄소 배출량

수능 예비소집일인 13일에도 포근한 가을 날씨가 이어지겠다. 낮 기온은 20도 내외로 오르겠고, 낮과 밤의 기온차는 커 건강관리에 유의해야겠다. 기상청은 이날 전국이 가끔 구름 많겠으나 강원과 경상, 제주는 대체로 흐리겠고, 낮 기온이 20도 내외로 포근하겠다고 예보했다. 전라권과 경북남부내륙, 경남내륙을 중심으로 가시거리 200m 미만의 짙은 안개

삼성서울병원은 우리나라에서 가장 작게 태어난 ‘예랑이(이예랑양)’가 태어난 지 198일 만에 건강한 모습으로 퇴원했다고 앞선 12일 밝혔다. 이날 병원에 따르면 지난 4월 22일 260g으로 태어난 예랑이는 5일 건강을 회복해 3.19㎏으로 퇴원했다. 예랑이는 세계에서도 14번째로 작게 태어난 아기라고 전해졌다. 예랑이처럼 300g 미만으로 태어난

국제어린이양육기구 ‘한국컴패션’이 지난 6일 한국광고홍보학회와 글로벌 지역 사회 및 어린이를 위한 사회공헌협약식(MOU)를 체결했다고 13일 밝혔다. 서울 용산구 한국컴패션 사옥에서 진행된 협약식에는 한국컴패션 황덕신 부대표, 김내은 팀장과 한국광고홍보학회 이정교 학회장, 김예솔란 교수 등 관계자가 참석했다. 이번 협약을 통해 한국광고홍보학회와 한국

43살 여성 A씨는 6년전 제왕절개 수술 이후 해수욕장 가기가 부담스럽다. 배 아랫부분에 수술 자국이 아직도 선명하게 남아있어서다. 오돌토돌하게 올라온 흉터는 밴드나 연고를 발라도 나아지지 않는다. 국내 연구진이 난치성 켈로이드 흉터 치료에서 회복 기간을 줄이는 효과적 방법을 제시했다. 연세대 세브란스병원 피부과 오병호, 정진웅 교수 연구팀은

고통을 잘 참는 사람일수록 사이코패스일 확률이 높다는 연구 결과가 발표됐다. 11일(현지시각) 영국 데일리메일에 따르면 네덜란드 라드바우드 대학 디마나 아타나소바 박사팀은 고통을 잘 참는 사람일수록 사이코패스일 확률이 높다는 연구 결과를 최근 발표했다. 연구진은 사이코패스 성향과 고통 감내 능력 간의 연관성을 확인하기 위해 두 가지 실험을 진행했다.

나이키가 다음 세대를 이끌어갈 모든 아이들의 도전 정신을 불러일으킬 새로운 키즈 전용 러닝화, 코스믹 러너(Cosmic Runner)를 13일 출시했다. 코스믹 러너는 아이들의 스포츠와 놀이에 활력을 불어넣기 위해 하루 종일 편안함과 지지력을 선사하는 쿠셔닝이 탑재된 키즈 전용 러닝화다. 레이어드 햅틱 프린팅(Layered Haptic Printing)

한림대학교성심병원은 13일 ‘한림국제항생제내성센터(Hallym International Antibiotic Resistance Center·HIARC)’를 개소했다. 이날 경기 안양시 한림대성심병원 제2별관 5층 일송문화홀에서 열린 개소식에는 스웨덴 웁살라대학교 에바 티엔수 얀슨 부총장, 댄 안데르손 웁살라항생제센터장과 학교법인일송학원 윤희성 이사장

“(관객들이) 매직(마술)쇼를 기대하고 오신다면 실망하실거예요. 세상에 없는, 기존에 없었던, 듣도 보도 못한 작품을 만들고 싶다는, 철저히 창작자로서 제가 가진 욕망으로 시작한 작품입니다.” 유명 일루셔니스트(마술사) 이은결(43)은 프랑스 마술사 겸 영화감독 조르주 멜리에스(1861~1938)의 삶과 예술에 대한 존경 의미를 담아 오마주(헌정 인용)한

책 속을 걷는 변호사/조용주 지음/ 궁편책/ 2만2000원 책 읽기를 좋아하는 조용주 변호사가 그의 독서 생활을 담은 에세이집을 펴냈다. 조 변호사가 틈틈이 읽은 책 가운데 사색하며 읽을 만한 58권의 책을 한국사, 세계사, 인류사, 환경, 인간, 사회 등 6개 분야로 나눠 추천·소개하고 있다. ’한민족 탄생의 긴 여정’ (신라의 통일전쟁: 백

대학수학능력시험(수능)이 가까워지면 ‘수능 날 피해야 할 음식’이라는 게시물을 쉽게 볼 수 있다. 시험 볼 때 사회 통념상 미역국처럼 피하는 음식이 있는가 하면 특정 음식은 수험생에게 복통과 설사 등 위장 장애를 일으켜 자칫 시험을 망칠 수 있다. 먼저 수험생은 너무 맵거나 짠 자극적인 음식은 되도록 피하는 게 좋다. 아울러 심신을 안정시켜준다며 갑

3세대 인공고관절 전치환술을 받은 환자의 96% 이상이 25년간 재수술없이 유지했다는 연구결과가 나왔다. 서울대병원 정형외과 김홍석·유정준 교수팀은 1997년 11월부터 1998년 4월까지 3세대 세라믹 관절면 인공고관절 전치환술을 받은 57명을 25년 이상 추적해 장기적 안정성과 기능적 성과를 확인한 결과 이같이 나왔다고 13일 밝혔다. 골반과 다리

“탐(貪, 탐욕)·진(瞋, 노여움)·치(癡, 어리석음) 세 가지가 무서운 독(毒)인데 전부 독에 맞아 제정신이 아닌 채로 살고 있다. (대통령 등 정치 지도자들을 비롯해) 국민 모두가 이 몹쓸 ‘3독’을 배출하거나 좀 희석해서 부드럽고 유연한 삶을 살았으면 좋겠다.” 불교계의 큰어른이자 대강백(大講伯)인 여천무비(如天無比) 스님(81)은 ‘민생이 힘든데

문재인 전 대통령이 입었던 등산복 점퍼가 미술품 전문 경매회사 ㈜에이옥션과 사단법인 한반도평화포럼이 함께 진행하는 자선 경매의 물품으로 나온다. 13일 에이옥션 등에 따르면 오는 15~22일 에이옥션의 공식 홈페이지에서 진행되는 경매에 문 전 대통령의 등산복 점퍼를 포함한 총 171점의 물건이 나온다. 한반도평화포럼이 낸 물건 13점과 에이옥션의 경매

쥐 96년생: 목마른 나무에 단비가 오는 운이다. 84년생: 심리적에 위축되지 말고 당당한 척 해라. 72년생: 먼저 나서지 말라 불리하다. 60년생: 서둘러 정리하는 것이 좋겠다. 48년생: 만남의 약속은 오전에 좋다. 36년생: 옛 것을 귀중하게 여기자. 소 97년생: 새로운 일을 계획하고 추진한다. 85년생: 편중된 사고방식은 피하라

서울시오페라단이 21∼24일 세종문화회관 대극장에서 선보이는 푸치니 오페라 ‘라보엠’의 주역들은 이번 무대에 기대감을 나타냈다. 서울시오페라단은 창단 39년 만에 처음 공연하는 ‘라보엠’을 위해 20대∼40대 초반의 실력파 성악가들을 주역으로 내세웠다. 19세기 프랑스 파리를 배경으로 가난한 젊은 예술가 등 청춘들의 우정과 사랑, 낭만을 다룬 이 작품의 이

2025학년도 대학수학능력시험이 치러지는 14일은 시험일마다 찾아오던 강추위 없이 포근할 전망이다. 늦은 오후부터 약한 비가 내리겠다. 기상청은 13일 “내일은 전국이 대체로 맑다가 오전부터 흐려지겠다”며 “늦은 오후부터 모레 오전 사이 전국 대부분 지역에 가끔 비가 내리는 곳이 있겠다”고 예보했다. 아침 기온은 강원도와 경북 내륙에서 5도 내외로

Summary: The overhead of performing even simple tasks online is getting larger and larger. I question the security of almost all these supposedly "secure" messaging systems. And I'm tired of the 'Utopia of Rules' mindset pervasive in every organization. It's exhausting how they expect customers to constantly adapt to their needs.

I don't know if you recall the game Kerplunk. It's a classic children's game that has been around for decades. I remember playing it with my sister. The basic setup involves a transparent plastic tube, a number of sticks, and marbles. The sticks are threaded through the tube to form a web or nest at the bottom on which the marbles rest. We'd take turns removing a stick at a time, trying not to let any marbles fall through the web and out of the tube. At some point, the remaining sticks can't hold the marbles and everything falls down.

The modern web reminds me more and more of a big Kerplunk game and I think the marbles are about to fall. What started out as an easier way to do things like shop, bank, and get health care information has become increasingly complex over time. More and more of the email I receive seems to be simply directing me to log into some bespoke system to retrieve a message or engage in some workflow. And even with a password manager, the act of logging in is often a chore with different user interfaces, custom MFA requirements, and weird rules for passwords. Once you're on the system, session time-outs induce their own form of anxiety since stepping away for a few minutes to attend to something else might require going through the whole Kafkaesque process all over again. The modern web has turned into a dystopian theater of the absurd where even reading a simple appointment reminder from your doctor requires several minutes of stress-inducing interaction with baroque systems and processes.

And it's not just doctors, of course, banks, government agencies, hospitals, ecommerce sites, and customer service systems all adopt these special purpose messaging systems. If you ask these organizations why they use bespoke messaging systems, they'll list things like "timely and improved communication," "convenience," and "privacy and security." But the real reason is that it's more convenient for them because these systems are integrated with their backends and make their processes more manageable. There's certainly nothing about them that's more convenient, timely, or better than email for their customers¹.

I also question the privacy and security premise. Email can be insecure. And your email provider can see the contents of your emails. But the messaging system run by your doctor or bank is likely less secure than the email systems run by Apple, Google, and the others. And achieving privacy by making everything incompatible so that you have to use a different system for each correspondent is like chopping off your finger to prevent hangnails.

How did we get here? Bureaucracy. Not just government bureaucracy, but bureaucracy of all kinds. In Utopia of Rules², David Graeber talks about how power imbalances force the less powerful group to perform what he calls interpretive labor, the work of understanding and implementing what's better or more convenient for the more powerful partner. People are not equal participants in online interactions. We don't have the tools to be fully embodied online³. Because of this we are forced to play by the rules organizations online who are digitally embodied with servers, identity systems, customer management systems, and so on. And part of that is being forced to use their inconvenient and anemic messaging systems.

What's the answer? People need tools. I think digital wallets (a bad name for an important tool), autonomic (peer) identifiers with strong cryptography, and verifiable credentials are a huge step forward. These tools provide the means for people to be peers online rather that mere ghosts in someone else's machine. That's why I insist on using the term self-sovereign rather than decentralized to describe these systems. Cogito Ergo Sum.

Notes

1. For a deeper dive into why one-off messaging systems are never as good as email, see Rich Sharing and Personal Channels. Email and other useful messaging systems exhibit a property called rich sharing that makes them much more robust that the simple idea of "sharing a message" would bring to mind.
2. If you're interested in power imbalances and how they come about, I can't recommend Graeber's book highly enough. He had such a keen understanding of this problem and wrote about it in a way that's both informative and entertaining.
3. I talk about this in more detail in Chapter 17 of Learning Digital Identity when I discuss authentic digital relationships.

Photo Credit: Playing Kerplunk from DALL-E (public domain) Prompt: Draw a picture of a boy and girl playing kerplunk that's 1200x500 pixels

Tags: web identity authentication authorization verifiable+credentials

Summary: People aren't digitally embodied. As a result, their online relationships are anemic. As we think about the kinds of digital identity systems that will help people live authentic online lives, we must build identity systems that give people tools to operationalize rich digital relationships.

Identity is the ability to recognize, remember, and react to people, organizations, systems, and things. In the current web, companies employ many ponderous technological systems to perform those functions. In these systems, we are like ghosts in the machines. We have "accounts" in companies' systems, but no good way to recognize, remember, and react to them or anyone else. We are not digital embodied.

One of the great benefits of embodiment is the ability to form and operationalize rich digital relationships. I've written a lot about the nature of digital relationships.

• Relationships and Identity
• Authentic Digital Relationships
• Ephemeral Relationships
• Operationalizing Digital Relationships
• Relationships in the Self-Sovereign Internet of Things
• The Architecture of Identity Systems
• Are Transactional Relationships Enough?
• Fluid Multi-Pseudonymity

One of the discussions at VRM Day caused me to think about a feature of digital relationships I hadn't considered before. Someone said that if you think about a graph with people (or things, organizations, and so on) as the nodes, the relationships are the edges, like so¹:

In this figure Alice and Bob have a bi-directional relationship. This is how I've normally thought about it and how I'd have drawn it. But in today's discussion, someone said that the relationship is shared and that Alice and Bob both control it. But I realized that viewpoint is too simple. Specifically, Alice and Bob each have a different perspective of that relationship and will use it separately.

For example, imagine that Alice is the cashier at a grocery store and Bob is a customer. Alice gives great service, so Bob seeks her out when he shops. Alice on the other hand has no particular recollection of Bob from encounter to encounter. For Alice, the relationship is ephemeral, but for Bob, it's longer term. The nature of each relationship is different. So, we might look at it like this:

But after discussing it some more, I realized that these relationships aren't independent. They're entangled like this:

In the example I gave above, as Bob seeks out Alice more and more, Alice might come to recognize him and call him by name, changing the nature of her relationship with Bob. And that may influence the nature of Bob's relationship with Alice. Over time, these interactions influence both relationships. So, while Alice and Bob both have control over their relationship with the other, actions by one influence the other.

I frequently say that we don't build identity systems to manage identities, but rather to manage relationships. The problem with contemporary identity systems is that they are all one sided, controlled by one party—almost always a company. As I've said before, people are not digitally embodied and thus have no good way to manage their online relationships. As we strive to build better digital identity systems, I think it's paramount that we build systems that provide people with tools that embody them and provide them with the ability to operationalize their online relationships. These are more than decentralized; they are self-sovereign.

Notes

1. Peer decentralized identifiers (DIDs) are a great technology for creating bi-directional relationships.

Tags: identity relationships

Summary: The abundance of X.509 certificate authorities who already perform identity proofing for businesses provides a rich resource that can be leveraged to boot the verifiable data ecosystem.

When you used a verifiable credential to prove something about yourself, the verifier can know cryptographically: (1) the identifiers for the issuer, (2) the credential hasn't been tampered with, (3) the credential was issued to you, and (4) the credential hasn't been revoked. These four checks are important because their establish the fidelity of the data being transferred. They don't, however, tell them whether they can trust the issuer. For that, they need to take the issuer's decentralized identifier (DID) that they got from credential presentation and determine who it belongs to.

At the most recent Internet Identity Workshop, Drummond Reed gave a session on how X.509 certificates could help with this. The first step, like always, is to resolve the DID and retrieve the DIDDoc that associates keys and endpoints with the DID. The endpoint can be an HTTP server and, of course, should have an X.509 certificate providing TLS security. That certificate, at the very least, has a a domain name to bind that to the certificate's public key. It can, if you pay for the feature, also include information about the entity that applied for the certificate. The certificate authority proofs that information and is vouching for it when they sign the certificate.

The key to making the X.509 certificate useful for checking the provenance of a DID lies in one key change. X.509 certificates can contain and extended field called a Subject Alternative Name. This following figure shows how it can help.

In this figure:

1. The issuer (Attestor) creates the DID they will use to issue the certificate along with its associated DIDDoc, including an HTTP endpoint for DID verification.
2. Attestor applies for a X.509 certificate for that endpoint, including in the application the DID they created in (1).
3. The certificate authority does it's usual proofing of the application and issues a certificate that includes the DID in the Subject Alternative Name field.
4. The issuer creates a credential definition in the usual way that includes their DID and writes it to whatever Verifiable Data Registry their DID method dictates.
5. Attestor issues a credential to a holder (Alice) using that credential definition.
6. At some later time, Alice presents the credential to the verifier (Certiphi).
7. Certiphi resolves the DID to get the DIDDoc and retrieves the verfication endpoint from the DIDDoc
8. Certiphi retrieves the certificate for that endpoint¹.
9. Certiphi verifies the certificate by checking it's signature and ensures that the DID in the DIDDoc for the credential matches the one in certificate.²

The issuer's DID has now been tied in a verifiable way to whatever information is in the certificate. Provided the certificate includes information about the entity beyond the domain name, the verifier can use that information to determine whether or not the credential is authentic (i.e., issued by who the credential definition purports issued it). That might be all the evidence they need to determine whether to trust the entity. Certificate authorities could also issue verifiable credentials to the customer attesting the same verified claims—after all, it's one more product they can offer.

The benefit of doing issuer validation using X.509 certificates is that there are already many trusted X.509 certificate authorities in business who already do proofing of attributes about businesses. That's a huge chunk of the verifiable data ecosystem that doesn't need to be built because it can be leveraged. To make this work, digital certificate authorities would need to start offering to validate DIDs and include them in a certificate as a Subject Alternative Name. I don't discount that this will take some bureaucratic maneuvering. Certificate authorities will need to see a business opportunity. I'd love to see Digitcert or someone do a pilot on this.

Notes

1. Note that this step might be combined with the previous step if the Verifiable Data Registry is the same server as the endpoint, but that's not necessarily going to be the case for a number of reasons.
2. Note that this does not create a call back wherein Attestor can determine which credential was used, preserving the privacy of the presentation. Attestor does know one of its credentials has been presented to Certiphi. If this information leakage bothers you, then any web-based DID method is potentially a problem.

Tags: identity ssi decentralized+identifiers verifiable+credentials x.509

Summary: This spring's IIW was full of interesting people and interesting discussions with people from around the globe.

We recently completed the 38th edition of the Internet Identity Workshop. We had 330 people from around the world who called 169 sessions. As usual there was lots of energy and thousands of side conversations. IIW is a place to get things done and it showed in the energy and the comments people made to me about how much they enjoyed it.

As you can see by the pins in the map at the top of this post, there were attendees from all over the world. Not surprisingly, most of the attendees were from the US (241), followed by Canada (11). Germany, India, and Switzerland rounded out the top five with 9, 8, and 7 attendees respectively. Attendees from India (5), Thailand (3), and Korea (3) showed IIW's diversity with attendees from APAC. And there were 4 attendees from South America this time. Sadly, there were no attendees from Africa again. Please remember we offer scholarships for people from underrepresented areas, so if you'd like to come to IIW39, please let us know. If you're working on identity, we want you there.

For states and provinces, California was first with 122. Washington (16), Utah (10), Texas (10) and New York (10) rounded out the top five. San Francisco (14) Oakland (13), San Jose (12), Seattle (11), and New York (9) were the top cities.

In addition to sessions, we have a demo hour on Wednesday that is a little like speed dating. There were 20 different projects highlighted. There's always more than one session that I want to attend in any given time slot and choosing is hard. That's a common refrain. Luckily we have sessions notes that we publish in a Book of Proceedings.

Here's pictures from all three days courtesy of Doc Searls

You belong at IIW! IIW is where you will meet people to help you solve problems and move your ideas forward. Please come! IIW 39 will be held October 29-31, 2024 at the Computer History Museum. We'll have tickets available soon.

Tags: identity iiw

Summary: We know that LLMs hallucinate. And we know that we can overcome some of that problem with better prompts. But can LLMs provide references for their work? I conducted an experiment.

Recently my friend Scott Mace asked this on X in response to a post about the evolution of software and how LLMs will likely follow that same trajectory:

Yes, but how trustworthy will it be? Can I at least see the links it used to create its response?

From X
Referenced 2024-05-21T18:09:06-0400

The short answer is "no", but the real answer is a bit more nuanced because of how LLMs like ChatGPT work. First the short answer: LLMs don't understand what they're saying so they can't reference the material that it used to create a response. They don't work like that. They don't go out, do a bunch of research and then create a response. Instead lots (and I mean LOTS) of material is fed into the program that creates the model, a multi-dimensional matrix of word orders. Then when you ask a question ("give it prompt" in LLM-speak), it processes the question and generates text based on the probabilities of words in its model¹. There's no way it can satisfy Scott directly because the model doesn't—can't, as far as I know—include the references that it used to create the text because it's generating it on the fly from material that has been thoroughly blended together.

But, in fairness, that's not what people do most of the time either. If you asked me over lunch or at the end of a tech presentation to describe zero trust and its pros and cons, I'd start talking. I wouldn't start looking up things on the web and somehow weave them into text complete with references. I'd go look for references if you asked me to back up something I said. So, let's try that with ChatGPT 4o. I gave it the following prompt:

You are a writer for a website focusing on technology. Your specialty is security. Write a 150 word explanation of zero trust with three pros and three cons.

ChaptGPT answered with this text:

Zero Trust is a security model based on the principle of "never trust, always verify." Unlike traditional security models that assume everything inside the network is safe, Zero Trust assumes that threats can exist both inside and outside the network. It requires strict identity verification for every user and device attempting to access resources, regardless of their location.

Pros:

1. Enhanced Security: By continuously verifying users and devices, Zero Trust reduces the risk of breaches and unauthorized access.
2. Minimized Attack Surface: It limits access to only what is necessary, reducing potential entry points for attackers.
3. Improved Compliance: Helps meet regulatory requirements by ensuring strict access controls and logging all access attempts.

Cons:

1. Complex Implementation: Deploying Zero Trust can be complex and time-consuming, requiring a significant overhaul of existing systems and processes.
2. Increased Costs: The initial investment in technology and training can be high.
3. User Experience Impact: Continuous verification can lead to friction and inconvenience for users if not implemented smoothly.

Zero Trust is essential for modern cybersecurity, but it requires careful planning and resources to implement effectively.

That's pretty good. But what if we need some references to other material to back up the pros and cons? I asked ChatGPT to supply them:

Now repeat that task, but this time include references as hyperlinks to back up each pro and con.

ChaptGPT answered with this text:

Zero Trust is a security model based on the principle of "never trust, always verify." Unlike traditional security models that assume everything inside the network is safe, Zero Trust assumes that threats can exist both inside and outside the network. It requires strict identity verification for every user and device attempting to access resources, regardless of their location.

Pros:

1. Enhanced Security: By continuously verifying users and devices, Zero Trust reduces the risk of breaches and unauthorized access (CSO Online).
2. Minimized Attack Surface: It limits access to only what is necessary, reducing potential entry points for attackers (NIST).
3. Improved Compliance: Helps meet regulatory requirements by ensuring strict access controls and logging all access attempts (Gartner).

Cons:

1. Complex Implementation: Deploying Zero Trust can be complex and time-consuming, requiring a significant overhaul of existing systems and processes (Forrester).
2. Increased Costs: The initial investment in technology and training can be high (ZDNet).
3. User Experience Impact: Continuous verification can lead to friction and inconvenience for users if not implemented smoothly (TechRepublic).

Zero Trust is essential for modern cybersecurity, but it requires careful planning and resources to implement effectively.

That looks great! Nice references for each bullet. There's just one problem. All the links, except the NIST reference, are dead. I don't know if they're wrong, made up, or stale. I tried finding content on a few of the sites by searching and came up dry. As I heard Johannes Ernst say once, ChatGPT is a "large language model" not a "large fact model" and this bears that out.

Still, asking for references or evidence for statements is something people are going to want. So, I tried a different tack. This time I asked this:

Why do you say complex implementation is a problem for zero trust? Can you give me a few references on that I can read myself?

ChatGPT responded with this:

Implementing a Zero Trust security model can be challenging for several reasons:

1. Overall Complexity: Zero Trust requires a comprehensive understanding of your network's intricacies, including users, devices, applications, and data. This can involve significant changes to existing infrastructure, which can be disruptive and costly. Organizations need to be prepared for the extensive planning and resources required for successful implementation​ (Help Net Security)​​ (Enterprise Networking Planet​).
2. Legacy Systems: Many organizations have legacy systems that are not designed to operate within a Zero Trust framework. These systems might require different security measures or even complete replacement, adding to the complexity and cost (Help Net Security)​​ (Enterprise Networking Planet​)
3. Cultural Shift: Zero Trust is not just a technological shift but also a cultural one. It requires continuous verification and strict access controls, which can lead to user frustration and resistance if not managed properly. Ensuring user buy-in and minimizing disruption to workflows through training and communication is essential (Deloitte United States)​​ (Guidehouse).
4. Resource Intensive: Implementing and maintaining Zero Trust can put a strain on IT resources due to the need for continuous monitoring and management. The need for advanced security tools and ongoing updates further adds to the resource demands (Help Net Security)​​ (Enterprise Networking Planet​).
5. Stakeholder Alignment: Achieving buy-in from all stakeholders and aligning them with the Zero Trust principles is critical. This requires a coordinated effort to educate stakeholders, prioritize gaps, and ensure consistent understanding and application of Zero Trust principles across the organization (Deloitte United States)​​ (Guidehouse).

These challenges highlight the importance of a phased and well-planned approach to Zero Trust implementation, considering both technological and human factors. For more detailed insights, you can refer to articles from Help Net Security and Guidehouse.

Much better. The links in the bullets all work, but the ones at the end don't. The articles it references aren’t very detailed, so I wouldn’t say they’re stellar references, but at least there’s a pointer to outside material that discusses similar challenges. So, partial success.

I've found that when you're using ChatGPT to do research, treating it like a librarian and asking questions that follow up are the best way to gain confidence that the material is correct and find the supporting material, just as I did above. I'm sure you could wrap additional helper functions around an LLM to make getting references easier. But for now interrogation through chat is the best way to get comfortable with the results.

Notes

1. Yeah, this is really simplified and thus wrong, but it's directionally correct. For a better explanation, see What Is ChatGPT Doing … and Why Does It Work?.

Photo Credit: Older Man Talking to Robot Librarian from DALL-E (public domain) Prompt: draw me a rectangular picture of an older man talking with a robot librarian. Use earth tones.

Tags: genai llm chatgpt prompt+engineering

Summary: In session after session, attendees at EIC are hearing the message that decentralized identity is the answer to their identity problems.

I'm at European Identity Conference (EIC) this week. I haven't been for several years. One thing that has struck me is how much of the conversation is about decentralized identity and verifiable credentials. I can remember when the whole idea of decentralized identity was anathema here. The opening keynote, by Martin Kuppinger is Vision 2030: Rethinking Digital Identity in the Era of AI and Decentralization. And all he's talking about is decentralized identity and how it's at the core of solving long standing identity problems. Another data point: Steve McCown and Kim Hamilton-Duffy ran a session this morning called Decentralized Identity Technical Mastery which was a hands-on workshop. The rather large room was packed—standing room only.

I attended a couple of sessions on decentralized identity where I didn't know the companies, the speakers, or the specific platforms they were using. The space is too big to keep track of anymore. Identity professionals who were ignoring, or talking down, decentralized identity a few years ago are now promoting it.

This truly feels like a tipping point to me. At IIW, it's identity geeks talking with other identity geeks, so it's no surprise to see lots of discussion about new things. EIC is a different kind of conference. There are about 1000 people here I'd guess. Most of them aren't working on new standards or open source projects. Instead they're the folks from companies who come to conferences like EIC to learn how to solve the problems their organization is facing.

In the keynotes and in numerous sessions, the message that they're hearing is "decentralized identity will solve your problems." Martin closed his talk with the proclamation that "decentralized identity is the new paradigm for identity."

Photo Credit: Credential Tipping Point by DALL-E (public domain) Prompt: Draw a rectangular picture that shows a credential at a tipping point. Make the credential look like a lifelike credential, include cartoon picture, and some writing. Use bright friendly colors.

Tags: identity ssi decentralized+identity verifiable+credentials

Summary: What is decentralized identity and why is it important? My attempt at a simple explanation.

In Yeah, yeah, yeah, yeah, yeah, nah, Alan Mayo references my recent blog post, Decentralized Identity Comes of Age, and says:

My challenge to the decentralization community is for them (someone) to explain how it works in relatively simple and reasonable terms. I say relative because identity is not simple, so we should not expect simple solutions.

This post is my attempt to do that for Alan and others.

Identity is how we recognize, remember, react to, and interact with other people, organizations, and services. Put another way, identity is about relationships. Online we suffer from a proximity problem. Since we're not near the parties we want to have relationships with, our natural means of recognizing, remembering, and interacting with others can't be used. Digital identity systems are meant to provide us with the means of creating online relationships.

Traditional identity systems have not served us well because they are owned and controlled by companies who build them for their own purposes. The relationships they support are anemic and transactional. We can't use them for any purpose except what their owner's allow.

Decentralized identity systems¹ on the other hand allow you to create online relationships with any person, organization, or service you choose and give you the tools to manage and use those relationships. They help you recognize, remember, react to, and interact with them. The most important tool is a decentralized identity wallet. The world of decentralized identity wallets is still young, but organizations like the Linux Foundation's Open Wallet Foundation give me hope that useful, interoperable wallets are a tool we'll all be able to use soon. They are as foundational to decentralized identity as a browser is to the web.

Besides helping you manage peer-to-peer relationships with others online, wallets hold verifiable credentials, the digital analog to the credentials and cards you carry in a physical wallet. One of the most important aspects of digital relationships is providing information about yourself to those you interact with. Sometimes that information can come from you—it's self-asserted—but many times the other party wants to reliably know what others say about you. For example, if you establish a banking relationship, the bank is legally obligated to verify things like your name and address independent of what you say. Decentralized identity wallets allow you to prove things about yourself using credentials others provide to you. At the same time, they protect your privacy by limiting the information disclosed and forgoing the need for the party you're interacting with to directly contact others to verify the information you provide.

In summary, decentralized identity systems allow you to create digital relationships with other parties independently, without relying on any other organization or service. These relationships are direct, private, and secure. They also provide the means for you to prove things about yourself inside these relationships so that even though you're operating at a distance, you and the other party can have confidence in the relationship's authenticity.

How Does It Work

The preceding paragraphs say what decentralized identity is, and provide its benefits, but don't say how it works. Alan and others will likely want a few more details. Everything I describe below is handled by the wallet. The person using the wallet doesn't need to have any more knowledge of how they work than the operator of a browser needs to understand HTTP and HTML.

The foundation of a peer-to-peer, decentralized online relationship is an autonomic identifier like a peer DID. Identifiers are handles that someone else can use to identify someone or something else online. Peer DIDs can be created by a wallet at will, they're free, and they're self-certifying (i.e., there's no need for a third party). A relationship is created when two identity wallets create and exchange peer DIDs with each other on behalf of their owners. Peer DIDs allow the parties to the relationship to exchange private, secure messages.

There are four primary interaction patterns that wallets undertake when exchanging messages:

1. DID Authentication which uses the DIDs to allow each party to authenticate the other
2. Single-Party Credential Authorization where the same party issues and verifies the credential.
3. Multi-Party Authorization where the credential issuer and verifier are different parties.
4. Generalized Trustworthy Data Transfer which uses a collection of credentials to aid the wallet owner in completing online workflows.

Verifiable credentials make heavy use of cryptography to provide not only security and privacy, but also confidence that the credential data is authentic. This confidence is based on four properties a properly designed credential presentation protocol provides:

1. The identifier of the credential issuer
2. Proof that the credential is being presented by the party is was issued to
3. Proof that the credential has not been tampered with
4. The revocation status of the credential

The credential presentation can do all this while only disclosing the information needed for the interaction and without the verifier having to contact the credential issuer. Not having to contact the issuer ensures the credential can be used in situations with poor connectivity, that the issuer needn't be online, and preserves the credential subject's privacy about where the credential is being used.

A properly designed credential exchange protocol has four important properties:

1. The system is decentralized and contextual. There is no central authority for all credentials. Every party can be an issuer, an owner, and a verifier. The system can be adapted to any country, any industry, any community, any set of credentials, any set of trust relationships.
2. Issuers are free to determine what credentials to issue and whether or not to revoke them.
3. Wallet owners are free to choose which credentials to carry and where and when they get shared. While some verifiers require a specific credential—such as a customs agent requiring a passport—others will accept a range of credentials. Therefore owners can decide which credentials to carry in their wallet based on the verifiers with whom they interact.
4. Verifiers make their own decisions about which credentials to accept. For example, a bar you are trying to enter may accept any credential you have about your date of birth. This means some credentials (e.g., passports, driving licenses, birth certificates) may be much more useful than just for the original purpose for which they were issued.

These properties make a decentralized identity system self sovereign.

Why is Decentralized Identity Important?

Decentralized identity systems are designed to provide people with control, security, and privacy while enhancing the confidence we have in our online relationships. Some time ago, I wrote the following. I think it's an apt way to close any discussion of decentralized identity because unless we keep our eyes on the goal, we'll likely take shortcuts in implementation that fail to live up to their promise.

Presently, people don't have operational relationships anywhere online.² We have plenty of online relationships, but they are not operational because we are prevented from acting by their anemic natures. Our helplessness is the result of the power imbalance that is inherent in bureaucratic relationships. The solution to the anemic relationships created by administrative identity systems is to provide people with the tools they need to operationalize their self-sovereign authority and act as peers with others online. Peer-to-peer relationships are the norm in the physical world. When we dine at a restaurant or shop at a store in the physical world, we do not do so under the control of some administrative system. Rather, we act as embodied agents and operationalize our relationships, whether they be long-lived or nascent, by acting for ourselves. Any properly designed decentralized identity system must provide people with the tools they need to be "embodied" in the digital world and act autonomously.

Time and again, various people have tried to create decentralized marketplaces or social networks only to fail to gain traction. These systems fail because they are not based on a firm foundation that allows people to act in relationships with sovereign authority in systems mediated through protocol rather than by the whims of companies. We have a fine example of a protocol mediated system in the internet, but we've failed to take up the daunting task of building the same kind of system for identity. Consequently, when we act, we do so without firm footing or sufficient leverage.

Ironically, the internet broke down the walled gardens of CompuServe and Prodigy with a protocol-mediated metasystem, but surveillance capitalism has rebuilt them on the web. No one could live an effective life in an amusement park. Similarly, we cannot function as fully embodied agents in the digital sphere within the administrative systems of surveillance capitalists, despite their attractions. The emergence of self-sovereign identity, agreements on protocols, and the creation of metasystems to operationalize them promises a digital world where decentralized interactions create life-like online experiences. The richer relationships that result from properly designed decentralized identity systems promise an online future that gives people the opportunity to act for themselves as autonomous human beings and supports their dignity so that they can live an effective online life.

Notes

1. I prefer the term self-sovereign to decentralized because it describes the goal rather than the implementation, but I'll stick with decentralized here. All self-sovereign identity systems are decentralized. Not all decentralized identity systems are self-sovereign.
2. The one exception I can think of to this is email. People act through email all the time in ways that aren't intermediated by their email provider. Again, it's a result of the architecture of email, set up over four decades ago and the culture that architecture supports.

Photo Credit: Young Woman Using a Wallet from DALL-E (public domain) Prompt: draw a rectangular picture of a young woman using a wallet.

Tags: identity ssi decentralized+identity verifiable+credentials