SEDI Details for Identity Nerds
This post is a more technical follow-up to the post announcing the passing of SB 260 in Utah, establishing the principles for state-endorsed digital identity (SEDI). While SEDI does not mandate any particular technology, its mandated principles close the door for technologies that do not comply, and open the door for technologies that do. This article explores what SEDI makes technically possible, in compliance with SB 260 principles.
State-endorsed digital identity (SEDI) introduces numerous foundational principles for a government-sponsored digital identity system, several of which were covered in Utah Blazes New Trail for SSI: SEDI:
- “Endorse” vs. “issue” and “identity” vs. “credential”
- Sovereign control
- Guardianship
- Privacy & no surveillance
- State-of-the-art security
This post explores more technical and security principles enabled by SEDI that will be of interest to digital identity experts.
“Autonomic” Identifiers
SEDI doesn’t mandate any specific technology stack, but it does specify capabilities that are simply unachievable for most digital identity technologies. One foundational example is the requirement in lines (73) — (77) of the Utah bill, that individuals must first bring their “identity” to the state, after which it can be endorsed.
What kind of “identity” might that be? That will be specified as the details of Utah’s future identity program are fleshed out. As a Utah citizen and as an outside expert invited to consult on these new identity policies, I will push for stringent minimum standards for the security, utility, privacy, and autonomy of a digital identity to qualify for state endorsement. Needless to say, your social media login — or even your bank login — should not suffice.
One “identity” that meets my preferred standard is an “Autonomic Identifier” or AID, as first described in Dr. Samuel Smith’s seminal paper: Key Event Receipt Infrastructure (KERI).
Some of the capabilities enabled by an AID-powered SEDI ecosystem include:
BYOID (Bring Your Own Identifier) — In the digital realm, for an identity to be self sovereign, it must begin with a unique identifier that is under the sovereign control of an individual. When a state endorses an identity, in practice they are endorsing an identifier that an individual has brought to the state that is provably under the individual’s control.
Persistent Identifiers — When that individual moves their residence to another state (within the U.S., for example), necessitating a new identity endorsement from the new state, the old state can revoke their endorsement of the same identifier that the new state will be endorsing; the identifier is persistent. This is a KERI capability that is very different from most PKI-based systems where the identifier is a public key that is discarded upon rotation or revocation.
Reputation — This persistence creates a continuity for the individual to retain and build their digital reputation independent from any particular government endorsement. In fact, it would be inclusive of every endorsement they have ever had, and all their provable behaviors using those endorsements, no matter how many states or countries have given them past endorsements of identity. And it would be inclusive of non-state endorsements such as educational, work, or anything else, too.
Putting It All Together
A simple depiction of SEDI built on AIDs might look like this:
AIDs enable true self-sovereignty as the foundation, right where it belongs and where it provides the greatest utility for all aspects of digital life. State endorsement is also situated right where it belongs: as only one of many endorsements an individual may receive through their digital lifetime.
State-Issued ‘Jenga’
Conversely, building digital identity on top of a state-issued credential instead of a state-endorsed identifier lasts only until the state revokes that credential. An attached academic credential, for example, is lost when the individual moves from one state to another and obtains a new identity in the new state, and the old state revokes the now-obsolete issuance.
Look at this visually:
This is like a game of Jenga: pull out the state-issued ID — by moving from one state or country to another — and the whole stack falls down. When the state revokes the ID they’ve issued, you also lose everything cryptographically bound to it, and must start over.
Even if the old state kept their credential alive, there is no binding between old and new credentials, no way to build a growing, persistent reputation that connects a person to their cross-boundary behaviors in the digital world the same way a consistent legal name connects their behaviors across boundaries in the physical world.
Human-Friendly?
Autonomic identifiers cannot be human-friendly. Human-friendly namespaces require human management, recurring cost, and have scarcity problems like cybersquatting, or missing the opportunity to register Timothy.com or timothy@gmail; the 1,000th Timothy won’t have much of a selection. AIDs are long random strings of letters and numbers, and are so incredibly random it would take a million computers a million years to guess one, which ensures universal uniqueness and brings a strong measure of security.
AIDs have cryptographic properties, so we can prove control over them in the digital realm and recover control when keys are compromised. And keys *will* get compromised (see “Expected Compromise” below). Without these special mathematical properties, they’d be just letters and numbers anyone can copy and use to impersonate, like a social security number.
Many Identifiers
In real life, we have identifiers that are public — our legal names — that typically remain constant throughout our lives. We use these identifiers to build reputations over time, as patterns of behaviors accumulate that are associated with them. With SEDI, the identifier that is endorsed by the state will work in the same manner: it will be persistent, and as public as one chooses to make it, used and disclosed (always under the hood) whenever one might disclose their legal name.
In digital situations where one prefers to not use their legal name, there’s nothing in SEDI preventing that individual from using a completely different identifier, unrelated to their endorsed one. In fact there is no limit on how many different unique identifiers one may create and use for whatever purpose they choose; and each state can choose whether or not only one at a time can be officially endorsed (Utah allows only one physical identity at a time, and may do the same digitally).
Potential Security Advantages
SEDI’s architecture enables numerous critical security advantages that could be implemented:
Zero Trust — ”Never trust, always verify” is the ideal of zero trust. SEDI can not only embrace zero trust, it can enable true zero trust, which does away with all shared secrets, described briefly below.
No Shared Secrets — SEDI doesn’t employ bearer tokens, symmetric keys, or phishable passwords, unless they are used in conjunction with digital signatures. (Pins and passwords can be helpful when used in addition to digital signatures or physical keys)
Anti-fragile — A breach of one person or system does not facilitate the breach of the entire system or another connected one, as with most current digital identity systems, which are predicated on shared secrets and perimeter security. With SEDI, most breaches can be detectable, preventable, and recoverable.
Expected Compromise — Key compromise should be expected and anticipated — and not surprising and catastrophic — in addition to robust prevention and detection capabilities, bringing powerful means for recovery.
Multi-signature — Keys and credentials can be protected with m-of-n weighted multi-signature capabilities, enabling creative familial, professional, and social protection and recovery schemes.
Mutual authentication — Individuals could authenticate each other, in any setting. For example, a citizen could authenticate a police officer as readily as a police officer can authenticate the citizen. Any person, organization, or thing claiming authority from the state could be instantly verified to have the claimed authority.
Artificially Intelligent Agents (“Agentic AI”)
IBM predicts that 2025 may be “the year of the AI agent”, and the CEO of Microsoft predicts that agentic AI will “replace all software.” Whether that happens or not, AI agents are coming and will soon affect the way we interact with organizations of all kinds. This can take the form of you interacting with some organization’s agent, some organization interacting with your agent, or two AI agents interacting with each other.
SEDI paves the way for verifying that an AI agent has the delegated authority it claims to have, and constraining what an agent is authorized to do. SEDI enables authority to be delegated to people, organizations, and things, and AI agents are things. SEDI is uniquely well suited for controlling, securing, and navigating a world of ubiquitous AI agents.
Many don’t like the idea of having to deal with AI agents in any form, and I can’t blame them. But like the digital transformation itself, that world is coming whether we like it or not, and the more controls and constraints we can have for it, the better.
Comprehensive Digital Identity
In sum, SEDI enables a cohesive, comprehensive digital identity system for a state or for any other ecosystem. It requires no proprietary platforms, products, or providers, though it doesn’t preclude their participation, and requires no shared or trusted intermediaries or blockchains. Through robust guardianship, delegation, and multi-sig, it extends digital capabilities to populations that have been previously excluded: minors (including infants), the elderly, disabled persons, homeless persons, migrants, and any other population. And it does this while maximizing individual autonomy and control over one’s data, with powerful means for consent, and numerous breakthroughs in security.
In short, SEDI heralds a new era of utility, security and autonomy for comprehensive digital identity ecosystems, and I am proud of my home state of Utah for introducing it to the world.
