Abstract
In recent years new laws in the UK and EU have imposed an obligation on internet services to protect the privacy of their users, and to restrict access to adult content based on age. Legislators have mandated outcomes, but they haven't provided a roadmap for developers to get there. So where does someone without a background in cryptography and data security turn for insight?
I've been a researcher in the field of Digital Identity for more than twenty years now, and in secure communications of one form or another for over thirty. There are plenty of commentators who'll share their opinions with you, I share code.
In this session I'll introduce you to: the foundational principles of privacy and secrecy; the cryptographic toolkit available in Go; the use of zero-knowledge proofs to ensure validity and correctness; practical techniques for managing data at rest and in transit; the trade-offs between centralised and decentralised architectures; how to link a Person with a Device; and how to prove that events have happened in the manner and order they were meant to without revealing Personally Identifiable Information.
By the end of the session you'll have seen examples of real-world Digital Identity systems and how they meet these needs, including Go code for how to implement their various component parts.
