Why we need Decentralized Identity

Decentralized identity refers to a system in which individuals have control over their personal information and can share it on their own terms. This is in contrast to centralized systems, in which a single entity, such as a government or corporation, holds and controls individuals’ personal information. Decentralized identity can improve privacy and security by giving individuals more control over their data, and can also enable new applications and services that are not possible with centralized systems. Additionally, it allows for the creation of self-sovereign identities, where individuals have full ownership and control over their personal identity data, and they can use it to interact with various services and organizations in a secure and private way.

What is a DID?

DID document is a valid JSON-LD object that uses the DID context (theReceiverDF vocabulary of property names) defined in the DID specification. This includes six components (all optional):

  • The DID itself, so the DID document is fully self-describing.
  • A set of cryptographic material, such as public keys, that can be used for authentication or interaction with the DID subject.
  • A set of cryptographic protocols for interacting with the DID subject, such as authentication and capability delegation
  • A set of service endpoints that describe where and how to interact with the DID subject.
  • Timestamps for auditing.
  • A optional JSON-LD signature if needed to verify the integrity of the DID document.

See the DID specification for several examples of DID documents.

DID methods have crud built in:

DID method specifications typically define at least the following operations for a particular target system:

  • Create: Some DID methods may generate a DID directly from a cryptographic key pair. Others may use the address of a transaction or a smart contract on the blockchain itself.

  • Read: Some DID methods use blockchains that can store DID documents directly on the blockchain. Others may instruct DID resolvers to construct them dynamically based on attributes of a blockchain record. Still others may store a pointer on the blockchain to a DID document stored in one or more parts on other decentralized storage networks such as IPFS or STORJ.

  • Update: The update operation is the most critical from a security standpoint because control of a DID document represents control of the public keys or proofs necessary to authenticate an entity (and therefore for an attacker to impersonate the entity). Since verification of DID document update permissions can only be enforced by the target blockchain, the DID method specification must define precisely how authentication and authorization are performed for any update operation.

  • Delete: DID entries on a blockchain are by definition immutable, so they can never be “deleted” in the conventional database sense. However they can be revoked in the cryptographic sense. A DID method specification must define how this termination is performed, e.g., by writing a null DID document.

Verifiable claims

A credential is a set of one or more claims made by the same entity. Credentials might also include an identifier and metadata to describe properties of the credential, such as the issuer, the expiry date and time, a representative image, a public key to use for verification purposes, the revocation mechanism, and so on. The metadata might be signed by the issuer. A verifiable credential is a set of tamper-evident claims and metadata that cryptographically prove who issued it.

Issuer

issuer is an entity that creates and issues verifiable credentials to users. Verifiable credentials are digital documents that contain information about a user’s identity or attributes. The issuer requests information from the user and verifies it before issuing the credential. The verifiable credential can then be presented to a verifier, such as a service provider, who can verify its authenticity using cryptography and other security mechanisms.

For example, an organization like Kloudone Inc. can act as an issuer in a decentralized identity system by creating and distributing verifiable credentials to its employees. An issuer can be thought of as a counterpart to a traditional identity provider or OpenID provider, who would typically issue identity tokens or assertions.

Overall, issuers play an important role in decentralized identity systems by creating and issuing verifiable credentials that can be used to authenticate users’ identities and attributes, while providing users with greater control and ownership over their identity data.

Verifier

Verifier is responsible for verifying the information provided by the walllet and deciding whether or not to grant access to a resource or service based on that information.the verifier generates a presentation request to the wallet, who then presents the credential to the verifier. After gathering user consent, the verifier checks the authenticity of the credential. Issuing organizations can provide fraud-proof credentials, while Verifier System can instantly check the authenticity of credentials, making the process more efficient.