- v0.1 - June 18, 2024 ATL DID Devs Meetup #1
- v0.2 - March 5, 2024 BTC Freedom Tech - Diving into Decentralized Identifiers (DIDs)
- A system of infrastructure and protocols where individuals or entities can create, manage, and control their digital identities without relying on a central authority.
- Leverages decentralized storage (e.g. blockchains, distributed hash tables) and cryptographic methods to store and retrieve information about entities.
- TLDR: Identifier CRUD enabling identity management without a trusted third-party (central authority).
Another way to ask this question is: "Why do I care?" or "What's in it for me?" (WFM)
1. Centralized Control is a Single Point of Failure
Problem
- Centralized identity systems rely on single authorities to issue and manage identities, creating single points of failure.
- These systems are vulnerable to breaches, outages, and misuse of power.
- Trusted Third Parties are Security Holes by Nick Szabo
Solution
- Decentralized identity distributes control across a network, eliminating single points of failure and reducing vulnerability to attacks and operational disruptions.
2. Lack of User Control Leads to Exploitation
Problem
- Centralized identity providers often collect, store, and control vast amounts of personal data, which can be sold, shared, or breached without the individual's consent. Users have limited control over their own data.
Solution
- DIDs allow individuals to own and control their digital identities and personal data.
- Users decide what information to share, with whom, and for how long, enhancing privacy and data ownership.
3. Lack of Privacy
Problem
- Centralized identity systems require users to share more personal information than necessary, reducing or eliminating any / all privacy.
- The collection of this unnecessary data leads to increased risk of data breaches.
Solution
- Decentralized identity uses minimal disclosure principles, allowing users to share only the necessary information for a specific transaction or interaction.
- This enhances privacy and reduces the risk of data exposure.
4. Fragmented Identity Management
Problem
- Users often have to create and manage multiple identities across different platforms and services, leading to fragmented and inconsistent identity information.
Solution
- Decentralized identity enables a single, portable identity that can be used across various services and platforms.
- This simplifies identity management and provides a consistent identity experience.
5. Inefficiency in Verification Processes
Problem
- Verifying identity claims often involves cumbersome processes, including contacting issuers and intermediaries, which can be time-consuming and prone to errors.
Solution
- Decentralized identity leverages verifiable credentials that can be independently verified without needing to contact the issuer.
- This streamlines the verification process, making it faster and more reliable.
6. Security Vulnerabilities
Problem
- Traditional identity systems often rely on weak authentication methods, such as passwords, which are susceptible to breaches and attacks.
Solution
- Decentralized identity uses cryptographic methods for secure authentication, reducing reliance on passwords and enhancing overall security.
- Public-private key pairs provide robust authentication mechanisms.
7. Interoperability Issues
Problem
- Centralized identity systems are often siloed and incompatible with each other, hindering seamless interaction across different platforms and services.
Solution
- Decentralized identity standards promote interoperability, allowing identities to be used across various systems, platforms, and jurisdictions.
- This fosters a more connected and seamless digital ecosystem.
8. Trust and Transparency
Problem
- Centralized identity systems can lack transparency and trust, as users must rely on third parties to manage their identity information.
Solution
- Decentralized identity systems are built on transparent, decentralized networks, where trust is established through cryptographic proofs and consensus mechanisms.
- This enhances trust and reduces reliance on third parties.
9. Individual Empowerment
Problem
- Centralized identity systems often limit individuals' control over their own identities and data, leading to disempowerment.
Solution
- Decentralized identity empowers individuals by giving them full control over their digital identities and personal data.
- This aligns with the principles of self-sovereign identity, promoting user autonomy and agency.
The key components of a decentralized identity system have been outlined via specifications by multiple 3rd party standards organizations.
- World Wide Web Consortium (W3C)
- Decentralized Identity Foundation (DIF)
The W3C has a did-explainer document that outlines all of these parts in detail.
- Unique identifiers created, owned, and controlled by the user.
- https://www.w3.org/TR/did/upcoming/#a-simple-example
-
There are a number of different did-method specifications that have been defined over the years. Each have trade offs.
-
DID Methods List: https://decentralized-id.com/web-standards/w3c/decentralized-identifier/did-methods/
-
Defines the storage location / network where CRUD actions are taken on identifiers.
-
These storage locations are typically decentralized (e.g. DLT, Blockchain, DHT, CAS / IPFS).
-
CRUD actions are Create, Read, update, and deactivate identifiers on a specific storage network.
-
Examples of DID Methods that leverage the Bitcoin blockchain as the storage location / network.
- did:btcr circa August 2019. The Bitcoin Reference method supports DIDs on the public Bitcoin blockchain.
- did:ion by Microsoft circa June 2020. The Identity Overlay Network is an open, public, permissionless Bitcoin "Layer 2".
- did:btco circa June 2023. Leverages Bitcoin Ordinal Theory and Inscriptions for CRUD ops.
- did:btc by Microstrategy circa 2024. Uses the bitcoin blockchain to store and retrieve DID information as witness data in UTXOs.
- did:btc1 by Digital Contract Design circa Sept 2024. Uses the Bitcoin blockchain as a Verifiable Data Registry to announce changes to the DID document
- https://www.w3.org/TR/did-core/#did-documents
- These contain public keys and service endpoints, stored on a particular storage location / network.
- Updates to did documents get stored in some way on the
- https://www.w3.org/TR/vc-data-model/#concrete-lifecycle-example
- Digitally signed claims that can be verified by others without contacting the issuer.
- https://identity.foundation/credential-manifest/#credential-manifest-2
- A specification designed to describe the criteria and requirements for issuing verifiable credentials.
- Provide a standardized way for issuers to communicate what types of credentials they offer, the required information for issuance, and the process involved.
- https://w3c-ccg.github.io/vp-request-spec/
- A way to bundle one or more verifiable credentials along with proofs, allowing an individual to present their credentials in a secure and verifiable manner.
- They enable the holder to prove claims about themselves to a verifier without the verifier needing to contact the credential issuer.
- New type of identifier that enables verifiable, self-sovereign digital identities
- Designed to be created, managed, and controlled by the individual or entity they represent
- Unlike traditional identifiers, such as email addresses, phone numbers or usernames, which are dependent on centralized authorities
Key features and components of DIDs:
- Decentralization
- No central issuing authority is required.
- DIDs can be generated independently by the user.
- Self-Sovereignty
- Users have complete control over their DIDs and the associated identity information.
- Interoperability
- DIDs can be used across different platforms, services, and systems.
- Security
- Use of cryptographic methods ensures the authenticity and integrity of the DIDs and associated data.
- Privacy
- Minimal disclosure of personal information, allowing users to share only what is necessary.
These can also be referred to as "protocols". There are different protocols that have been implemented from the W3C and DIF specifications.
- Web5
- Direct implementation of the W3C DID Core Specification
- Defined a new DID Method
did:dhtusing BitTorrent Mainline DHT for storage - Defined a new data structure to the core DIF specification called a Decentralized Web Node (DWN)
- Hypercore
- Did not implement the W3C DID Core Specification
- Implemented own specifications to create "a secure, distributed append-only log built for sharing large datasets and streams of real-time data"
- Uses DHT for Peer Discovery
- ATProtocol
- Implemented part of the W3C DID Core standards: DIDs
- Supports
did:webanddid:plcDID Methods - DID PLC is a DID Method developed by the social media app Bluesky that enables self-authenticating, strongly-consistent, recoverable DIDs that allow for key rotation.
- DID WEB is a W3C standard based on HTTPS (and DNS) where the identifier section is a hostname (e.g.
did:web:nonni.org)
- Pubky
- Uses DHT and Pkarr for decentralized routing & identity.
- Relies on homeservers for simple interoperable hosting and storage (similar idea to the DWN).s
- Pkarr uses DNS records to make public keys web addressable.
- Pear Built by Holepunch. A combined Peer-to-Peer Runtime, Development & Deployment tool that uses Hypercore.
- Keet Built by Holepunch. A Peer-to-peer chat app that uses Hypercore.
- Bluesky uses ATProtocol
- Impervious uses W3C standards
- Auth0 uses W3C standards
- Self-Sovereign Identity (SSI) is a set of technologies that move control of digital identity from third party “identity providers” directly to individuals; it promises to be one of the most important trends for the coming decades
- DIDs
- DIF
- TBD Web5
