Difference between revisions of "Distributed ID"

From MgmtWiki
Jump to: navigation, search
(Problems)
(Context)
Line 9: Line 9:
 
** It also required the user to pre-register with one or more of those providers, typically one of the big social sites, like: Google, Microsoft or Facebook.
 
** It also required the user to pre-register with one or more of those providers, typically one of the big social sites, like: Google, Microsoft or Facebook.
 
* The current most common protocol for some sort of a [[Distributed Identity]] was [[OpenID Connect]] which included [[Self-issued Identifier]], but that feature of [[OpenID Connect]] had not been deployed in 2018.
 
* The current most common protocol for some sort of a [[Distributed Identity]] was [[OpenID Connect]] which included [[Self-issued Identifier]], but that feature of [[OpenID Connect]] had not been deployed in 2018.
 +
{| class="wikitable"
 +
|-
 +
| # || Goal|| Description || Status
 +
|-
 +
| 1 || Decentralization || Eliminate the requirement for centralized authorities or single point failure in identifier management, including the registration of globally unique identifiers, public verification keys, service endpoints, and other metadata.
 +
|-
 +
| 2 || Control || Give entities, both human and non-human, the power to directly control their digital identifiers without the need to rely on external authorities.
 +
|-
 +
| 3 || Privacy || Enable entities to control the privacy of their information, including minimal, selective, and progressive disclosure of attributes or other data.
 +
|-
 +
| 4 || Proof-based || Enable DID subjects to provide cryptographic proof when interacting with other entities.
 +
|-
 +
| 5 || Discoverability || Make it possible for entities to discover DIDs for other entities to learn more about or interact with those entities.
 +
|-
 +
| 6|| Interoperability|| Use interoperable standards so DID infrastructure can make use of existing tools and software libraries designed for interoperability.
 +
|-
 +
| 7 || Portability || Be system and network-independent and enable entities to use their digital identifiers with any system that supports DIDs and DID methods.
 +
|-
 +
| 8|| Patient's Credential || specialist || digital || this allows specialist to create a IAL2 proofing
 +
|-
 +
| 19 || Simplicity || Favor a reduced set of simple features to make the technology easier to understand, implement, and deploy.
 +
|-
 +
| 10 || Simplicity || Favor a reduced set of simple features to make the technology easier to understand, implement, and deploy.
 +
|-
 +
|}
  
 
==Problems==
 
==Problems==

Revision as of 11:55, 2 February 2020

Full Title or Meme

A means to distribute the sources of Identifiers and Attributes while giving more choice to Users.

Context

Every one knows the problem with identities on the internet. They are not under the control of users, who are extremely interested in their own Identity and want their own Privacy.

# Goal Description Status
1 Decentralization Eliminate the requirement for centralized authorities or single point failure in identifier management, including the registration of globally unique identifiers, public verification keys, service endpoints, and other metadata.
2 Control Give entities, both human and non-human, the power to directly control their digital identifiers without the need to rely on external authorities.
3 Privacy Enable entities to control the privacy of their information, including minimal, selective, and progressive disclosure of attributes or other data.
4 Proof-based Enable DID subjects to provide cryptographic proof when interacting with other entities.
5 Discoverability Make it possible for entities to discover DIDs for other entities to learn more about or interact with those entities.
6 Interoperability Use interoperable standards so DID infrastructure can make use of existing tools and software libraries designed for interoperability.
7 Portability Be system and network-independent and enable entities to use their digital identifiers with any system that supports DIDs and DID methods.
8 Patient's Credential specialist digital this allows specialist to create a IAL2 proofing
19 Simplicity Favor a reduced set of simple features to make the technology easier to understand, implement, and deploy.
10 Simplicity Favor a reduced set of simple features to make the technology easier to understand, implement, and deploy.

Problems

  • The big problem is Trust where there are no standards or examples of any trust without a history of trusted behavior.
  • Proof of Persistent Identity must be provided. This can be little more than the inclusion of a public key in a block chain, but that cannot provide any Assurance of protection of the Credential.
  • DID are designed to be tied to a did method (e.g. Sovrin) which means that a life-long ID requires life-long methods with no means to migrate, even when the method dies out or is proven defective.
  • DIDs are designed to come with all sorts of attributes and service points of that particular user. It is highly unlikely that this can be accomplished without leaking the real identity of the user (subject of the DID.)
  • Assurance is mentioned only one time in the DID core spec; as a goal. It is not further defined.

Solutions

References

  1. Decentralized Digital Identities and Blockchain perspective from Microsoft
  2. Decentralized Identifiers (DIDs) v1.0 Core Data Model and Syntaxes
    Decentralized identifiers (DIDs) are a new type of identifier to provide verifiable, decentralized digital identity. These new identifiers are designed to enable the controller of a DID to prove control over it and to be implemented independently of any centralized registry, identity provider, or certificate authority. DIDs are URLs that relate a DID subject to a DID document allowing trustable interactions with that subject. DID documents are simple documents describing how to use that specific DID. Each DID document can express cryptographic material, verification methods, or service endpoints, which provide a set of mechanisms enabling a DID controller to prove control of the DID. Service endpoints enable trusted interactions with the DID subject.