Difference between revisions of "Distributed ID"

From MgmtWiki
Jump to: navigation, search
(References)
(Problems)
Line 15: Line 15:
 
* DID are designed to be tied to a did method (e.g. Sovrin) which means that a life-long ID requires life-long methods with no means to migrate, even when the method dies out or is proven defective.
 
* DID are designed to be tied to a did method (e.g. Sovrin) which means that a life-long ID requires life-long methods with no means to migrate, even when the method dies out or is proven defective.
 
* DIDs are designed to come with all sorts of attributes and service points of that particular user. It is highly unlikely that this can be accomplished without leaking the real identity of the user (subject of the DID.)
 
* DIDs are designed to come with all sorts of attributes and service points of that particular user. It is highly unlikely that this can be accomplished without leaking the real identity of the user (subject of the DID.)
 +
* [[Assurance]] is mentioned only one time in the DID core spec; as a goal. It is not further defined.
  
 
==Solutions==
 
==Solutions==

Revision as of 12:14, 2 February 2020

Full Title or Meme

A means to distribute the sources of Identifiers and Attributes while giving more choice to Users.

Context

Every one knows the problem with identities on the internet. They are not under the control of users, who are extremely interested in their own Identity and want their own Privacy.

Problems

  • The big problem is Trust where there are no standards or examples of any trust without a history of trusted behavior.
  • Proof of Persistent Identity must be provided. This can be little more than the inclusion of a public key in a block chain, but that cannot provide any Assurance of protection of the Credential.
  • DID are designed to be tied to a did method (e.g. Sovrin) which means that a life-long ID requires life-long methods with no means to migrate, even when the method dies out or is proven defective.
  • DIDs are designed to come with all sorts of attributes and service points of that particular user. It is highly unlikely that this can be accomplished without leaking the real identity of the user (subject of the DID.)
  • Assurance is mentioned only one time in the DID core spec; as a goal. It is not further defined.

Solutions

References

  1. Decentralized Digital Identities and Blockchain perspective from Microsoft
  2. Decentralized Identifiers (DIDs) v1.0 Core Data Model and Syntaxes
    Decentralized identifiers (DIDs) are a new type of identifier to provide verifiable, decentralized digital identity. These new identifiers are designed to enable the controller of a DID to prove control over it and to be implemented independently of any centralized registry, identity provider, or certificate authority. DIDs are URLs that relate a DID subject to a DID document allowing trustable interactions with that subject. DID documents are simple documents describing how to use that specific DID. Each DID document can express cryptographic material, verification methods, or service endpoints, which provide a set of mechanisms enabling a DID controller to prove control of the DID. Service endpoints enable trusted interactions with the DID subject.