DID Industry Research Report: How You Can Prove You Are Who You Are

Identity management (ID) is an integral part of computer technology infrastructure, but because of its simplicity and ubiquity, it is often taken for granted and ignored. Just like in life, we are born with an identity by default. However, once we lose our IDs or, like in the Bourne Age movies, the protagonists are stripped of their identities by the government, we will find it impossible to move.

Just as ID is a basic part of life in the real world, ID technology is also the infrastructure of computers. When we turn on the computer, the first step is to enter the user name and password to log in to the system. When we visit any website, most operations need to enter the user name and password.

Since human society entered a civilized society, most countries in the world have established a complete identity management system. ID card or driver’s license or social security number for domestic use, and passport for international travel. The Internet probably followed the same development path:

From the anonymous era of “no one on the Internet knows that the other party is a dog” in 1996, it has developed to the real-name social networking era after the establishment of Facebook in 2004. The Internet has also developed from an information acquisition means to an important work efficiency means such as e-commerce and e-government.

It can be predicted that the blockchain will also develop from the current state of complete anonymity to the real-name stage supported by the DID decentralized identity (Decentralized Identity) in the next cycle. The blockchain has so far lacked support for user identity, so it has been over-financialized and unable to enter practical scenarios. And, just as the Internet has grown, the utility of the network platform effect in the case of user-controlled sharing is much higher than that of a mechanism controlled entirely by corporations (as in Facebook) or entirely public by governments (as in roads).

Of course, IDs include not only people, but also various subjects. For example, companies have business licenses and DUNS® codes, and mobile phones have mac addresses. We can collectively call these subjects.

Therefore, when we use the term ID, we should be careful, some people think that the ID is only issued by an authority, and some people think that any organization can issue an ID that is certified by itself. The DID discussed in this article is an ID in a broad sense. For example, a public key pair generated by the user can be used as an ID.

In fact, any user is already using DID, because the first step for a user to enter the crypto world is to generate a wallet. On the Bitcoin chain, your Bitcoin address is a DID of yours (Bitcoin’s design is not friendly, because Each transaction changes the address to protect privacy); on Ethereum, each user has a DID with a public key as the address. Regardless of the broad or narrow ID, the ID must be unique within a certain scope (namespace), and the meaning of generating the ID is generally bound to a certain usage environment (context).

ELL9KL8BBqokmp5CJ3XPZihPocDBWtjzjb6EJWM3.png

A concept that is closely related but not necessarily related to DID is Verified Credential (VC). VC represents a credential issued by a centralized subject (issuer) to a subject (subject). Traditionally, because this certificate cannot be authentic, the issuer must provide corresponding query and verification services, such as: the Ministry of Education of China provides a website for academic qualification query and verification services.

Therefore, if the query and verification must be carried out offline, it is not convenient, it will stimulate the forgery of certificates and affect the efficiency of the use of the certificate; if the issuer stops providing services, it will affect the use of the certificate; if the certificate has an expiration date and often needs to be updated, it will be more troublesome .

However, if the certificate is based on encryption technology, the certificate can be signed by the digital signature of the issuer, and the verification can be carried out independently with the support of encryption algorithm mathematics, and the subject can put the VC into its own digital storage medium (repository, Including wallet), which is provided to a third party (verifier) ​​for viewing and verification when needed.

Although the w3 protocol clearly states that the DID protocol and its VC protocol are completely separate and can exist independently, its DID assumes that the public key pair generated by the user must be used in conjunction with the VC issued by the authority. The public key pair in w3’s DID protocol only exists as a supporting part of the DID architecture, which is used to link different VCs owned by a user, and to decouple VC query, verification, and display the dependence on the issuing authority.

Moreover, the existence of DID does not require a blockchain, and the DID address resolution and data registration supported by blockchain technology are only part of the DID ecosystem. However, the authors of this paper argue that, as part of a digitally native Metaverse, a subject can exist completely independent of the VC, independent of the VC based on the subject’s Metaverse behavior. Just like in the DeFi boom, a large number of users participate in DeFi interaction according to the public key address as the DAPP account system. Although it is inconvenient, users still communicate through wallet address tags such as Nansen.

In my opinion, a large number of application scenarios such as NFT, gameFi, and DeFi in the encrypted world provide sufficient market application scenarios for native DID and corresponding on-chain reputation. These differences in design philosophies have resulted in very different DIDs for w3 and DIDs for blockchain fundamentals. In view of the fact that the entire decentralized identity technology has just started, various technology schools need to learn from each other. The discussion in this article does not distinguish between w3 DID and blockchain native DID technology.

In addition, a subject can have multiple IDs, that is, a person can have multiple identities; persona is a relative concept, such as using an ID card in China and using a passport across borders, then passport and ID card are different persona relative to the same subject .

sOFrA5jg5vqXdsDCDEKRKJIDR1PyvRIDd9WWdlTF.png

Concepts often associated with ID management also include authentication and authorization. Verification refers to the process in which a third party (verifier) ​​verifies the identity of the subject through the issuer or encryption algorithm;

After verifying the identity, the third party grants the subject the corresponding scope of rights according to its own policy. This process is called authorization. For a simple example, when we log in to a forum, the process of entering a user name and password is called verification. The website will grant us the corresponding rights to read and delete posts according to whether we are administrators or ordinary users. Policies governing user rights are often referred to as Access Control Lists (ACLs).

An ID can have many attributes (attributes), and a group of attributes can define roles (roles), so that administrators who provide ID application scenarios can easily define their own access control list (Access Control List) according to different attributes or roles. Grant (autherize) different IDs with different permissions. For example: Tom (subject) joined the company Big (issuer) on the first day, and received an ID of 66. His name Tom is an attribute, and the assigned job position is information administrator (roles), giving ( authorize) and the corresponding access rights (ACL) to the computer room.

Before the emergence of DID, all IDs were granted to a subject by a central subject (issuer) based on a certain policy (policy), and the central subject therefore had the right to grant or cancel the right of an individual to obtain an ID; sometimes, the central subject The subject must provide the corresponding authenticity check service for the third party (verifier) ​​(for example, after Tom changes jobs, the new employer wants to do a background check to verify whether Tom has really worked for Big). Therefore, the subject depends on the service of the issuer, and if the issuer stops the service or refuses the service, it will affect the subject’s right to use the ID.

We cannot underestimate the significance that DID brings to human beings, because human beings are social animals, and identity is the starting point of social relations, independent of the identity of the issuer. Freedom is the starting point of freedom. With identity, various rights including property rights can be discussed. Just like the right to use the website after registering an account. Establishing data ownership can only be discussed when we have an identity subject that is generated and used independently of any subject. Therefore, the design concept of DID is often referred to as Self-Sovereign Identity (SSI, Self-Sovereigh Identity).

Because there is no centralized identity issuer to provide query verification services, the biggest difference between DID and traditional ID management technology (IAM) is, who generates this ID? And how do you prove that you are yourself when you claim that you own or control the ID?

LPqnobQbqgdsQfwDt5XfwpphfwuuitcCkPJTEfiv.png

DID is the first time in human history that a subject can prove himself a technology.

DID self-generates a pair of public keys based on cryptography technology, the public key is used as its own ID, and the key is used as a proof that it controls the corresponding public key. In order to associate its own other centralized identities, if the issuer provides VC services, it can be very simple to associate by verifying the signature VC; if the issuer does not provide it, the subject can claim to have a centralized ID or chain Under the identity, and then through a third-party verification (attestation) service to associate.

Before we dive into the DID industry, let’s summarize, DID characteristics and terminology.

  • The subject represented by the ID can be a person, a company or any object; 
  • IDs must be unique within a namespace; 
  • The ID must have an issuer (the issuer or the Identity Provider in traditional IAM), and the issuer of the DID is the subject itself;
  • The issuer needs to provide query and verification services for the third party (verifier or Relying Party in traditional IAM), and the verification of DID is provided by the mathematical formula of the encryption algorithm;
  • A claim (claim or statement or assertion) includes a self-declaration or a third-party declaration, and a corresponding verification (verify or attest) mechanism needs to be provided; this verification mechanism is sometimes deterministic, for example, a person declares that he owns 1 Bitcoin , which can be verified by verifying whether he controls an address with more than one bitcoin; the verification mechanism is sometimes probabilistic, such as a person who declares that he has Java programming ability, this statement needs to be endorsed by former colleagues, although he has the proficiency of programming ability is a probability;
  • Identity inherently has scene characteristics, people use different identities (persona) in different scenes; and role (role) defines a set of attributes (attributes), representing a type of user who is authenticated (authenticate) is given different rights scope (ACL).
  • cNd1yLSBSrgYP55bz66WnHhM1vUNZ0YeAo47bOqB.png

Since the technologies of DID and VC are based on encryption algorithms, this provides room for the application of zero-knowledge proofs. When users need to verify their age and need to show their ID cards, they no longer need to worry that the verifier sees their home address by the way; when users need to prove that their assets meet certain conditions, they do not need to let the other party know the exact total amount of assets.

After sorting out these concepts, let’s study the DID industry in depth, and we will interspersed with the comparison of traditional ID management concepts. The following discussion is divided into several parts: DID’s application scenarios, DID’s technical architecture, DID’s challenges, DID’s industry companies, and our company’s design solutions.

Posted by:CoinYuppie,Reprinted with attribution to:https://coinyuppie.com/did-industry-research-report-how-you-can-prove-you-are-who-you-are/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2022-09-03 11:40
Next 2022-09-03 11:47

Related articles