Establishing Standards for Decentralized Identity

There are many organizations working to standardize and shape the field of decentralized identity. These are the key organizations:

• Decentralized Identity Foundation (DIF): An engineering-driven organization focused on developing the foundational elements necessary to establish an open ecosystem for decentralized identity and ensure interoperability between all participants.
• World Wide Web Consortium (W3C): The mission of the W3C Digital Identity Community Group is to identify and resolve real world identity issues, to explore and build a more secure trusted digital identity ecosystem on the internet for people, organizations, and things. Their work focuses on the ecosystem’s scalability, interoperability, mobility, security, and privacy.
• Internet Engineering Task Force (IETF): An open international community of network designers, operators, vendors, and researchers working on the evolution of the Internet architecture and the smooth operation of the Internet.

How Decentralized Identity Works

A decentralized identity system has these main elements:

1. Blockchain: A decentralized database that is shared among computers in the blockchain network that records information in a way that makes it very difficult to change, hack, or cheat the system.
2. Decentralized Identity Wallet: An app that allows users to create their decentralized identifiers and manage their Verifiable Credentials.
3. Decentralized Identifier (DID): A unique identifier on the blockchain made up of a string of letters and numbers that contains details like the public key and verification information.
4. Verifiable Credential (VC): A digital, cryptographically secured version of both paper and digital credentials that people can present to organizations that need them for verification. These are the main parties in the VC system:

• Holder: A user who creates their decentralized identifier with a digital wallet app and receives the Verifiable Credential.
• Issuer: The organization that signs a Verifiable Credential with their private key and issues it to the holder.
• Verifier: A party that checks the credentials and can read the issuer’s public DID on the blockchain to verify if the Verifiable Credential the holder shared was signed by the issuer’s DID.

The main parties in the Verifiable Credentials system are the holders, issuers, and verifiers.

Let’s go into more detail about how each of these elements works individually and then how they all work together.

Decentralized Identity on Blockchain

A blockchain is a digital database that records transactions across a network of computers. It is called a "blockchain" because it is made up of a chain of blocks that contain information about the transactions. Each block contains a list of transactions, and once it is added to the chain, the information in it cannot be altered (or it’s extremely difficult to alter). This makes the blockchain secure and transparent, and it is often used for things like cryptocurrency and online voting.

With Dock, only DIDs are registered on the blockchain, but no Verifiable Credential data is ever put on the blockchain for security and privacy.

Key features of a blockchain:

‍Security: Blockchain uses cryptography to ensure that once a block is added to the chain, it’s extremely difficult to alter, making the information stored in it secure.

Tamper-resistance: The blocks in a blockchain are linked together using a cryptographic function, making it difficult for any malicious actors to tamper with or alter the data stored in the blocks.  Once data is written on blockchain it is almost impossible to change, tamper or delete, providing trust and security to the data.

Decentralized: A blockchain is a decentralized system, meaning that it is not controlled by any one central authority or organization. This allows for a more democratic and transparent system.

Transparency: All the transactions are recorded in a public ledger, which can be viewed by anyone on the network, promoting transparency and accountability.

‍Trustless: Blockchain enables trustless transactions by using consensus algorithms, smart contracts and digital signatures, which eliminates the need for third party intermediaries.

Here is how each party uses the blockchain in a decentralized identity system:

• Holder: Owner of the Verifiable Credential (e.g. driver’s license) has their public DID on the blockchain.
• Issuer: The issuer’s public DID and associated public key is on the blockchain. When an issuer, like a licensing organization, provides a credential to a holder like a driver’s license, the issuer signs the credential with their private key.
• Verifier: A verifier like an on-demand driving company can check the blockchain to ensure that the licensing department that they trust did in fact issue the license and who it was issued to.

The blockchain allows everyone in the network to have the same source of truth about which credentials are valid and who authenticated the validity of the data inside the credentials. The blockchain establishes a basis of trust by maintaining a verifiable registry (or records) of:

• All DIDs
• Proof of credentials issued (if the credential is anchored to demonstrate proof of existence and authenticity)
• Public cryptographic keys (codes used to encrypt and decrypt information)
• Revocation registries

The identity information is not stored on the blockchain but rather on the holder’s digital wallet. The credentials issued using the Dock blockchain are stored off-chain, usually in someone’s decentralized digital wallet app.

What Are Decentralized Identifiers (DIDs)?

Dock's Solutions Architect Mike Parkhill explains how decentralized identifiers (DIDs) work and their importance.

A decentralized identifier (DID) is a way to identify yourself or something online without relying on a centralized company or organization. Imagine a phone number is like a centralized identifier because it is assigned to you by a phone company, and they keep track of who it belongs to.

A DID is like a personal phone number that you create, own, and control. You can use it to prove who you are online without having to rely on a third party. It's like having a digital passport that you can use on the internet, and it's not controlled by any one company or organization. It's simple to understand like a phone number you own and control.

Right now, most of us use centralized identifiers like emails, passwords, and user names to access websites, apps, and services. But these identifiers have often resulted in:

• Our personal information being hacked
• Identity theft
• Our data being shared with other parties without our knowledge
• Making it harder for someone to manage all of the logins
• Being at the mercy of service providers who can revoke these identifiers at any time

But DIDs solve many of these problems. A Decentralized Identifier (DID):

• Is a globally unique identifier made up of a string of letters and numbers that is like an identifying address on the blockchain and independent of any organization
• Enables a universally accepted standard for exchanging and verifying digital credentials
• Allows the owner to prove cryptographic control over them
• Comes with one or many private key and public key pairs
• Doesn’t contain personal data or wallet information
• Enables private and secure connections between two parties and can be verified anywhere at any time

去中心化身份建立标准

有许多组织正在致力于标准化和塑造去中心化身份领域。以下是关键组织：

• 去中心化身份基金会 (DIF)：一个以工程驱动为主的组织，专注于开发建立开放生态系统进行去中心化身份，并确保所有参与者之间的互操作性所需的基础元素。
• 万维网联盟 (W3C)：W3C数字身份社区小组的使命是识别和解决现实身份问题，探索并建立一个更安全的互联网数字身份生态系统，服务于人、组织和事物。他们的工作重点在于生态系统的可扩展性、互操作性、移动性、安全性和隐私性。
• 互联网工程任务组 (IETF)：一个由网络设计师、运营商、供应商和研究人员组成的开放国际社区，致力于互联网架构的演变和互联网的平稳运行。

去中心化身份的工作原理

去中心化身份系统有以下主要元素：

1. 区块链： 一个分散的数据库，在区块链网络中共享，以记录信息，使其难以更改、黑客攻击或欺骗系统。
2. 去中心化身份钱包： 一个应用程序，允许用户创建他们的去中心化标识符和管理其可验证凭据。
3. 去中心化标识符 (DID)： 由字母和数字组成的区块链上的唯一标识符，包含公钥和验证信息等详细信息。
4. 可验证凭证 (VC)： 人们可以向需要它们进行验证的组织提供的数字加密证明版本，用于证明纸质和数字证明的真实性和有效性。这些是 VC 系统中的主要参与方：

• 持有者： 使用数字钱包应用程序创建其去中心化标识符并接收可验证凭证的用户。
• 签发者： 用他们的私钥签署可验证凭证并向持有者发放凭证的组织。
• 验证者： 检查凭证并可以在区块链上读取发行者的公共 DID，以验证持有者共享的可验证凭证是否由签发者的 DID 签署。

可验证凭证系统的主要参与方是持有者、签发者和验证者。

现在，我们将深入探讨每个元素如何单独工作，然后再探讨它们如何相互配合。

区块链上的去中心化身份

区块链是记录跨计算机网络的交易的数字数据库。它之所以被称为“区块链”，是因为它由一系列包含有关交易信息的块组成。每个块包含交易列表，一旦添加到链中，其中的信息就无法更改（或极难更改）。这使得区块链安全和透明，通常用于像加密货币和在线投票之类的事情。

在 Dock 中，只有 DID 注册在区块链上，但 Verifiable Credential 数据从安全和隐私的角度来看，从未放在区块链上。

区块链的关键特点：

‍安全性： 区块链使用加密技术，确保一旦块添加到链中，极难更改，从而使存储在其中的信息安全。

防篡改性： 区块链中的块使用加密函数链接在一起，使任何恶意行为者难以篡改或更改块中存储的数据。一旦数据被写入区块链，就几乎不可能更改、篡改或删除，从而为数据提供了信任和安全。

去中心化： 区块链是一个去中心化的系统，意味着它不受任何一个中央机构或组织的控制。这允许一个更民主和透明的系统。

透明度： 所有交易都记录在公共账本中，任何人都可以在网络上查看，促进透明度和问责制。

‍无需信任： 区块链通过使用共识算法、智能合约和数字签名实现无需信任的交易，从而消除了第三方中介的需求。

以下是每个参与方在去中心化身份系统中如何使用区块链：

• 持有者： 拥有可验证凭证（例如驾驶执照）的所有者在区块链上拥有他们的公共 DID。
• 签发者： 签发者的公共 DID 和相关公钥存储在区块链上。当像颁发许可证这样的签发者向像驾驶执照这样的持有者提供凭证时，签发者用他们的私钥签署凭证。
• 验证者： 像一家即时驾驶公司这样的验证者可以检查区块链，以确保他们信任的颁发许可证部门确实颁发了许可证，以及颁发给谁。

区块链使网络中的每个人都可以获得关于哪些凭证是有效的以及谁认证了凭证中的数据的相同真实性来源。区块链通过维护可验证注册表（或记录）建立了信任基础，包括：

• 所有 DID
• 发行的证明凭证（如果凭证被锚定以证明存在和真实性的证明）
• 公共密码学密钥（用于加密和解密信息的代码）
• 吊销注册表

身份信息不是存储在区块链上，而是存储在持有者的数字钱包中。使用 Dock 区块链发行的凭证通常存储在某人的去中心化数字钱包应用程序中。

什么是去中心化标识符 (DIDs)？

Dock 的解决方案架构师 Mike Parkhill 解释了去中心化标识符 (DIDs) 的工作原理和重要性。

去中心化标识符 (DID) 是一种在线上标识自己或某些东西的方式，而不依赖于集中式公司或组织。想象电话号码就像集中式标识符，因为它是由电话公司分配给您的，他们跟踪它属于谁。

DID 就像您创建、拥有和控制的个人电话号码。您可以在互联网上使用它来证明自己的身份，而不必依赖第三方。它就像拥有一本可以在互联网上使用的数字护照，不受任何一家公司或组织的控制。它类似于您拥有和控制的电话号码，容易理解。

现在，我们大多数人使用像电子邮件、密码和用户名这样的集中式标识符来访问网站、应用和服务。但这些标识符常常导致：

• 我们的个人信息被黑客攻击。
• 身份盗窃。
• 我们的数据被分享给其他方而不知情。
• 使某人管理所有登录信息更加困难。
• 受到随时可以撤销这些标识符的服务提供商的支配。

但是 DIDs 解决了许多这些问题。去中心化标识符 (DID)：

• 是由字母和数字组成的全球唯一标识符，类似于区块链上的标识地址，独立于任何组织。
• 启用了一种在交换和验证数字凭证方面被广泛接受的标准。
• 允许所有者证明他们对其拥有加密控制权。
• 附带一个或多个私钥和公钥对。
• 不包含个人数据或钱包信息。
• 可以在任何地方、任何时间进行私密和安全的连接。